Each person you correspond with gets some specific permission to talk to
 you, which is encoded in a policy record. These policies enforce things
 like message size, message rate, and attachment types. You can change this
 permission at any time, and the sender will be updated with the new
 version. The policies are pre-checked by the sender's agent, so as soon as
 they hit the Send button they know whether the message will get through or
 not.
 
 New senders, those that aren't in your address book yet, use a generic
 policy that you publish along with your contact information. This policy
 may require that they go through a CAPTCHA challenge to prove that they are
 human. Really what they are proving is that they were willing to put some
 human time into starting a conversation with you. The CAPTCHA challenge
 results in a ticket which their agent adds to the message, and your agent
 verifies the ticket upon receipt.
 
 There are common human communication patterns that can be optimized, like
 bidirectional conversations and introductions. If I ask you a question,
 it's only polite for me to let you respond, so the agent automatically
 grants return permission to anyone we send a message to. Likewise if I
 introduce you to a friend of mine, I am expecting to let the two of you
 communicate, so the system is built to let introductions bypass the CAPTCHA
 step but still let the recipient retain full control of the permission they
 grant. With these steps, the CAPTCHA challenge is only ever used when you
 contact a stranger for the very first time.
 
 The fundamental design rule of Petmail is that the recipient chooses what
 they will accept.