1996-05-23 - Re: An alternative to remailer shutdowns

Header Data

From: Ray Arachelian <sunder@dorsai.dorsai.org>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: dc649229d729da4db72c422a4e9bcb30d28dbee5e802edf37bed46a9d892e38d
Message ID: <Pine.SUN.3.91.960523133203.18689B-100000@dorsai>
Reply To: <199605231304.GAA13631@toad.com>
UTC Datetime: 1996-05-23 23:51:09 UTC
Raw Date: Fri, 24 May 1996 07:51:09 +0800

Raw message

From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Fri, 24 May 1996 07:51:09 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <199605231304.GAA13631@toad.com>
Message-ID: <Pine.SUN.3.91.960523133203.18689B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Probably the best system is one that is in the middle.... that is say a 
message comes into a remailer targetting a user whom the remailer hasn't 
seen before, the remailer needs to make a decision as to whether to 
discard the message or deliver it.

While the idea to either ROT13 the message or PGP it or somesuch sounds 
like a good one, it doesn't prevent spam-your-enemy's-mailbox attacks.  
Imagine 10,000,000 messages sent through remailers to your mailbhox, each 
ROT13'ed with a notice at the top stating "Wana read this? Un ROT13 it!" 
Very bad.  However, what this is trying to do is quite honorable.

Here's what I propose:


Finger the target user and see if there's a universal token in his finger
info (.plan file) that say looks like "::*ACCEPT ANONYMOUS EMAIL*::" or
"::*REJECT ANONYMOUS EMAIL*::" or some such...  If we can get all
remailers to do this and respect finger info then there is no issue. 

One flaw in this is that some systems (my isp, dorsai, included) shut off 
the finger daemon for security reasons.  In this case, the remailer 
should store the anonymous message on its hard drive for upto a week and 
send a notice message to the target asking them if they want to receive 
the email or not, and how to deal with future anonymous requests  The 
remailer then has to keep a table of those recipients for whom finger fails.

This is also an issue for shitty ISP's such as AOL or CI$ whom will not 
allow finger info because they don't run a cool unix service. :^)

While this is going to eat up a bit of space on the remailer, space could 
be limited for the user, etc.  If the space on the server runs out, what 
do you do?  The remailer should still inform the target, but again a 
policy question rises - does the remailer send the message anyway, does 
it delete the message but inform the target that "Sorry dude, you had an 
anonymous email, but I had no room to store it and so I delted it.  IF 
you don't want it delted the next time around, activate finger tags 
thusly, or send a reply to this message with "Accept Anonymous Email" or 
"Reject Anonymous Email" as the subject and I'll respect your wishes from 
now on"???

If a target's finger info does not fail but fails to produce a remailer 
accet/reject tag, there's a question of policy: does the remailer go 
ahead and send the message and adds a heading to the message informing 
the user how to set accept/reject in their finger info, or does it act as 
if the user's finger server is disabled?

Another thought is that we could set up some universal remailer allow 
fingering service where the remailers can use some server somewhere or a 
list of servers somewhere to look up a user's email address and see if 
they are willing to receive anonymous email.  Sort of like PGP key servers.

Or we could have a DNS like service of email addresses between all 
remailers which should propagate their tables to each other of the 
exceptions and whether or not they wish to receive anonymous email...

This setup also allows a potential anonymous person to see whether or not 
their target accepts anonymous messages before they bother writing a long 
rant to them about what a nice person they are, and what to shove where. :)

This also solves the question or rather wishes of the mailing list or 
usenet group owners who may not wish to accept anonymous posts, such as 
alt.uptight.assholes.at.some.org but allows them to be posted on 
something like alt.whistleblowers, alt.sex-victims or whatever. :)

Is this enough food for thought?

==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA






Thread