I'm thinking of setting up tagging of emails for my dmoains using something like BATV. I read Tony Finch's info about doing something similar at Cambridge (i.e.
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/antiforgery/advertising-batv.txt) and agree that putting the tag in DNS with a trick dns server would seem to make it more scalable and have the benefits of validation for recipients of email who're not using callbacks. I'm guessing that the existing facility of prvs and prvscheck are not suitable for this task, but that's not really the gist of my email. I'm wondering about the best way to get the hash from exim to the trick dns server or vice versa and how you would prevent people from accepting mail with the envelope from the domain on its own; the only way I can think of would be an SPF record to say that it never sends email.