The whole thing could probably be done with the current pgp keysservers. Just put in the X-check header, something that Joe can check with public keys.

If everyone used PGP, I would be able to drop the message after DATA if the PGP signature did not match, and we would not be having this exchange.

As far as LARTing joe for 50,000 responses, what do you do about "innocent joe" receiving a 50000 count mail bomb? of the claimed sender.

I didn't say Joe receiving 50K messages, but rather generating the 50K CR messages. What the user receives is not necessarily within his control; what the user generates is.

By generating CR messages with some false positives, you are still doing cost shifting (someone else is paying your costs) to process your mail, which is exactly why spaming is looked upon the way it is.

Anyway, I have made my point, and this is the last I plan on responding to this. There are other forums where this has been discussed, and discussed, and discussed (see SPAM-L, for example). PM is probablyDefinitely not the place.