At 05:46 PM 10/3/00 -0400, Steve Furlong wrote:
Jim Choate wrote:
On Tue, 3 Oct 2000, Trei, Peter wrote:
I would like to suggest that a remailer could eliminate nearly all it's problems by only sending out encrypted mails - that is, if after removing the encryption that was applied using it's own private key, it finds that the result is plaintext, it simply drops the message.
And just exactly what algorithm is that you're using to determine crypt-v-plaintext?
Why not just read the first 20 bytes of the body? If 90% or more aren't printable ASCII assume the message is encrypted.
Doesn't work - many mail packages will encode non-printable characters in ASCII, either with MIME or UUENCODE or hex or whatever, and many encryption packages, like PGP, do that already. If you require PGP Encryption, you can look for the -----BEGIN PGP ENCRYPTED STUFF------ line. That still gets you into trouble with MIME if you're not careful, so either be careful or don't :-) The only way you can really tell if something is encrypted is for a human to look at it. Otherwise people will figure out that they can send messages saying -----BEGIN PGP ENCRYPTED STUFF------ HaHaWeFooledTheRemailer. You suck! -----END PGP ENCRYPTED STUFF----- But still, you can keep out all but really determined abusers, and all but incredibly determined spammers. (Even basic encryption will keep out almost all spammers.) (You could check that the whole message follows PGP syntax, but without knowing at least one decryption key you can't tell if it's valid or if they wrote the abuse on top of an otherwise syntactically correct encrypted message.) If you want to get fancier, you can also limit destinations to known remailers or to people who've replied to a "You have anonymous mail - return this cookie if you want to receive it. <blurbage about remailers>" request. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639