It has been mentioned in other places on the net (ok, yammerings on slashdot, but this made a bit of sense) that blacklisting is a perfect P2P application. Each mailserver could keep a cryptographically verified list, the list is distributed via some P2P mechanism, and DoS directed at the 'source' of the service only interrupts updates, and only does so until the source slips an updated copy of the list to a few peers, and then the update spreads. Spam is an economic activity and they won't DoS a source if they know it won't help their situation. I'm not an expert in DNS, email server configuration, or routing, but it seems to me that the whole thing requires a distributed solution to harden it against spammers, and that the logical place for this is the SMTP daemon itself, possibly coupled with some global registry that sells digital certs for a reasonable annual fee, much how domain names are handled now (Verisign excluded, of course). -- mailto:neal@lists.rauhauser.net phone:402-301-9555 "After all that I've been through, you're the only one who matters, you never left me in the dark here on my own" - Widespread Panic