At 05:40 PM 12/30/1997 -0400, Privacy Admin <woz@privacynb.ml.org> wrote:
Since I've switched to type-I pgponly remailer I haven't had a problem with spammers. I've been wondering if hashcash makes sense for remailers, or [only] for mail2news gateways.
I guess I am looking for any means of controlling spammers using remailers and mail2news gateways.
Hashcash won't help mail2news, except by discouraging dumb spammers, because news spam only needs a few messages. PGP-only input will cut down on most spammers, though you'll still get a few, especially if they're spamming mailing lists (which makes the encryption both worth the effort and useful for safety.) If you modify your remailer to only _output_ PGP-encrypted messages, you get hashcash-equivalence, and cut abuse substantially. The cost is limiting recipients to pgp users (plus known exceptions), but it's tough to spam people when you need to look up their PGP key and encrypt to it (at least you'll only get spams for high-tech stuff), and it's tougher for random abusers to abuse people since most targets don't have PGP keys, and a mailbox full of PGP junk is less annoying to most people than a mailbox full of human-readable hate mail. In particular, it's harder to send death threats to politicians if they don't have published PGP keys. Is this a feature that makes sense? PGP-out-only remailers aren't as useful for anonymous tip lines (unless the tip line has a PGP address.) They're not as useful for inviting new people into your conspiracy, though they're fine for conspiring with people whose keys you already know (and they can be unlisted keys only used for the conspiracy.) If the Bank of Caribbean Cash Importers is interested in taking anonymous clients who contact them through remailers, they've probably got a PGP key handy to send to anyway. They're not transparently useful for mail2news, but the remailer could make exceptions for known mail2news sites, or could ignore the problem, which is fine for posting to alt.anonymous.messages, though not for posting to alt.whistleblowers. How would you implement it? Obviously you'd need to allow some unencrypted lines at the beginning, at least if they have remailer syntax( ::, ##, mail headers, etc.). Do you cut all lines after the "-----END PGP"? My first impression was yes, but after reading the Freedom Remailer source, it looks like this might kill messages using encrypted reply blocks, so maybe not. Detecting the PGP itself can be crude ("----- BEGIN PGP ENCRYPTED"...) or can be a bit fancier (make sure the lines are all the right length and limited to the correct character set), or much fancier (de-armor and look for PGP blocks). Even the fancy approaches can be spoofed, since you can't go very deep into the headers without the right keys, so a couple lines of real PGP material could be included, leaving possibilities like :: Request-Remailing-To: Your Mama ## Subject: My Guitar Wants to Kill Your Mama -----BEGIN PGP MESSAGE----- Version: PGP for Personal Privacy 5.0 Comment: PGP allows arbitrary comments, so Decrypt This! hQCMAynIuJ1VakpnAQP+MWng0I6TnDf/U83KCttjYZQSnPQjS59rw+M+iSmTGLIs btqW5hn1HXheSb8GNifAWz2rqgdH3GqjZ5rRBDF5tZfQfV5kNNYE1XpT/CMgAsDh 3IkaeOumDKXON+8acl5X7NToSjml+mkxkF7kE9u5oxCEXErDjS3k2wOtv0krNfSk HeyChelseaaaaaaaaaaaaaaaaaaBWAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHA MyGuitarWantsToKillYourMamaBWAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHA MyGuitarWantsToKillYourMamaBWAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHA MyGuitarWantsToKillYourMamaBWAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHA -----END PGP MESSAGE----- and your little dog, too! But at least it's a start. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639