Please point me to appropriate references if I am going over old territory. What if an anonymous remailer required that messages were digitally signed? To use such a remailer, you would have to register an e-mail address and public key with the remailer. Mail that you send through the remailer would only go through if it were properly signed with your key. The return address on the remailed message would be something that the remailer could use to get replies back to you. Chained remailing would still be possible if each remailer signed the messages that it sent out, verifying that it had been received from an address that is registered with it (which may be a user or another such remailer). This would provide a way of dealing with someone mail-bombing a remailer or through a remailer, because the messages from one person could be identified and filtered out either by the remailer or later on, as appropriate. If someone tried to generate a million different identities and public keys, that could be dealt with by imposing a time delay for registration, which would not have to be imposed under normal circumstances. The current cypherpunk remailers maintain strict anonymity by not keeping records the way the Finnish anonymous remailer does. But if you want to be able to get a reply, you still have to place an encrypted reply block in your message, which the remailer can decrypt, so you still lose anonymity in the case that someone compromises the remailer. That is no better than registering an e-mail address (which can be your anonXXXX address anyway) that the mailer stores encrypted along with your public key. For that matter, this would work if everyone had to register a public key with the remailer in order to send mail through it, but only people who wanted to be able to receive replies also registered their e-mail address. Then the only thing that would be required to prevent a mail-bomb attack would be to enforce a registration delay during such time as it became necessary. Having all messages identified, even though still anonymous, would make building of reputations possible. -- sidney markowitz <sidney@apple.com>