None

each single zombie machine nowadays to avoid that the operator notices what's happening.

Generally, I would like to avoid tying keys to IP addresses, but it might be what's most effective after all. We might touch into SPF and their likes here? Don't know really.

| > When speaking of client coming back, we mustn't forget to demand that | > the client connects to the very same MTA the second time. | | What does "same" mean? Same A-record (IP address), or the same | MX-record?

Same machine, or all MTA:s serving the same domain have to share their database with outstanding challenges and this with very short replication times. A client might just come back within a second or so.