I agree with getting personal mail servers registered, as far as paying $100 for a mail server registration (as mentioned in previous messages)...that's no good. As a user with a personal mail server, it is bad enough to have pay for connectivity and a domain name. Having to pay for the privilege of running a mail server is too much.
e-mail isn't free. in my own experience, i can pay a high price by just hitting delete a couple hundred times a day, or a medium price by turning on all kinds of anti-spam features in my MTA and sending complaints out to network owners on whatever sneaks through the blockade, or a low price by only accepting e-mail from people who have paid to register their servers with some certifier whom i am willing to trust. we'll be seeing this kind of "require signed-by-trusted certificates before permitting use" logic in the personal certificate field soon. why not do it at the mail server level, where there are fewer certificates and more total lifetime value per signature? the secret is in correctly answering the question "who gets the money." i would love to see a bona fide nonprofit use this as a fundraising method. (any organized religion's church comes to mind here as an ideal candidate.) server-level openpgp is also an option, and would more closely reflect the social realities: (1) introducers i'm willing to trust may not be at the top of any virtual certification hierarchy other than my own; and (2) there's no compelling technical reason to keep the number of ultimately trusted keys small. (verisign/thawte may feel that there are compelling business reasons, however.) -- Paul Vixie