I'd like to verify that X-Anon-Doubleblind: no would mean that no X-Anon-Password would be needed with the message. This way, remailer operators who use their personal accounts for remailing could establish a Penet anonymous ID and password for personal use, and be confident that remailer users would not be able to send mail through Penet that would be delivered with that anonymous ID exposed. Also, we could patch the remailers to add the X-Anon-Doubleblind: no line to mail which goes out to Penet, just in case the user forgets. (I don't think there is a need for mail through one of our remailers to be delivered to Penet with an X-Anon-Password, since only the remailer operator knows the correct password to use, so virtually no one would be able to use this feature.) I am confused about the exact rules that Penet uses to decide when a password must be given. I get the impression that if no password has been registered, anonymous posting and mailing to non-anonymous addresses is forbidden, but you can still mail to anonymous addresses. If a password has been registered, you must give it to do any of these three things. Is this right? Hal