The secret password that Segmail generated for Tom Smith is gh3f3gh3. Segmail would change the From address of John's outgoing message to be "john-tom-gh3f3gh3@john.doe.com".

This thing is bothering me. It's not _that_ secret when sent over the Internet, in plain-text, right?

Suppose Segmail becomes the de facto mailing standard. Then I think the spammers techniques will change: a little less web spidering, a little more network sniffing and "address book" grabbing.

I guess this is a weakness in the design ... compared with Signing/Encrypting techniques that _require_ the user to do some action (i.e.: typing a password).