Beware of anon.penet.fi

[Hal]

I'd like to verify that
 
X-Anon-Doubleblind: no
 
would mean that no X-Anon-Password would be needed with the message.  This
way, remailer operators who use their personal accounts for remailing could
establish a Penet anonymous ID and password for personal use, and be
confident that remailer users would not be able to send mail through Penet
that would be delivered with that anonymous ID exposed.
 
Also, we could patch the remailers to add the X-Anon-Doubleblind: no line to
mail which goes out to Penet, just in case the user forgets.  (I don't think
there is a need for mail through one of our remailers to be delivered to
Penet with an X-Anon-Password, since only the remailer operator knows the
correct password to use, so virtually no one would be able to use this
feature.)
 
I am confused about the exact rules that Penet uses to decide when a
password must be given.  I get the impression that if no password has been
registered, anonymous posting and mailing to non-anonymous addresses is
forbidden, but you can still mail to anonymous addresses.  If a password has
been registered, you must give it to do any of these three things.  Is this
right?
 
Hal