Permission Keys work by providing information to the Spam Filtering Engine on how the email address was acquired by the sender.  As mentioned previously, this is achieved by embedding a unique code, or key at the point of email address acquisition, and then checking any incoming messages for a valid key, thereby ensuring that they are not mistakenly miss-classified as Spam.

While it is advantageous for as many issued email addresses as possible to contain a valid permission key, it is not necessary for all instance or issued email addresses to contain a valid key.  Conceptually, permission keys are only used to prevent a "lost message", and the absence of a key does not increase a message’s likelihood of being classified as Spam.

As we have seen in the proceeding passage, permission keys take many forms, but the underling purpose is to carry a unique code or key which can be used to connect incoming messages with issuing events.

The reason why there are multiple forms of permission keys is to optimize the likelihood of preservation of the key while presenting the email address in a form compatible with the intended method of acquisition.