Y'know, after some thought, some of the concepts I made regarding data havens with anonymous locations might well apply to making exit-point remailers that are relatively immune from outside pressure. Given a network of entry-point remailers with well-known public keys, you could advertise an exit-point remailer by only giving out encrypted address blocks for use with various well-known entry-point remailers and a public key. The exit-point remailer could then substitute some random From: address and path entries to spoof the exit-point remailer's location. The remailer's actual location would only be known by the entry point remailers, and since their involvement is stripped by the exit-point remailers, no one would know who they are to complain to them. The spoofed exit-point remailer location could be handled by disposable MX entries, of the sort discussed here earlier, if it is deemed desireable to make the From: address valid. The remailer operator could get the actual complaints, to deal with as he would. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com