I've thought about that too. You could enforce it by doing something to the signature that only the target relay could validate maybe.