[Dropping news:comp.lang.perl.misc from Followup-To: as a matter
of habit.]
The current Netnews architecture relies, in essence, on a
simplistic flood-fill routing. That is, for each group, we can
imagine a network of nodes, each of which, upon receipt of a new
message, relays it to all of its peers. The only two things
that complicate this scheme are Path: and IHAVE, which both
reduce the load by not sending the message the peer already has.

In this scheme, and taking INN as an example, newsfeeds(5), and
its reciprocal incoming.conf(5), serve two purposes: they remedy
the fact that Netnews currently lack autodiscovery (contrary to
the P2P networks mentioned above), and they code (in a crude,
but working, fashion) the "trust" relationship between the
peers.

However, dealing with "trust" at the link level (and not at the
user level) can by itself led to certain security implications.

With a sound use of digital signatures (and implementing the
relevant WoT, or re-using the OpenPGP one), we can lay the
control over what's trustworthy and what's not straight to the
hands of the user.

The mail routing is a trickier one. However, considering that
virtually the only reason behind such a routing nowadays is the
belief in the security of firewalled intranets, we may simplify
the whole task of routing to a three-hop (user, relay, user)
scheme, detailed below.

Let's first assume that "autodiscovery" is in place. Now, Alice
chooses a "relay" (there may be both free of charge and paid
ones), and her agent puts (into the distributed hash table, or
DHT) a (digitally-signed) "pointer" record that all her mail
should be delivered to that relay. When Bob wants to send mail
to Alice, its agent searches the DHT, finds the "pointer"
record, and sends a copy of the letter to the relay thus found.
(Naturally, Alice's agent checks the relay for any new messages
periodically when online.)

It makes sense for the Bob's letter to mention a few of his
previous messages (sent to Alice) in the header. This way, it
would be much harder for a (malicious) relay to hide the
information of any such message. Also, it makes sense to
encrypt all the communication, so such a relay won't be able to
intercept or tamper the messages, either.

This scheme could be modified slightly by requesting Bob to copy
the message he wishes to send to Alice to his own "relay" B,
while sending only a pointer to Alice's A. This way, Bob (and
not Alice) "pays" for the handling of his outgoing letters,
which may thwart certain abuse scenarios.

Note that should Mallory try to send numerous pointers to a
single message, it'd be possible to "mark" such a message as
"spam" just once per group of users of the "Netnews-like part"
of the P2P communication system being discussed.
It /may/ be done, for various reasons, including the
compatibility with the MUA's currently in use.

Both GNUnet and Freenet (IIRC) implement an HTTP interface, so
that an ordinary Web browser can be used to connect to the
network. OTOH, BitTorrent agents (commonly called /clients/,
though it's a misnomer) are mostly self-contained.
And what exactly it's for? I don't see why one may need to care
/how/ the letter has reached its destination if it's a valid and
wanted one. And if it's not, imposing a policy on the relays is
only a partial solution.