I've been thinking about how to make one-way remailers a widespread commodity, rather than the novelty item they are today. Doing two-way remailers would be better, but that's still a hard problem, and I don't want to widely deploy shoddy two-way-remailers. Suppose we add form-based remailer support to a popular SSL-equipped HTTP server, such as Apache-SSL, by putting remailer.pl and a remailer form in the default setup, which would deploy hundreds of remailers with minimal effort. What would we have to do to make it work well, rather than turn into a public relations disaster and spam explosion? - The remailer script would have to add disclaimers at the beginning and/or end of the message reminding readers that the message is anonymous, and to contact the remailer cabal rather than the postmaster. - Blocking becomes a big problem - it's annoying enough now, when there are a small number of remailers with hard-working operators; we'd need some sort of automated blocking support to make it usable by relatively non-involved operators - A centralized block list (e.g. http://www.remailer.net/block.txt) which all of the form-based remailers could load and reference would allow non-picky operators not to have to handle it themselves - Implementing the blocking list as a web form for people who want to be blocked would make it relatively painless to use; remailer-operators wouldn't have to transcribe email from the remailer-operators list to use it, which helps with other problems. - Of course, once anybody can fill out their name and ask to be blocked, it's possible for spoofers to block people who don't want to be. One approach for preventing this is to implement a three-way handshake - user fills out form, form mails back blocking notice with cookie, user returns cookie to complete blocking - this is a bit messier for mailing lists, but we can ignore... - special-case for "postmaster", who may want to block all of foo.domain instead of just postmaster@foo.domain - special-special-case for postmasters of big sites, e.g. aol, netcom, who we may want to ignore? - A sender-blocking list is harder, and may still take human attention - remailer chaining - allow user to put in another Apache-remailer site so we don't have to limit the chaining to known short list of sites. The remailer.pl can send an https foo.bar.com remailer.pl PUT - The remailer form can probably just have field for second site, if empty don't use. I suppose remailer.pl could also automagically add that in when it posts. Technical question: - How do we initiate an http or https PUT from a script? I assume there's probably some perl add-in for posting http/https? Is there a command-line-shell interface that can fetch URLs? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto