-----BEGIN PGP SIGNED MESSAGE----- Yeah, the numbers should be higher. This was just a hypothetical! nzook@bga.com said:

There is little, if anything, we can do to stop a chained, PGP'ed mail bomb, "This is mail bomb number XXX. Boom!" It is therefore in our best interest to not encourage children to send such messages in such a way. I believe Homer's message was erroneous for this reason.

People, please! Before critisizing a method, look at the threat model! I plainly stated that my method was not intended to deal with real trouble. tcmay: "The From: line is notoriously misleading". But it still gives enough that we need remailers in the first place, right? The "From:" was a token. It wasn't meant as a literal. For id'ing postmaster, all you need is the xx.xx.xx.xx, right? jalicqui "Unless your remailer was the terminal remailer for a significant number.." But in a serious spam/mailbomb attack, someone would _have_ to get a bunch, right? With the changing session keys, and a chain, the best we could hope for would be to stop it on its way out. (or use for padding ;-) Incidently, a per/customer volume limit would also control the binaries. Since we have little hope of id'ing the true originator, we might have to limit a site. (bad) OTOH, if someone tried to send binaries, only to find that they couldn't get more than 1M out an hour, they would probably give up & go somewhere else. We might also hit the chained pgp bomber this way, as the messages would likely be fairly large? XXX But this all misses a point that I would like to stress. We are in what the military refers to as "low-intensity combat". Right now, we don't have a continuous stream of spam-bombs floating through our systems. (Well, we did, but jp shut down :-(( ) Right now, we (other than PRZ) don't have serious legal troubles. Right now, our remailers are too weak to be a significant problem to the TLAs (any more than a forged From:). The way to win a low-intensity battle is to avoid escalating unless you are sure you can win. Eventually, we will have to standardize packets. Eventually, we will have to employ very sophisticated techniques to deal with spam-bomb. But maybe we don't do that today. Maybe we do just enough to catch a bunch of the most juvenile. Then the next bunch is smarter. Then we catch them. We keep going. You see, I doubt that we can take on a spammer that knows the net as well as anyone here. But I don't doubt that word can get out that the remailers nail spammers. Of course, we risk becoming the latest challenge to the juvenile, but I think that this is far less likely than it appears at first because we are, after all, "really cool". My suggestion is to avoid, for as long as possible, letting on to _anyone_ just how sophisticated our systems are, just how much can be done, until we are sure we can win the unavoidable battles. XXX This also strongly points to per-line blocking of remailers. Since the necessary steps to catch a sUPer bomber appear to be impossible/ impractical, we must offer annon-blocking for those poor souls that request it. Perhaps annon-block for a month at a time. This is part of that PR that we need to watch. To put it another way, if our services make it easy(er) for someone to engage in an activity that we oppose, and that can hurt (subjective) someone else, we are facing a moral responsiblity for our actions. We should attempt to fulfill that responsibility. I believe that the phone company even allows people to change numbers for free if they are receiving harassing calls. And we want to be better though of than the phone company, right? XXX BTW, do you have to be a remailer operator to be on the list? If not, I'ld like to know how to subscribe... Finger or request keyserver for PGP 2.6.2 (tm) key. PGP<->Mail/News installation incomplete. Factors for modulous are not proven primes. Key may be far weaker than expected. Encode at your own risk. Key ID: 14712B4D 1994/12/26 Nathan H. Zook <nzook@bga.com> Key fingerprint = 44 B3 D8 66 3D 55 1E 2E F8 92 22 A6 33 8C DE 24 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLyBfUHmgMs8UcStNAQE7Ygf/Wg5+hKErgpqi+4J7jOAw97AitUnYn+z+ QJqAw4ar6hQEY/taC6ru5S8YjKYHwmXdR7n7YjSFjEy8aYwXSr4SaALICNhQsyrU jcSuaMY0oUN2obYV6TxYtdVWaQVF9XBqW/8AlIcs+ZF4Yi7gqUdgf4aApuapW14e drVi6PgV5ccg8a+wGBCdJhDy5AK0BJRtxUxtLDeb+MkaTOfk/ylLfBdbFV1iK7Ek qDmpAZdd+FpwKoqBTm+jbCa/kemwFN5touLeLijRWjEuoqFK0x/YYRYsAjJUNqu/ Qt6YWqvat8t7UYlTauVsQ/9XJNxADxmWlrKaaQTxmsHrobq0h4s+RA== =ykck -----END PGP SIGNATURE-----