Re: remailer spam throttle
paul@fatmans.demon.co.uk writes:
Well, they can compile the list of addresses off of USENET postings and such and then compute the hashes of the compiled names and identify those that are on the anon acceptance list. Not that it completely invalidates the idea, but certainly it is a problem.
If a time delay isn`t a problem a remailer could operate on the list with a MAC, if someone wants to find out if a name is on the list they submit a request to the remailer operator who daily executes a batch job using a (memorised) key to verify the hashes against one another.
Of course this gives no protection against the scenario of a law enforecement agency or shady TLA comprised of men in long black trenchcoats demanding the operator reveal the key to the MAC. I suppose there is always "I have forgotten the key, officer"..... ;-)
Yes. The remailer should contain as little "interesting" information as possible at any given time, even if it's encrypted.
X sends 1000 copies of child porn/seditious libel to 100 people believed no to be using remailers right now. The remailer keeps the 100 e-mails onits hard disk and e-mails each receipient a ping, inviting them to agree to the disclaimer terms and to retrieve their anonymous e-mail. The first recipie to retrieve the e-mail gets upset and contacts the feds. The feds figure, remailer still has the 99 other e-mails and the information on who's suppos to receive them in its queue; why not seize it and take a look.
A possible solution to this is to set a time limit, say 24 hours on how long a proposed recipient may take to respond to a request for permission to send the mail. The remailer then sends the mail simultaneously to all those who agreed, those who declined to accept the mail or failed to repond are removed from the recipient list.
*If* the remailer keeps the e-mail until the recipient agrees to the disclaimer and fetches it, then the timeout period should be longer than 24 hours. Not everyone checks their e-mail every 24 hours. E.g., sometimes I'm away and don't check it for 3 or 4 days. A friend of mine checks hers once or twice a week because she doesn't get much. Of course I'm advocating something more draconian - discard the e-mail at once if the recipent isn't known and e-mail them how they can get their mail next time. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (1)
-
dlv@bwalk.dm.com