This is known under various names, the most common one being "tagged message queuing".

And it sucks. Hard.

The potential for abuse notwithstanding, it is completely unworkable for people who often get legitimate mail from strangers. These are the people who need of a way to filter spam reliably the worst. These are the people who cannot viably use a traditional whitelist. And these are the people for whom tagged message queuing means a manifold increase in mailtraffic. Because much of their traffic comes from as yet unknown sources, nearly every legit mail they get will require four actual messages to be sent (mail, confirmation request, confirmation, confirmation accept notice).

If you want to kill your mailserver, tagged message queueing is the quickest and most reliable way to do so.

Not to mention it's automated mail sending which means it needs to be configured carefully. I've seen people's message queuers junk mailinglists repeatedly because they were too stupid to set it up right.

Of course it's also a giant pain in the bottocks for the legitimate senders of mail, but who cares, right?

And what happens if Jane doesn't like joe, so she sends bob, bill, jacob, and 50,000 other people on the millions addresses CD an email from "joe".

If each of these other people used CR clients, joe's poor mailbox would be reduced to rubble.

CR is the same as spam - cost shifting to another person. It should die a quick death.

Well I'm not in the process of "brainstorming" the best protocol for all of this; but the mail clients of the 50000 other people should detect in the mail headers that it was from Jane, not Joe, and would ask Jane for a confirmation. If she dosn't provide it, then they are dropped to /dev/null. So Joe would never receive them.

And what protocol would you use to verify this?

The envelope on an SMTP message is very similar to an envelope on a postal message. How do you know that Joe is actually the person who put his return address on the envelope and dropped it into the postbox. Jane could have just as easily addressed the envelope and posted it, and you could not tell the difference.

I can send a message that looks very much like it came from Joe, even if I am Jane. You cannot believe any header on an SMTP message unless you verify it with trusted logs. The only headers I believe in messages I receive are my own networks, and possibly moving back from there, depending on the level of trust I have.

This becomes even easier if the message is able to be injected along the same path that a legitimate message would take.

One last point - if Joe "automatically" generated 50K responses on my network, he would be severely LARTed.