Why bother with something as obvious and complex as an encrypted address with a + in the middle. If I were Joe Foreign_Guy I would simply get an account somewhere in the USA, there are plenty of public access unix systems that allow you a free month or so, do the request for the crypto software, and immediatly put a .forward file in my directory. I do this because I can no longer support the high price of calling the USA, and thus want my mail sent to a machine on the net that is sitting on my desk here in sunny (insert_foreign_country). This way, the author has not broken the law by sending the software to anysite.com, and I haven't either because all I did was to tell the unix box to forward my mail out of the country. Such a setting isn't illegal, neither is sending crypto software via email to a USA site. Legally who is to blame? Neither "I" nor the sender broke the law although the software has been sent. If I move from the USA to another country and arrange a deal with my post office to send me ALL my mail to wherever I am and pay them in advance for the service plus agree to pay for whatever forwarding costs, who is to be blamed if Joey_CryptoAuthor sends me a disk with a ton of crypto software in an unlabled box, and the Post Office does not check its contents, but exports it? Neither I nor Joey_CryptoAuthor broke ITAR. Not really. Not intentionally. But who gets blamed?