1997-03-29 - Re: remailer spam throttle

Header Data

From: Sergey Goldgaber <sergey@el.net>
To: “Dr.Dimitri Vulis KOTM” <dlv@bwalk.dm.com>
Message Hash: 5f759ba43d9a7c8817190e74ed79acbf9761e0163900d7b866c60dc94513b05f
Message ID: <Pine.LNX.3.95.970329004311.157C-100000@void.el.net>
Reply To: <TH804D2w165w@bwalk.dm.com>
UTC Datetime: 1997-03-29 05:49:32 UTC
Raw Date: Fri, 28 Mar 1997 21:49:32 -0800 (PST)

Raw message

From: Sergey Goldgaber <sergey@el.net>
Date: Fri, 28 Mar 1997 21:49:32 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: remailer spam throttle
In-Reply-To: <TH804D2w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.970329004311.157C-100000@void.el.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Mar 1997, Dr.Dimitri Vulis KOTM wrote:

-> I just came up with another idea which definitely has some holes in it,
-> but perhaps someone wants to improve on it.
-> 
-> There's a big distributed database of pgp keys on the several keyservers.
-> Add a bit to the database specifying whether the key owner wants to receive
-> anonymous e-mail.  By default set it to true for the existing addresses.
-> 
-> When the final remailer in the chain wants to send someone an anonymous
-> message, it attempts to retrieve a key from the keyservers.
-> 
-> If it fails to find a key, it junks the mail (you don't want to keep it
-> around, it's baiting the LEAs!) and instead sends a notification to the
-> recipient that some anon e-mail was addressed to it, but it was junked;
-> and if they want to receive anon e-mail, they need to give a pgp key
-> to one of the key servers this remailer uses.
-> 
-> If it finds a key, it looks at the anon mail bit; if it's on, it encrypts 
-> the e-mail with the recipient's key and sends it; otherwise it junks it.
-> 
-> Obviously, the key servers would need to be modified to allow users to
-> specify whether they want anon e-mail when then store their keys, and
-> to change this setting any time.
-> 
-> Right now, there's a very large number of addresses in the key servers.
-> Instantly making them into a list of addresses that accept anon mail
-> will make it hard (hopefully infeasible) for the LEAs to investigate
-> everyone willing to accept anon e-mail as a suspect in sending it.

Unfortunately, key servers can not be trusted.  I'm sure you're aware that
anyone can submit a key, and thus forgeries abound.

If the above model is adopted, key servers will be the first target of
the prospective spammer.


 ............................................................................
 . Sergey Goldgaber <sergey@el.net>      System Administrator        el Net .
 ............................................................................
 .   To him who does not know the world is on fire, I have nothing to say   .
 .                                                      - Bertholt Brecht   .
 ............................................................................






Thread