At 06:29 PM 5/15/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:

I would really like to see a remailer that is somehow blinded. I don't know enough about how mail paths are generatered, but is it impossible to conceal the origin of remailer postings?

One reason for remailers is that concealing message origin is difficult and unreliable, and making smtp servers that include all the information they can find about the origin of a message into the message is easy, so it's tough to lie about where you are. Remailers solve that by removing the header information from messages they receive and shipping out the message body with new headers, so anyone who traces all the "Received:" headers gets pointed to the remailer.

Postings made to remailernym@alpha.c2.org would be spit out somewhere but without accountability?

alpha.c2.org keeps encrypted reply blocks that it can't decrypt; it sends messages to some other remailer that can decrypt them, and only sends messages encrypted. That means that anybody who does succeed in stealing or subpoenaing alpha's user information has to go to each of the other remailers it uses for delivery as well - and alpha doesn't have any keys to steal.

I'd consider running a remailer, but after listening to the response to the anonymous poster a while back, it sounds like there are few if any simple options which do not require major time and effort to setup and run.

Setting up a remailer is easy, if you've got a Unix machine, and I'd guess that the Winsock Remailer is probably easy for Windows. If you don't support mail-to-news yourself, and you block mail to other mail-to-news gateways, you cut out lots of flame potential, which keeps the work of running it fairly low. (My remailer is based on ghio2, which has traps to detect high-volume spam, which has shut it down a couple of times. Cleaning them up is annoying.) You do need to stay on remailer-operators@c2.org to get notices of individuals who are being spammed or harassed so you can block mail to them, but that's typically 5-10 minutes/week. If you've got a Unix machine, you can also do a web-based remailer easily (users fill out a form with their mail, which goes to a CGI script.) If you're willing to use somebody else's script, e.g. replay.com, you can just put up the web page anywhere and won't need Unix, and they can handle most of the spam-blocking. This isn't very secure unless you're using SSL or other secure HTTP protocol, which I don't think any of the current web-remailers do. Some folks have put advertising on their remailer pages, which starts to be one economic model that can encourage people to run them, if you can find advertisers who _want_ the image this gives them. (This is fine for c2.org and maybe Digicash banks or tax-haven consultants, some political ranters, and maybe phone-sex or other services that don't have to worry about lowered reputations if somebody uses the remailer to spam the alt.sex newsgroups with phone-sex ads :-) # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 # goodtimes signature virus innoculation