disposable remailers (was Re: Eternity Uncensorable?)

Andy Dustman andy at CCMSD.chem.uga.edu
Fri Aug 8 00:40:53 PDT 1997


On Fri, 8 Aug 1997, Adam Back wrote:

> Andy Dustman <andy at CCMSD.chem.uga.edu> writes:
> > 
> > Back to the subject: Disposable remailers. It seems the juno remailer
> > software would be good for this. I'm not sure what the sign-up requirement
> > are, but it's free. I was also thinking about web-based free mail
> > services, such as Hotmail and Rocketmail. Receiving mail means having to
> > parse some HTML, which from the looks of things is do-able but not
> > trivial. Sending mail might be easier to implement.
> Sending mail is your problem alright.  It's where you get hit by
> spammers etc.

Ah, but if you only send through the disposable address, who cares? The
actually remailer address should never get seen (except on remailer lists,
of course). You could probably get away with never reading any incoming
mail, so spammers are not a problem.

> Wasn't there an email forgery web page around for a while.  The idea
> was that you filled in the details of who you wanted to send to, what
> address you wanted it to appear you had sent it from, and paste your
> message in this form box.  It did some kind of crude sendmail forgery
> for you.

Hmmm. Someone has recently been forging mail to appear to be from cracker
through something like this (very bad forgery, headers are all wrong).

> > Which brings up an interesting idea for an exitman/middleman remailer: Use
> > a nym or commercial ISP to receive the mail, use throwaway free mail
> > accounts for delivery (maybe even just plaintext delivery). Hotmail, at
> > least, inserts an X-Originating-IP:  header, though.  
> No problem -- run it through www.anonymizer.com first :-)

Sure, Lance won't mind, right? At least, not if we subscribe... ;) Maybe
we need a network of anonymizing web proxy servers... 

> > I expect others do the same. So put your remailer output on a ZIP
> > disk or floppy and run your delivery on whatever public or
> > semi-public access machine you happen to get your hands on, once or
> > twice a day.
> You'd not want to use the same public access account regularly.

I'm not thinking of an account so much as maybe a PC in a university
computer cluster. Pick one and go. At a big university there should be
several clusters around campus.

> I think the connecting to the web based interface of one of those free
> web gateways via www.anonymizer.com web based interface has potential.

It does, but I know The Anonymizer blocks some sites, at their request.

> How much trouble can you get in with ISPs for forging email?  Do they
> care?

Mindspring cares. My ISP was absorbed by them about two weeks after I
signed up. They say in their terms of service that impersonating someone
else is forbidden, but they specifically allow the use of anonymous
remailers and nicknames. I assume this means forging is frowned upon,
unless you are impersonating someone who doesn't exist, I guess.

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
    To get my PGP public key, send me mail with subject "send file key".
For the ultimate anti-spam procmail recipe, send me mail with subject "spam"
"Encryption is too important to leave to the government."  -- Bruce Schneier
http://www.ilinks.net/~dustman    mailto:andy at CCMSD.chem.uga.edu      <}+++<

Version: 2.6.3ia
Charset: noconv


More information about the cypherpunks-legacy mailing list