> of
> My intent is to throw something down on the table that's at
> least wrong and allow for an exchange of ideas regarding how to proceed
> if
> at all.
>
>
<quote>
Privacy
Concerns exist regarding data collection of correspondences between certain
senders and recipients however such information is available in most
mailing systems
</quote>
Well, that's just a red rag to *some* bulls :-)
I don't think that asserting that the same concerns apply to *other*
systems
adequately addresses concerns applying to *these* systems. Plus also - it's
not strictly true, since the *necessarily* long life of this data in a C/R
system has implications.
There are several privacy concerns - the whitelist primarily. Also, if the
challenge message contains the receivers email address that might be a
problem too. As I mentioned before, perhaps we should not store plain email
addresses - but some form of checksum or something. Even though that is
susceptible to dictionary attacks, the attacker must know what he is
looking for. This will at least protect against people snooping at messages.