From: Adam Back <aba@dcs.ex.ac.uk>
To: andy@CCMSD.chem.uga.edu
Message Hash: 30c0ddd3a7b654daaba141aa0a412effbca1f8ebb4d539e4e27c796a26842d66
Message ID: <199708080147.CAA00946@server.test.net>
Reply To: <Pine.LNX.3.94.970807200648.2843J-100000@neptune.chem.uga.edu>
UTC Datetime: 1997-08-08 07:37:56 UTC
Raw Date: Fri, 8 Aug 1997 15:37:56 +0800
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 8 Aug 1997 15:37:56 +0800
To: andy@CCMSD.chem.uga.edu
Subject: Re: disposable remailers (was Re: Eternity Uncensorable?)
In-Reply-To: <Pine.LNX.3.94.970807200648.2843J-100000@neptune.chem.uga.edu>
Message-ID: <199708080147.CAA00946@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain
Andy Dustman <andy@CCMSD.chem.uga.edu> writes:
>
> Back to the subject: Disposable remailers. It seems the juno remailer
> software would be good for this. I'm not sure what the sign-up requirement
> are, but it's free. I was also thinking about web-based free mail
> services, such as Hotmail and Rocketmail. Receiving mail means having to
> parse some HTML, which from the looks of things is do-able but not
> trivial. Sending mail might be easier to implement.
Sending mail is your problem alright. It's where you get hit by
spammers etc.
Wasn't there an email forgery web page around for a while. The idea
was that you filled in the details of who you wanted to send to, what
address you wanted it to appear you had sent it from, and paste your
message in this form box. It did some kind of crude sendmail forgery
for you.
> Which brings up an interesting idea for an exitman/middleman remailer: Use
> a nym or commercial ISP to receive the mail, use throwaway free mail
> accounts for delivery (maybe even just plaintext delivery). Hotmail, at
> least, inserts an X-Originating-IP: header, though.
No problem -- run it through www.anonymizer.com first :-)
> I expect others do the same. So put your remailer output on a ZIP
> disk or floppy and run your delivery on whatever public or
> semi-public access machine you happen to get your hands on, once or
> twice a day.
You'd not want to use the same public access account regularly.
I think the connecting to the web based interface of one of those free
web gateways via www.anonymizer.com web based interface has potential.
However I wonder how long it will last... I mean rocket mail or
whatever admins are going to get complaints like you do as a remailer
operator.
If it gets bad, they'll do what? Not sure -- yank your account? You
could get another one...
Turn the whole thing off?
Might last for a while.
Really we could do with some more general distributed solution to the
delivery problem.
Email forgeries seem like an interesting solution, either via an
exitman remailer which is basically just an email forging service, or
perhaps we could add capability "forger" to the remailer code.
How much trouble can you get in with ISPs for forging email? Do they
care? Would wide-spread practice of forging to avoid getting spammed
in USENET would cover you well enough? How much extra security would
it give you? Probably quite a lot -- the sorts of person who gets
spam baited is clueless almost by definition, and won't have a clue
where the mail came from. Unless they enlist some technical help,
they'll be forced to just discard the email.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Return to August 1997
Return to “Wei Dai <weidai@eskimo.com>”