It's not reasonable to use *any* return-path or header that's visible,
as a password to access sensitive information.
People protect this mechanism with strong authentication---e.g., PGP.
There's nothing wrong with refining that heuristic to allow posting
from xxx(_at_)yyy(_dot_)zzz if the subscriber address is
xxx+foo(_at_)yyy(_dot_)zzz(_dot_)
It breaks existing PGP-protected mailing lists, turning good security
into nonexistent security.
---Dan
Set up a new mailing list in a single command. http://pobox.com/~djb/ezmlm.html