This is old news.
"Anything from anywhere, even if it's from a hijacked box in Korea, can forward
through our server as long as it has a 'totallybusticated@ISP.net' From: on it,
but if one of our own customers tries to send through the server with a From:
that says 'firstname.lastname@example.org' they can't even if they pass an SMTP AUTH
check and prove they're ISP.net's customer..."
And that's borked and wrong.