Information about the Anonymous

Anonymous remailer at replay.com
Sun Sep 27 13:13:22 PDT 1998



This message is being sent to you automatically in reply to the message
you sent to remailer at replay.com with the subject "remailer-help".

There is an automated mail handling program installed on this account
which will take any message with the proper headers and automatically
re-send it anonymously.

It is capable of providing a very high level of security if you use the
Mixmaster software to produce the messages.  You can get the Mixmaster
client software from <http://www.thur.de/ulf/mix/> (Germany).  Please
read its manual page and README file for usage instructions.

More information about anonymous remailers is available at
<http://www.stack.nl/~galactus/remailers/>.

For an up-to-date listing of anonymous remailers with statistics,
see <http://anon.efga.org/anon/rlist.html>.  You can also get the
list by fingering rlist at anon.efga.org or rlist at anon.lcs.mit.edu.

You can use the remailer by sending mail to remailer at replay.com, with the
header "Anon-To: address", the address that you want to send anonymously
to.  If you can't add headers to your mail, you can place two colons on
the first line of your message, followed by the "Anon-To:" line.  Follow
that with a blank line, and then begin your message.  For example:

================================================================
From: joe at site.com
To: remailer at replay.com
Subject: Anonymous Mail

::
Anon-To: beth at univ.edu

This is some anonymous mail.
================================================================


The above would be delivered to beth at univ.edu anonymously.  All headers in
the original message are removed.  She would not know that it came from
Joe, nor would she be able to reply to the message.  However, there are a
few ways that the true identity of the sender could be found.  First, if
many anonymous messages were sent, someone could compare the times that
the messages were sent with the times that 'joe' was logged in.  However,
this can be prevented by instructing the remailer to delay the message, by
using the "Latent-Time:" header:

================================================================
From: joe at site.com
To: remailer at replay.com
Subject: Anonymous Mail

::
Anon-To: beth at univ.edu
Latent-Time: +1:00

This is some anonymous mail.
================================================================

The message would be delayed one hour from when it is sent.  It is also
possible to create a random delay by adding an 'r' to the time (+1:00r),
which would have the message be delivered at a random time, but not more
than an hour.  You can also delay the message until a specific time.
For example, "Latent-Time: 0:00" without the '+' would delay the message
until midnight (at the remailer site).  Times must be in 24-hour format.

NOTE: This remailer automatically reorders messages in a large pool,
which produces a similar effect.


Another problem is that some mailers automatically insert a signature file.
Of course, this usually contains the sender's e-mail address, and so would
reveal their identity.  The remailer software can be instructed to remove
a signature file with the header "Cutmarks:".  Any line containing only the
cutmark characters, and any lines following it will be removed.

================================================================
From: sender at origin.com
To: remailer at replay.com

::
Anon-To: recipient at destination.com
Cutmarks: -- 

This line of text will be in the anonymous message.
-- 
This line of text will not be in the anonymous message.
================================================================

NOTE: The cutmark characters in the example are "-- ", the usual e-mail
signature separator.  If you forget the trailing blank after the "--"
in the "Cutmarks:" directive, your signature won't be cut off.


Sometimes you want a subject line or other headers in your anonymous
message.  Additional headers can be written to the output message by
preceding them with a "##" line.  Multi-line headers with indented
continuation lines are allowed.

================================================================
From: chris at nifty.org
To: remailer at replay.com

::
Anon-To: andrew at where-ever.org

##
Reply-To: chris at nifty.org
Subject: A message with user-supplied headers: the subject extends
	over two lines

Hi there!
================================================================


The remailer can also be used to make anonymous posts to Usenet.
To do this, send a message with the header "Anon-Post-To: newsgroups",
the newsgroups that you want to post anonymously to.  Please note
that the group names must be separated by commas (but NO spaces).

================================================================
From: poster at origin.com
To: remailer at replay.com

::
Anon-Post-To: alt.test,misc.test

##
Subject: Anonymous Post

This is an anonymous message.
================================================================

When posting test messages, please use the appropriate groups (alt.test,
misc.test).  The remailer support newsgroup alt.privacy.anon-server is
not a test group.  A subject is needed for Usenet postings.  The remailer
writes a "Subject: none" header to the output message if you don't add
your own subject.

In order to post an anonymous follow-up article and have it appear in a
thread, you must set the "Subject:" and "References:" headers of your
message correctly.  The explanation below has been adapted from the
nym.alias.net help file (mailto:help at nym.alias.net).

The subject of your message should be the same as the article to which you
are replying, unless you are replying to the first message in a thread, in
which case you should prepend "Re: " to the original subject.

To build a references header, copy the references header of the article to
which you are replying, and append that article's Message-ID.  If you are
replying to the first article of a thread, it won't have a references header.
In that case just use the article's Message-ID as your references header.
Be sure to leave a space between Message-IDs in your references heder.
For example, if replying to a message which includes these headers:

================================================================
Newsgroups: alt.privacy.anon-server
Subject: Re: anonymous remailers
References: <5dfqlm$m50 at basement.replay.com>
Message-ID: <5dko56$1lv$1 at news02.deltanet.com>
================================================================

your anonymous follow-up message should begin with these lines:

================================================================
::
Anon-Post-To: alt.privacy.anon-server

##
Subject: Re: anonymous remailers
References: <5dfqlm$m50 at basement.replay.com>
	<5dko56$1lv$1 at news02.deltanet.com>
================================================================

[Note that an indented line in a message header indicates a continuation
of the previous line.]  If replying to the first message in a thread,
with these headers:

================================================================
Newsgroups: alt.privacy.anon-server
Subject: Help with PGP
Message-ID: <5e96gi$opv at job.acay.com.au>
================================================================

your reply should begin with these lines:

================================================================
::
Anon-Post-To: alt.privacy.anon-server

##
Subject: Re: Help with PGP
References: <5e96gi$opv at job.acay.com.au>
================================================================

The "References:" header can be trimmed to include only IDs from messages
that you have quoted from or are replying to.


By separating messages with cutmarks, you can send more than one message
at once:

================================================================
From: me at mysite.org
To: remailer at replay.com
Subject: whatever

::
Anon-To: recipient1 at site1.org
Cutmarks: -- 

##
Subject: message 1

Message one.
-- 
::
Anon-To: recipient2 at site2.org
Cutmarks: -- 

##
Subject: message 2

Message two.
-- 
me at mysite.org
================================================================

The two messages will be delivered separately, and the signature will
be removed.  Only one cutmark is used in the example, but you may use
different cutmarks in each part of your message if necessary.


For added security, you can encrypt your messages to the remailer with
PGP. The remailer software will decrypt the message and send it on.
Here is the remailer's public key:

Type Bits/KeyID    Date       User ID
pub  1000/E7AEC1E5 1995/05/23 Replay Remailer Service <remailer at replay.com>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCKAy/Bo9QAAAED6NMBE5oNGLqUmZvUZTWBfL41B67EVtDHu5VmqrPLX6w0gk8U
lPUNlW/1wACNQAFs/hxKKd0B15d8R7Qk1X7H1KPsdF9AAp8DIBe3MN59Z8iO1dYB
GW8YhPg2EXnNAZyVQb/CGhDZhm8naq3wsQynZZu4J7DmVD0VsrLnrsHlAAURtC1S
ZXBsYXkgUmVtYWlsZXIgU2VydmljZSA8cmVtYWlsZXJAcmVwbGF5LmNvbT6JAJID
BRAvzinRPRWysueuweUBAVpyA+dmx166/op40+nr9OQjahqWHdvLYkKipanaLNM4
u0/U8RrkySEj5n/R0zaJSG4mutZ28DqUEhz7rBHrFRYleENRtiI9TxZZrJVWInE9
No7VwSW9jWlpta2rCfu97EWLdPVPLXmXpd90TONHMk8a7sf/Lz5JFWIIK5PSqI/Z
xQ==
=5+RC
-----END PGP PUBLIC KEY BLOCK-----

To utilize this feature, create a message with two colons on the first line,
then the "Anon-To:" or "Anon-Post-To:" header, then any other commands such
as "Cutmarks:" or "Latent-Time:", then a blank line, then the optional "##"
line and your additional headers, then a blank line, and then the body of
your message.  Encrypt this with the remailer's public key.  Then send it
to the remailer, adding the header "Encrypted: PGP".  If you forget this,
the remailer won't know that it needs to be decrypted.  Also be sure to use
the "-t" option with PGP, or the linefeeds might not be handled properly.

================================================================
From: me at mysite.org
To: remailer at replay.com

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.3in

hIwCJD7BWgsRsnUBA/9kVuVlhFczhjI5cYFLGEAQiv4fUUlZ+hgPp6SQysToVLTM
d0OvWqEb4TJgMREf6pHv4022yRLV6Pb9xaE/Gb82SUZYNE6TvfpxyKbWtRSthPXx
OlsLD+IudqvBQus6DoY/9ClbbXyibP6mOCy7gwFZWOy6OMv2O2ZI3ufc/iCpgKYA
AAAoLD7rvsI+c/Bod/GKAffpHqN2fimsoXrdcEMhIfN+rSC7PnMmaX1c4w==
=afKM
-----END PGP MESSAGE-----
================================================================

To confuse possible attackers even more, you can generate some cover
traffic by sending encrypted messages with the special "Null:" header
rather than the usual "Anon-To:" or "Anon-Post-To:" headers.  The
remailer will drop these messages in the bit bucket.


Any text after your encrypted remailer message is also remailed.  This
allows sending messages to someone who is anonymous.  If you create a
PGP-encrypted message to yourself via this remailer, and then give it
to someone, they can send you a message by sending the encrypted message
to the remailer.  The remailer will then decrypt it and send it to you.
The message gets anonymized in the process, so the sender will need
to include a return address if he wants a reply.

Messages sent this way can be encrypted using the "Encrypt-Key:" feature.
Any text following a line beginning with "**" will be encrypted with this
key.  For example, if you put in the plaintext of your PGP message:

================================================================
::
Anon-To: you at yourhost.org
Encrypt-Key: your_password

**
================================================================

The appended message after the "**" will be encrypted with the key
"your_password", using PGP's conventional encryption option.
It is much simpler to manage these "reply blocks" -- both from the
sender's and recipient's perspective -- by using a nymserver.
Please read <http://www.publius.net/n.a.n.html> for more information
(the homepage for nym.alias.net, the home of the nymserver software).


For greatest untraceability, your reply block can be directed to post
to alt.anonymous.messages on Usenet.  Since you must use a subject line
when posting to Usenet, messages sent using the same reply block will
have the same subject.  To avoid this, you can encrypt a message digest
of the subject using the "Encrypt-Subject:" feature.  For example, if
you put inside your reply block:

================================================================
::
Anon-Post-To: alt.anonymous.messages
Encrypt-Key: your_password
Encrypt-Subject: your_other_password

##
Subject: This subject is MD5 hashed and IDEA encrypted

**
================================================================

The subject will be converted to a 128-bit number and encrypted
with IDEA using CFB mode with the key "your_other_password", and
printed in hexadecimal format (48 characters); and the message will
be posted to alt.anonymous.messages.  The original subject cannot
be recovered, only the MD5 hash of it, and then only if you have the
password.  The resulting subject will be different each time due to
the use of CFB mode, so this helps prevent traffic analysis based on
the subject header.

Decoding the subject (to verify that the message is directed to you)
requires special software.  A small C program which can do this is
part of the remailer distribution, but a more robust application would
be appreciated.  You can get the remailer source code as ASCII-armored
Unix TGZ archive by sending mail to remailer-source at squirrel.owl.de.


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- Sending messages intended primarily to be harassing or annoying.
- Use of the remailer for any illegal purpose.  Due to the global nature
  of the Internet, it is the sole responsibility of the orginal sender
  to determine what is legal.
- Unsolicited commercial messages (SPAM).
- Complaints to spammers.
- Posting lists of addresses to Usenet groups for purposes of soliciting
  commercial e-mail (spam-baiting).

Spammers will be exposed, publicly humiliated, and billed whenever possible.

If you don't want to receive anonymous mail, send a message to the operator,
and your address will be added to the block list.  For more information on
filtering out unwanted e-mail, see <http://www.abuse.net/>.


You can get a list of statistics on remailer usage by sending mail to
the remailer with Subject: remailer-stats


To get the remailer's public keys, send mail with Subject: remailer-key
or finger rlist-keys at anon.efga.org or remailer-keys at anon.lcs.mit.edu to
get the public PGP keys of all active Cypherpunk remailers.


For a copy of these instructions, send mail with Subject: remailer-help

To reach the operator, direct your mail to abuse at replay.com.






More information about the cypherpunks-legacy mailing list