Well, I think I have deduced the identity of "Deadbeat" from his posting style. I don't think Julf should say who he is. This was an important demonstration of a weakness in the security of the remailers. The Penet remailer seems now to require a password for all messages; at least, I wasn't able to send to an5877@anon.penet.fi ("Deadbeat") without using my password. So chaining through Cypherpunks remailers to Penet would seem not to be possible now. Unless Eli's suggestion works - having our remailers put out a random "From:" line (perhaps just on mail to Penet?) might cause Penet to issue a new pseudonym for that apparent new user. This would be kind of wasteful from Penet's perspective - all those pseudonyms are never going to be re-used. But it might allow this form of chaining, without compromising the pseudonym of the remailer operator. (I had put my patch into the maildelivery file before Johan instituted his password system, when I realized this weakness existed. I forgot to mention it here at the time. My motivation was to protect my own Penet pseudonym.) Another possibility would be for there to be a command to Penet to allow users to send truly anonymous mail, mail which does not have a meaningful "From" line (and in particular which does not have the user's Penet pseudonym displayed as the "From" address). We could set our remailers to use that command for any mail sent to Penet. Mail sent with that command would not need a password. This would be an alternative way for users to deal with some of the other attacks, such as the one Deadbeat demonstrated. Hal P.S. - My, the list has sure been lively today. Looks like we beat Extropians again on volume!