I'm interested in hearing opionions as to whether you think the following solution is a valid use of Code Access Security:

Goal: Ensure all email sent through asp.net apps on a particular server have their addresses validated (for matching a correct address format and validated to ensure that no more than x addresses are put into the "to, cc, and bcc" fields. + a few other rules)

I've designed a small re-usable input validation class that is maintained in assembly "Validation". I then created a separate assembly for the email code called "EmailHelper".

I've used CAS to declaratively perform a link demand in the "EmailHelper" assembly that limits its callers to the "validation" assembly.
ie: <StrongNameIdentityPermissionAttribute(SecurityAct ion.LinkDemand, _
PublicKey:="0x0024blahblahblah005BDEB9EEF")> _

Doing this ensures that all messages sent through the EmailHelper assembly contain a limited number of recipients and each address is formatted correctly.

Yes, anyone can still just instantiate a new system.web.mail.mailMessage object so this "solution" doesn't really solve anything.. but.. it makes consisent validation easy to achieve(and my real goal was to learn about CAS).

At some point I suppose the admin change the account that the local host's smtp service uses to send messages and then the "EmailHelper" class could then impersonate that account. I assume this additional step would truly achieve the goal of performing validation on all messages.

All constructive thoughts are appreciated.
Thanks,
-Chris