On Tue, 3 Oct 2000, Ryan McBride wrote:
Mixmaster can be installed in the low-maintenance `middleman' mode. In that mode, it will send mail to other remailers only, to avoid complaints about anonymous messages.
Obviously this isn't a perfect solution, but it helps somewhat. It's what I'm planning on doing until I can familiarize myself with the legal ramifications of running an "open" remailer.
It's a nice first step...it's just that if an adversary knows you are running a middleman and has control over one of the hosts relaying mail for your ISP, it may be able to 1. send mail ostensibly to a legitimate, remailer address via your "middleman" remailer 2. intercept the message you send out at the captured mail relay 3. change the header so the mail you thought was going to a remailer ends up in someone else's e-mail account. or maybe the e-mail account of the adversary so he can pose as an aggreived user. A contact to the ISP follows. You can try to convince your ISP that "no, this shouldn't happen because I'm running as a middleman," but it's not clear how you could prove that you're under this kind of attack. The threat here is an adversary who wants to see the remailer go down, but is unwilling or unable to just mailbomb it. The adversary succeeds after your ISP gets enough complaints about your crappy remailer administration to pull the plug. I'd have to go read the code to figure out whether a plaintext message could be sent this way, or just a message actually encrypted to another remailer. Might not be so bad if only encrypted messages go through, but if an adversary can get plaintext messages through then you seem to have the same possible exposure as if you were a public remailer. (though in real life, of course, it will be much less because who's going to do this?) -David