Checking the first 20 bytes just means the spammer will just add 20 bytes of junk to the start of their message. Spammers unfortunately, can be pretty smart, look at all the work they will do to cull addresses from newsgroups and mail lists, even looking for "mailto:fred@NOSPAM.fff.com (Remove NOSPAM to send me a message)" type addresses. Better to have it run the message through the encryption program (PGP or Mix) somehow to see if it is a well formed (contains valid packets). Of course that means restricting users to PGP or other standard encryption systems (I can see it now, all SPAM will arrive starting with "------ BEGIN PGP ENCRYPTED MESSAGE ----") :) I always liked the proposal of using crypto to force users pay money to have the message sent, then be refunded if the recipient feels the message was worthwhile. Neil M. Johnson njohnson@interl.net http://www.interl.net/~njohnson PGP Key Finger Print: 93C0 793F B66E A0C7 CEEA 3E92 6B99 2DCC ----- Original Message ----- From: "Steve Furlong" <sfurlong@acmenet.net> To: "Multiple recipients of list" <cypherpunks@openpgp.net> Sent: Tuesday, October 03, 2000 5:22 PM Subject: CDR: Re: Anonymous Remailers cpunk
<<Proposal to limit spam sent through anon remailers by requiring that the traffic be encrypted>>
Jim Choate wrote:
<<Jim wrote that there was no good way to tell if the message was
encrypted>>
On Tue, 3 Oct 2000, Steve Furlong wrote:
Why not just read the first 20 bytes of the body? If 90% or more aren't printable ASCII assume the message is encrypted.
So, how come all of a sudden we're injecting algorithms that the users must know to even access the network? What sort of regulatory mechanism is required to mediate changes to the process?
Perhaps we're talking at cross purposes. This subthread came along because some people have noticed that anonymous remailers are used for an awful lot of spam. Peter Trei proposed that remailers could pass along only encrypted mail. My understanding was that Alice, the message's author, would encrypt the message with Bob's public key; Bob is the end recipient: a person or a mailing list or whatever. Alice would send the message through Ramona, the anonymous remailer. Ramona is requiring that messages be encrypted as a means of filtering out spam. Ramona does not need to know Bob's public or private keys; Ramona cares only that the message is encrypted.
I'm assuming there's a way to tell with minimal difficulty if a message is encrypted, without relying on an easily-spoofed X header line. Perhaps someone who knows more about all of the many message protocols can weigh in here.
So, we can't send uuencoded text to guard against ASCII-pure (i.e. 7-bit) machines? Why not? I actualy prefer that sort of stuff because as a last resort I can check it visualy for errors.
You could uuencode your original message before encrypting it. You're right, there could be a problem if one of the boxes in the chain handled only 7 bits. Is that a realistic problem anymore? (That was a serious question, not a dig.)
A remailer should do NO content checking, ever. It's ONLY job is to route and destroy traffic analysis.
This would be an additional service for the recipients, filtering out probable spam. It might be a minor inconvenience for Alice. On a message-by-message basis it could be a minor inconvenience for Bob, but if Bob had been receiving a lot of spam through the remailer it'd be a neg gain. It'd be a huge inconvenience for Sue, the spammer, as intended.
-- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net