I had an idea just a bit ago. Here is the scenario: a user wants to know what my anonymous ID for nowhere@bsu-cs.bsu.edu is on anon.penet.fi. All he has to do is send a message like the following to my account: From: whomever@wherever.com To: nowhere@bsu-cs.bsu.edu X-Anon-To: anXXXX@anon.penet.fi <-- his anon ID ... Then, that message will eventually get to him with my remailer's anonymous ID on it! That ID is the same as my personal ID. Oops... So, I made up a refuse list for the remailer. Any address that contains a "to" address that is on my refuse list will not be mailed to. Complete addresses can be used or just partial ones (for example "anon.penet.fi".) I know that this also makes it impossible to mail to other users on the penet site... Oh, well. I just implemented the refuse list, so it will just "eat" any message that is sent to an address on the refuse list. No error message is sent back to the user, it just doesn't get sent. So, I guess my anonymous ID is safe afterall. :) I would suggest that everyone else (if they haven't already) refuse to remail to anon.penet.fi if their remailer is setup on their personal account. Chael Hall -- Chael Hall nowhere@bsu-cs.bsu.edu, 00CCHALL@BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu (317) 285-3648 after 5 pm EST