Barry Shein wrote the following on 3/27/2014 2:06 PM:
I suppose the obvious question is: What's to stop a spammer from
putting a totally legitimate key into their spam?
It's entirely likely that a spammer would try to get a hold of a key due
to its value or that someone you've done business with would share keys
with a "business" partner . But ideally you'd authorize each sender with
a unique key (or some sort of pair/combination). So that 1) you can tell
who the spammer sourced the key from and 2) you can revoke the
compromised key's authorization to send you subsequent email messages.
There's probably some way to generate authorization such that each
sender gets a unique key or a generic base is in some way salted or
combined with information from the individual you're giving your
authorization to such that the result is both unique and identifiable.
--Blake