check out draft-ietf-msgtrk-mtqp and draft-ietf-msgtrk-smtpext for a worked example of "send a verifiable token out with the email without giving away the password".
there are some interesting corner cases in doing this sort of thing, and msgtrk ran across some of them.
one note, though.....
--On 7. mars 2004 08:31 +0000 Sabahattin Gucukoglu <mail@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I don't, though, believe in sitting at a local cafe in mexico and using my home MTA just to send out a bit of mail to the local hotel, particularly when my MTA sits here in the north of London, England! If you agree that this last situation is in fact plausible, then you are not being conservative.
reality reset:
I spent most of last week sending mail to people staying in the same hotel through my MTA in Trondheim, Norway - transmitting to their MTAs scattered across the globe, and them picking up their mail from there.
Seems most of the other people present did too.
seems conservative to me.