...

Performance might degrade if you're using a large number of trusted users. For every e-mail address checked, SHA-1 hashes would need to be computed using every salt present in the database. I can't think of any algorithms off the top of my head that would be helpful for speeding up this search.

Discussion

My biggest issue with it is the concept of multi-kilobyte attachments on all (or most) of my outgoing mail. I also pointed out to the authors when it first came up that it needs to avoid the from-me-to-me attack, whereby a spammer simply uses the desired recipient address as the From address. Avoiding that is as simple as ensuring that the user's addresses aren't given any "whitelisted" points. --JustinMason.