Graham Toal's suggestion for automatic insertion of an encrypted return address block is interesting. We had some discussion here last year of a similar approach, although Graham's twist of using a symmetric rather than PK cypher for the return address is new. A few thoughts: - You'd want this feature to be optional. Some people might not want their anonymity limited by having their return address recorded, even in encrypted form. - Graham is right about the advantages of use-once (or use-only-a-few-times) return addresses. Chaum discusses how multiple use of return addresses allows these systems to be broken, similar to the way Graham describes. - The use of a symmetric cypher is a very nice way of getting the use-once capability, along with the "burn after reading" effect of a remailer chain which destroys itself as it goes. But it could be a considerable burden on the remailer operator to maintain the database. One possibility would be to fix a maximum time limit on how long the return addresses are kept "alive" and require some real money to keep them longer. - What we would really like is for the recipient to hit the "reply" button and be able to send his mail back. It sounds like this system would still require some cut-and-paste. We already have programs to create encrypted remailer chain addresses fairly automatically. It would be nice to automate this last little bit. Unfortunately, there seems to be no easy way to make this work under Graham's scheme. - It doesn't look like this would be an easy drop-in to the current remailers, unfortunately. The syntax for how the address would be built up as it passes through a chain of remailers is a little unclear as well. The idea does have a lot of promise, though, and I think it is definately worth keeping in mind for the next generation of remailers. Hal