Michael Holstein wrote:
What exactly is happening? Somebody is using your Tor exit node to
access a website (yahoo mail) and using that to send spam? And this is
being traced back to you by the spam being traced back to Yahoo, and
Yahoo checking their webmail logs and finding your exit node's IP?
Look at a Yahoo! mail's headers .. the IP of the submitter (by HTTP from
...) is in there.
I don't see how this is any different than the "pwned" calls (eg: "hey
dood .. somebody flamed my blog from yer server!") .. people have been
using free porno (or whatever) to get folks to answer Yahoo/Hotmail
catchpas for a while now .. and then using those accounts to send spam
until Yahoo/Hotmail/etc figures it out and they move on to the next
account.
People can already block tor exit nodes connecting to their SMTP servers
with ease. Blocking tor exit nodes that connected to yahoo to send email
is only slightly more difficult, because of the received header that you
mentioned. If spam ever became a problem on Tor, which I doubt, it would
be easy for email admins to protect themselves from it. If yahoo ever
see it as a problem, they can block it themselves.
Actually blocking Yahoo mail without causing other problems would
require a fair amount of work, but could be done by proxying outbound
traffic and filtering the specific bits of the URL that allow composing
an email.
imo, that's a bad idea. If you're not willing to allow people to access
a service via Tor, reject it in your policy. Don't allow it in your
policy and then cripple access to it.
Mike
