Now here's the stupid solution that works better than everything else and can be done today as most clients are ready to oblige: just require the sender to AUTH against the relay before publishing its very secretive message.