My mail filter adds addresses to my list of acceptable senders if it finds
a valid token in the subject line.

To create a token that is a function of the string xyzzy and today's date.

	% upas/token xyzzy
	2taC2
	%

To see if a token is one created in the last 10 days

	% echo some line containing 2taC2 > /tmp/quux
	% if ( upas/token xyzzy /tmp/quux )
		echo hi
	hi
	%

In /sys/src/cmd/upas/filterkit/pipeto.sample you'll find:

	# save and parse the mail file
	{sed '/^$/,$ s/^From / From /'; echo} > $TMP
	upas/fs -f $TMP

	# if we like the source
	# or if the subject contains a valid token
	# then deliver the mail and allow all the addresses

	...

	if ( $BIN/token $KEY $D/subject )
	{
		$BIN/deliver $RECIP $D/from $MBOX < $D/raw
		$BIN/list add $PF $D/from $D/to $D/cc $D/sender
		rm $TMP
		echo `{date} added $RECIP From `{cat $D/replyto} \
			>> /mail/box/$USER/_bounced >[2] /dev/null
		exit 0
	}

The first bit just uses upas/fs to present the message to be filtered as
a file system.  The last part looks to see if a valid token exists
in the Subject: line and if so adds the address to the list of patterns.

Of course, there's no reason to use upas/token.  You could just as
easily have a single token that's good for all time.  I just thought
that would make it a little to easy for the spammers.