From: Steve Reid <steve@edmweb.com>
Date: Sat, 9 Nov 1996 14:35:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Another possible remailer attack?
Message-ID: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Fri, 8 Nov 1996 12:58:42 -0800
>From: nobody@cypherpunks.ca (John Anonymous MacDonald)
>Subject: Vulis on the remailers
> Please, remailers, source block Vulis for a week.
> Remailer Fan

Suppose you operate an ISP and you suspect that one of your users (let's
call him Dimitri) is using anonymous remailers to submit politically
incorrect messages (under a pseudonym, or all with the same writing style)
to Usenet, mailing lists, and a well-known phreak/hack publication. Also
suppose that these public messages are appearing on a regular basis. 

You want to know if Dimitri is the person regularly posting these
messages. So, you use your powers as ISP to block his access to all
remailers. If the public messages suddenly stop then you can be reasonably
certain that Dimitri was sending them. 

I expect this would work even against DC nets.

The only solution I can think of is to have an account with multiple ISPs
and always send mail from more than one account. This probably wouldn't
offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
able to block traffic no matter where it comes from. 

Comments?