On Fri, 26 May 2006 18:39:53 +0200, Máté Soós <msoos@xxxxxxxxxxxxxx> said: > The problem with BCC, as far as I can see, is that the X-HASH value > must contain the email address of the BCC recipient, which needs to be > hidden. In theory, we could use some sort of masking of this email > address. And if we are at hashes, why not use them (after all, they > are one-way, not only 2nd-preimage-resistant). So, hash the address, > and use that(or some first bytes of that) instead of the email > string. ... One problem with that is that it breaks things such as catch-all addresses. e.g. (almost) all addresses @uhoreg.ca will reach me. For example, you could write mail to hubertisamoron@... and it will be delivered to me. But then I won't have any way of checking whether or not there is a valid hashcash token for my address, because I don't know what address you used to mint the stamp. Hubert