At 09:45 AM 6/15/00 -0400, Trei, Peter wrote:
>If a remailer restricted itself to sending out messages which were
>still encrypted after decrypting with the remailers' key, I would think
>you'd remove nearly all spam (since no spammer is going to encrypt
>thousands of messages with the public keys of each of his recipients),
>and give the operator a layer of protection from liability ('No, you
>Imamness, I did not and could not know that an infidel was using
>my remailer to send quotes from "The Satanic Verses'")
The standard software doesn't support this, but it'd be nice to add.
Even requiring PGP for the input side gets rid of almost all spammers,
especially if you limit the number of recipients per message.
In the future, when encryption is widely available and everybody uses it,
there may be more spammers using encryption, but it's pretty rare today.
But it's still usable for harassment.
Requiring the outgoing message to be encrypted is even more thorough -
it limits you to spamming or harassing people with published encryption keys,
though I suppose some people feel harassed by receiving lots of encrypted mail
that they can't decrypt...
It's not easy to decide whether a message is really encrypted,
if you're not the recipient, so you're basically limited to deciding
whether a message has correct encryption syntax - you can either be crude and
just look for the ----BEGIN PGP ENCRYPTED STUFF--- or maybe S/MIME headers,
or you can get fancy and see if there's more structure than that.
It's possible for a determined harasser to work around this -
e.g. put the headers followed by unencrypted mail or whatever,
and you can't tell without the recipient's key. But it's pretty good.
>This would make it more difficult to send plaintext messages to
>usenet, though messages which decrypted in the remailer to
>plaintext targeted for known gateways and mailing lists could be
>let through.
Yeah - basically, you either need to build recognition in the remailer,
or else put up a second remailer that doesn't require encrypted-output and
use it as a gateway, or something like that.
The basic problem is that remailing private messages to a specific recipient
is a much different activity than remailing messages to a broadcaster
with many unknown recipients, and the current remailers try to do both.
Building gateway servers with names like [EMAIL PROTECTED] opr
"[EMAIL PROTECTED]"
can take care of the second job.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
