> Then, after GPG, we will be implementing a challenge-response > mechanism for non-GPG emails. (Sort of like how you confirm for > subscribing to a mailing list.) > I hadn't thought of that, good idea (put the authentication out to whether or not the user can authenticate to their mail server)