On Tue, Sep 04, 2001 at 01:21:16PM -0400, Declan McCullagh wrote:
On Mon, Sep 03, 2001 at 10:42:19PM -0700, Steve Schear wrote:
I believe Ian Goldberg came up with a rather elegant solution: allow the the clients to only function as entry and middlemen remailers and use throwaway accounts at hotmail or similar fall guys as the exit points.
Maybe, but it's vulnerable to a few things, I'd wager, if you're talking about writing a client that would log in to a web-based mail service and then send mail from within it:
* Automated monitoring by Hotmail/Yahoo/Lycos Mail/etc. If an account usually sends 10 messages/day, look for spikes in traffic two standard deviations above the mean and temporarily block access to that account. Or require human intervention to re-enable that account.
* Anti-spam monitoring, similar to the above. What a remailer (who logs into the service and and sends mail from within it, rather than forging the From: line) would do is what a lot of spammers would like to do too.
One could instead bounce the traffic through the same mail servers that spammers use. Judging from the spam I get, most of those are poorly-admined sites thast don't know that they're being used to forward spam. Of course this isn't very moral. Eric