This is old news.
"Anything from anywhere, even if it's from a hijacked box in Korea, can forward
through our server as long as it has a 'totallybusticated@ISP.net' From: on it,
but if one of our own customers tries to send through the server with a From:
that says 'email@example.com' they can't even if they pass an SMTP AUTH
check and prove they're ISP.net's customer..."
And that's borked and wrong.