While I can envision a case where you might be able to make this work for specific configurations of the blocking and specific bounce handling and from address forging, while it would allow you to use to the resources of the remote org to do most the checking, it would also require fairly intimate knowledge of quite a few configuration variables. So may, in fact, that you would probably already have an administrator password of some sort if you were able to carry it out. :)