My maxim for cases like Hal's monitoring of his remailer: Strengthen all parties. Therefore, we have two problems to solve. The user of the remailer got his anonymity blown, and the usenet groups got abused. A. User anonymity It has become very clear to me that the opponent model of universal network monitoring is not the first model that we should be deploying for. This is the worst case, and the worst case is the hardest to solve. The opponent here was logging by the service provider, and the technique was logging. We should ensure that we can defend against this opponent and this technique. Any email-based entry point into an anonymous messaging system will contain an identity-based address. Yet an IP-based entry point will only reveal the host. The lesson: Remailers ought to run server daemons. This has the happy side-effect of removing default email logging. It also will allow for IP forwarders to have some reason for use and development. B. usenet abuse The automatic broadcast property of Usenet is profoundly broken for the long run, since there is no upper bound on the amount of resources required. More immediately, this property also requires a 100% completely distributed salience filter in all the posters for newsgroup topicality to hold, that is, everybody has to stay on topic, no exceptions. Please. The feedback mechanism of bitching and moaning to sysadmins does not scale, however, especially when nodes spring up dedicated to technologically-enforced freedom of speech, nodes which completely ignore any particularities of content. In the long run, Usenet will have to move to some method of distributed moderation before widespread distribution. Since salience is determined by humans, humans will have to read messages before transmission. The scale of distribution may be wide. One path of development in support of remailers, therefore, has nothing to do with remailers as such but rather with the re-creation of the public forum which is suitable for anonymity. In the short run, anonymous mail should not be posted to newsgroups by parties unwilling to take the heat, both external flames and internal guilt. The operators of remailers who don't wish this should acquire lists of known mail-to-news gateways and then filter. The rest of the operators may wish to install their own gateways in the remailer as Eric Hollander has done. Eric