One last thing to add on a more philosophical/big-picture level: I personally am not very interested in a system that uses "reputations", shared blacklists/brownlists, etc. The beauty of proof-of-work is that aside from the protocol specification, it is 100% purely decentralized. If you're willing to accept some sort of centralized authority or repository you might as well use a mature system like Vipul, DCC, or even [shudder] SpamCop/DNSRBLs. I was on the wrong end of a lot of abuse complaints during the beta-testing phase of my C/R system. From this I learned that the spam problem is causing much more serious harm than simply filling up peoples' inboxes: it's forcing the network operators to form what essentially amounts to an arbitration/judicial/law-enforcement system authorized to punish people not just for the *volume of packets* they send (ie a [D]DoS attack), but for the *content* and *context* of those packets. This is becoming extremely dangerous to innovators: it's getting near the point where if what you do is too different from what the average user does, you're going to get hassled a lot by the "abuse framework". You'll have a harder time getting top-tier hosting (I almost got kicked out of MAE West). SpamCop in particular has generated an immensely contorted "legal code" specifying what you are and aren't allowed to do with the SMTP protocol, and it's choking off any sort of innovation that involves automation combined with SMTP. A decentralized system for combatting spam would steal a lot of the momentum behind the development of this sort of ossifying superstructure. Hopefully it could keep things in the state where the abuse system is reserved for: a) abusive *quantity* of packets / flooding b) things that would be illegal even via "snail mail" (extortion, child pornography, fraud, etc). When the network-operator-managed abuse system goes beyond those two jurisdictions it worries me a lot -- the people who run this system are rarely aware of emerging technologies and how to handle them. - a