This reminds me: I'm scared to death of false positives. So much so that every email that triggers a positive from Spamassassin (i.e. several thousand spams a day) gets a response. It tries to be as polite as possible, both by being good-natured in tone and by both a "Precedence: bulk" header and an application-specific X-header to break loops. It's worked well enough for me to plan an implementation for an email system I run (servicing about 70k users). There are no real anti-DDOS provisions in it that would prevent someone from sending several million messages with a forged SMTP envelope to flood someone's mailbox quasi-anonymously. I haven't ever heard of this sort of system being used. Other than the obvious problems (like above, and the fact that it generates a LOT of mail that's going nowhere). Does anyone know of a precedent? Or wants to pick apart the idea in terms of community effect? Thanks, Doug