From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 8 Aug 1997 16:54:51 +0800
To: andy@CCMSD.chem.uga.edu
Subject: Re: disposable remailers (was Re: Eternity Uncensorable?)
In-Reply-To: <Pine.LNX.3.94.970807215626.2843K-100000@neptune.chem.uga.edu>
Message-ID: <199708080223.DAA01636@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Andy Dustman <andy@CCMSD.chem.uga.edu>
> > Wasn't there an email forgery web page around for a while.  The idea
> > was that you filled in the details of who you wanted to send to, what
> > address you wanted it to appear you had sent it from, and paste your
> > message in this form box.  It did some kind of crude sendmail forgery
> > for you.
> 
> Hmmm. Someone has recently been forging mail to appear to be from cracker
> through something like this (very bad forgery, headers are all wrong).

I said "wasn't there", as in past tense.  It got nuked years ago now
(literally) because of complaints.  When I looked at the page it still
had the text but a note that it was disabled, and why.

Just wandering if anyone knew if anyone else had set up something more
recently that still worked.

> > You'd not want to use the same public access account regularly.
> 
> I'm not thinking of an account so much as maybe a PC in a university
> computer cluster. Pick one and go. At a big university there should be
> several clusters around campus.

You might get away with that for a pretty long time, I guess.

> > I think the connecting to the web based interface of one of those free
> > web gateways via www.anonymizer.com web based interface has potential.
> 
> It does, but I know The Anonymizer blocks some sites, at their request.

Right.  So there is one anonymizer, and if we make a big game of using
this method, Lance will get threats, and at best be asked to block
them.  We need something more distributed.

That network of anonymizers isn't here yet.

> > How much trouble can you get in with ISPs for forging email?  Do they
> > care?
> 
> Mindspring cares. My ISP was absorbed by them about two weeks after I
> signed up. They say in their terms of service that impersonating someone
> else is forbidden, but they specifically allow the use of anonymous
> remailers and nicknames. I assume this means forging is frowned upon,
> unless you are impersonating someone who doesn't exist, I guess.

Well I was thinking along the lines of:

	bubba@dev.null

type addresses yes.  You ain't imitating anyone there.  I wonder if
they frown on generating non-replyable email addresses though.
Non-existant domains.  I speculated in the previous post that perhaps
the habit of using: 

	gizmo@netcom.com.NOSPAM

might make ISPs accustomed to having people use non-replyable email
address all the time.

Adam

-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`