From: IN%"sunder@dorsai.dorsai.org" "Ray Arachelian" 23-MAY-1996 16:51:17.15
One flaw in this is that some systems (my isp, dorsai, included) shut off the finger daemon for security reasons. In this case, the remailer should store the anonymous message on its hard drive for upto a week and send a notice message to the target asking them if they want to receive the email or not, and how to deal with future anonymous requests The remailer then has to keep a table of those recipients for whom finger fails.
One other reason to have such a voluntary message is to account for users/nyms who wouldn't want that they receive anonymous messages to be made public. For instance, that would clue in someone that they might have a nym at a nym-server, thus narrowing down the field for traffic analysis and forensic stylology.
While this is going to eat up a bit of space on the remailer, space could be limited for the user, etc. If the space on the server runs out, what do you do? The remailer should still inform the target, but again a policy question rises - does the remailer send the message anyway, does it delete the message but inform the target that "Sorry dude, you had an anonymous email, but I had no room to store it and so I delted it. IF you don't want it delted the next time around, activate finger tags thusly, or send a reply to this message with "Accept Anonymous Email" or "Reject Anonymous Email" as the subject and I'll respect your wishes from now on"???
The latter has the advantage of preventing spamming via flooding the remailer.
Another thought is that we could set up some universal remailer allow fingering service where the remailers can use some server somewhere or a list of servers somewhere to look up a user's email address and see if they are willing to receive anonymous email. Sort of like PGP key servers.
The possible problem of improper information going out (as per the finger idea) is also the case with this one. -Allen