1996-05-18 - Re: SEVERE undercapacity, we need more remailer servers FAST

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: c2b4c66d67f652d79284dabf3fd6c0444a00495005a7beb60b54fab1def03833
Message ID: <199605172034.NAA11515@toad.com>
Reply To: N/A
UTC Datetime: 1996-05-18 21:30:01 UTC
Raw Date: Sun, 19 May 1996 05:30:01 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 05:30:01 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605172034.NAA11515@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:29 PM 5/15/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:
>I would really like to see a remailer that is somehow blinded.
>I don't know enough about how mail paths are generatered, but is it
>impossible to conceal the origin of remailer postings?

One reason for remailers is that concealing message origin is difficult and
unreliable, and making smtp servers that include all the information they
can find about the origin of a message into the message is easy,
so it's tough to lie about where you are.  Remailers solve that by
removing the header information from messages they receive and shipping
out the message body with new headers, so anyone who traces all the
"Received:" headers gets pointed to the remailer. 

>Postings made to remailernym@alpha.c2.org would be spit out somewhere but
>without accountability?

alpha.c2.org keeps encrypted reply blocks that it can't decrypt;
it sends messages to some other remailer that can decrypt them,
and only sends messages encrypted.
That means that anybody who does succeed in stealing or subpoenaing
alpha's user information has to go to each of the other remailers
it uses for delivery as well - and alpha doesn't have any keys to steal.

>I'd consider running a remailer, but after listening to the response to
>the anonymous poster a while back, it sounds like there are few if any
>simple options which do not require major time and effort to setup and
>run.

Setting up a remailer is easy, if you've got a Unix machine, 
and I'd guess that the Winsock Remailer is probably easy for Windows.
If you don't support mail-to-news yourself, and you block mail to
other mail-to-news gateways, you cut out lots of flame potential,
which keeps the work of running it fairly low.  (My remailer is based
on ghio2, which has traps to detect high-volume spam, which has
shut it down a couple of times.  Cleaning them up is annoying.)  
You do need to stay on remailer-operators@c2.org to get notices of 
individuals who are being spammed or harassed so you can block mail to them,
but that's typically 5-10 minutes/week.

If you've got a Unix machine, you can also do a web-based remailer easily
(users fill out a form with their mail, which goes to a CGI script.)
If you're willing to use somebody else's script, e.g. replay.com,
you can just put up the web page anywhere and won't need Unix,
and they can handle most of the spam-blocking. This isn't very secure 
unless you're using SSL or other secure HTTP protocol,
which I don't think any of the current web-remailers do. 
Some folks have put advertising on their remailer pages, which starts to 
be one economic model that can encourage people to run them,
if you can find advertisers who _want_ the image this gives them.
(This is fine for c2.org and maybe Digicash banks or tax-haven consultants,
some political ranters, and maybe phone-sex or other services that
don't have to worry about lowered reputations if somebody uses the
remailer to spam the alt.sex newsgroups with phone-sex ads :-)


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation







Thread