I just can't make myself change the address though... it'd be like letting them win.

As I've moved from undergraduate to graduate school to my current job, I've left .forward files pointing on to my new address. About two years ago, I killed them because all I was getting through them was spam. Now if you e-mail an old address of mine you get an automatic message telling you to find my new address. That helped a lot, as I used to maintain an FAQ that was widely mirrored through the Usenet FAQ archives, and thus widely spidered by evil spammers.

My frustrated friend is particularly concerned about the brand value he built behind his domain name as a consulting organization. He's actually posted a US$1000 bounty for information leading to successful prosecution of the guy using his domain name. Heaven only knows, the guy may not be specifically picking on him, but might be doing this to everybody's domain names.

So, back to my original question. To all you sysadms out there, if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?