I rather liked the suggestion someone made a while ago that involves paying the recipient when sending email to them. If they reply, you get your money back. But if you spam, it would rapidly become expensive. However, that involves financial payments again, and nobody is willing to do financial anything in a way that allows anonymous players. So if we care about the ability to have anonymous email, we can simply eliminate from consideration anything that requires a paid email license or financial payments to be made in exchange for the right to send mail. There is a better way, of course. But it may not be as profitable for the people who want to sell certs, so nobody's pushing it right now. Remember the "hashcash" proposal from a few years ago? It basically involved the recipient setting some computational task that would take a couple of CPU seconds to complete and demanding the results (from the sending machine) before it would accept an email. IIRC, it was proposed with a probabilistic task, but there's no reason why it couldn't be done with a more precisely controlled linear task such as repeated squaring under a modulus. Or maybe you could ask distributed.net to find a way to use CPU cycles beneficially and provably, and require some number of work-packets to be completed before the mail is delivered. The computational task can get arbitrarily larger, if the recipient system doesn't like the look of the mail. I can picture the MDA going, "wow, I decrypted this one, but it scores 9.2 on my procmail filter scale, so I better ask for and get fifteen MIPS-minutes of CPU time before I actually deliver it." Stuff like this can be done anonymously, can be done on the recipient and sender machines, can depend on filters (the MDA sees it after it arrives and gets decrypted) and limits the per-machine rate at which a spammer can send spam. It requires no central keying authority, no registrations or controls, allows random email from people you don't know or haven't heard from in a while to reach you, is a barrier that's fully customizable at the recipient site, can be implemented purely in software (meaning nobody has to get a licence or a subscription or vouched for by someone else to send mail), and if someone really *does* care enough to dedicate fifteen MIPS-minutes of CPU to getting an advertisement through to you, it probably means he's got a specific reason to believe that it's actually something you'll be interested in, rather than just being a "bottom feeder" who sends out a million emails in the hopes of one response. SMTP is a hole, and needs replaced. We have the technology. It'll work. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com