 
            Another suggestion was that SMTP headers always contain the IP address. I've seen this in quite a few mailers already. All we need is a slight modification to the SMTP Receipt standard. This could be a Best Current Practice, quickly published!
Hm, this is already covered. RFC 1123 says: 5.2.8 DATA Command: RFC-821 Section 4.1.1 ... * The FROM field SHOULD contain both (1) the name of the source host as presented in the HELO command and (2) a domain literal containing the IP address of the source, determined from the TCP connection. ... DISCUSSION: Including both the source host and the IP source address in the Received: line may provide enough information for tracking illicit mail sources and eliminate a need to explicitly verify the HELO parameter. Thus, this is not a new suggestion (RFC 1123 is dated Oct 1989). Regards, - Håvard