Clint writes: > One problem with attaching the "secret" string > to an email address is how that is done at the > sender's side. I can see email clients automating > the process, which is fine, until a virus comes > along and starts popping off random emails. Viruses are a separate problem from spam. > Plus, how would CC: and vast To: lists hide > the secret string? They wouldn't, but that wouldn't be necessary, either. The whole idea is to provide some sort of authentication for messages that is easy to obtain for human beings, but hard to obtain in an automated way for spammers. Spammers obtain e-mail addresses from Web sites, USENET, discussion forums, and the like. Secret strings would not be posted to any of these, so no automated harvesting of the strings would be possible. Just leaving the string in an e-mail addresses to a number of recipients would not be a problem, because spammers would not be intercepting such e-mails (or any e-mails, for that matter). As long as the string is not posted in a place where spammers can harvest it, they won't get it. And hiring human beings to locate strings for individual addresses rapidly becomes too expensive to contemplate. As I've said, the White House uses it, and I don't think they get too many letters from unauthorized parties with the secret string/number, even though conceivably anyone in the delivery chain along the way could see the number. The mere fact that it is not publicly posted is security enough.