> >2) Just to save header creep, how about allowing user at host.name or > > user@[ip] as an alternative to NNTP-Posting-User? You can often verify the client machine much more easily than you can verify the entity using that machine. I would rather not see two items of information, with two different levels of trustability, intermingled. /R$