1997-08-08 - Re: disposable remailers (was Re: Eternity Uncensorable?)

Header Data

From: Andy Dustman <andy@CCMSD.chem.uga.edu>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: b15c79eb09777c8bc7523bff754b62144c1266557608888d809785a70f243723
Message ID: <Pine.LNX.3.94.970807215626.2843K-100000@neptune.chem.uga.edu>
Reply To: <199708080147.CAA00946@server.test.net>
UTC Datetime: 1997-08-08 07:40:53 UTC
Raw Date: Fri, 8 Aug 1997 15:40:53 +0800

Raw message

From: Andy Dustman <andy@CCMSD.chem.uga.edu>
Date: Fri, 8 Aug 1997 15:40:53 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: disposable remailers (was Re: Eternity Uncensorable?)
In-Reply-To: <199708080147.CAA00946@server.test.net>
Message-ID: <Pine.LNX.3.94.970807215626.2843K-100000@neptune.chem.uga.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Aug 1997, Adam Back wrote:

> Andy Dustman <andy@CCMSD.chem.uga.edu> writes:
> > 
> > Back to the subject: Disposable remailers. It seems the juno remailer
> > software would be good for this. I'm not sure what the sign-up requirement
> > are, but it's free. I was also thinking about web-based free mail
> > services, such as Hotmail and Rocketmail. Receiving mail means having to
> > parse some HTML, which from the looks of things is do-able but not
> > trivial. Sending mail might be easier to implement.
> Sending mail is your problem alright.  It's where you get hit by
> spammers etc.

Ah, but if you only send through the disposable address, who cares? The
actually remailer address should never get seen (except on remailer lists,
of course). You could probably get away with never reading any incoming
mail, so spammers are not a problem.

> Wasn't there an email forgery web page around for a while.  The idea
> was that you filled in the details of who you wanted to send to, what
> address you wanted it to appear you had sent it from, and paste your
> message in this form box.  It did some kind of crude sendmail forgery
> for you.

Hmmm. Someone has recently been forging mail to appear to be from cracker
through something like this (very bad forgery, headers are all wrong).

> > Which brings up an interesting idea for an exitman/middleman remailer: Use
> > a nym or commercial ISP to receive the mail, use throwaway free mail
> > accounts for delivery (maybe even just plaintext delivery). Hotmail, at
> > least, inserts an X-Originating-IP:  header, though.  
> No problem -- run it through www.anonymizer.com first :-)

Sure, Lance won't mind, right? At least, not if we subscribe... ;) Maybe
we need a network of anonymizing web proxy servers... 

> > I expect others do the same. So put your remailer output on a ZIP
> > disk or floppy and run your delivery on whatever public or
> > semi-public access machine you happen to get your hands on, once or
> > twice a day.
> You'd not want to use the same public access account regularly.

I'm not thinking of an account so much as maybe a PC in a university
computer cluster. Pick one and go. At a big university there should be
several clusters around campus.

> I think the connecting to the web based interface of one of those free
> web gateways via www.anonymizer.com web based interface has potential.

It does, but I know The Anonymizer blocks some sites, at their request.

> How much trouble can you get in with ISPs for forging email?  Do they
> care?

Mindspring cares. My ISP was absorbed by them about two weeks after I
signed up. They say in their terms of service that impersonating someone
else is forbidden, but they specifically allow the use of anonymous
remailers and nicknames. I assume this means forging is frowned upon,
unless you are impersonating someone who doesn't exist, I guess.

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
    To get my PGP public key, send me mail with subject "send file key".
For the ultimate anti-spam procmail recipe, send me mail with subject "spam"
"Encryption is too important to leave to the government."  -- Bruce Schneier
http://www.ilinks.net/~dustman    mailto:andy@CCMSD.chem.uga.edu      <}+++<

Version: 2.6.3ia
Charset: noconv