From: MAILER-DAEMON@kermit.aatech.com
Date: Sat, 25 May 1996 13:40:46 +0800
Subject: Alternative to remailer shutdowns...
Message-ID: <19960524.1408058.1225D@kermit.aatech.com>
MIME-Version: 1.0
Content-Type: text/plain


    There are hundreds of machines littered around the net that
dont bother adding "received" headers to mail.

I dont think that these provide anything near the security and anonymity 
that a single remailer (much less a remailing chain) provide, but it 
seems to me that routing outbound traffic from a remailer through one of 
these sites would provide at least /some/ measure of protection for the 
remailer-operator.

It feels a bit underhanded, but it may be that involving some 
"innocent" bystanders in the remail process would be useful. 
Even if the sites being routed through /were/ keeping logs it would still 
require their participation in any investigation to discover where the 
mail had originated, and this would introduce the question of whether the 
(psuedo)anonymous sendmail host should bear any liability for not
tracking where mail came from. The operator of the particular 
smtp host would seem to have a pretty good defense should a charge be 
raised, but in defending the smtp-host you could also be strengthening 
the defense of the r-ops. 

Another possibility is that rather than operating remailers at all, maybe 
we should be operating non-logging smtp hosts that dont add received 
headers. Building a client to take advantage of these servers would be 
trivial (i wrote one last night, and i am not proficient in C) and it 
could be argued that the situation was not created intentionally to allow 
anonymous messages, merely to preserve disk space and bandwidth.

Flame Away...