The problem with that is in order to solve your problem you're asking a
lot of people to make some fairly pervasive changes in how they perform
I agree with you that it's unlikely that people who key stuff on bounce
addresses* will ever do anything other than a straight string comparison.
That's why I'm taking the timestamp out, so the BATV version of an address
doesn't change and the string comparisons continue to work. Yeah, you
lose replay protection, but I think the merits of the tradeoff between a
largely hypothetical threat and known collateral damage are obvious.
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.
* - disregarding, for the moment, the questions about whether that's a
good idea in the long run independent of BATV