On Mon, Sep 03, 2001 at 10:42:19PM -0700, Steve Schear wrote:
I believe Ian Goldberg came up with a rather elegant solution: allow the the clients to only function as entry and middlemen remailers and use throwaway accounts at hotmail or similar fall guys as the exit points.
Maybe, but it's vulnerable to a few things, I'd wager, if you're talking about writing a client that would log in to a web-based mail service and then send mail from within it: * Automated monitoring by Hotmail/Yahoo/Lycos Mail/etc. If an account usually sends 10 messages/day, look for spikes in traffic two standard deviations above the mean and temporarily block access to that account. Or require human intervention to re-enable that account. * Anti-spam monitoring, similar to the above. What a remailer (who logs into the service and and sends mail from within it, rather than forging the From: line) would do is what a lot of spammers would like to do too. * Contractual arrangements by the web-based mail operator that could, theoretically, make the remailer operator liable in some cases. Sorry to be such a downer today, but that doesn't seem like a wonderful solution -- at least after web-based mail services realize what you're doing and employ suitable technological/legal countermeasures. Perhaps an automated registration process might work,using a large number of accounts and automatically creating them as needed and discarding them when necessary. Though to escape (theoretical, in my hypothetical) legal liability, the initial setup and message-dumping would have to be done anonymously, raising the cost and hassle factor. -Declan