Re: What are email risks?
On 06/02/2011 17:30, Jerzy Łogiewa wrote: How do scrubbed versions of these headers affect deliverability? Do services flag as spam these messages? The major part of my full time job is as an email administrator. Scrubbing headers will affect deliverability to some systems. Probably not as much as having a Tor exit node IP in your Received headers though. Smarthosting through an anonymous GMail account is a good idea because they don't put the connecting IP address into the Received headers, and systems generally trust mail from GMail more anyway. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature
Re: What are email risks?
On Monday 07 February 2011 04:41:06 t...@lists.grepular.com wrote: The major part of my full time job is as an email administrator. Scrubbing headers will affect deliverability to some systems. Probably not as much as having a Tor exit node IP in your Received headers though. Smarthosting through an anonymous GMail account is a good idea because they don't put the connecting IP address into the Received headers, and systems generally trust mail from GMail more anyway. What about running an anonymous remailer on the same IP address as a Tor exit node? The remailer will probably be middleman, as it was, but I am hoping to run an exit node when I can afford to colo. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
How do scrubbed versions of these headers affect deliverability? Do services flag as spam these messages? -- Jerzy Łogiewa -- jerz...@interia.eu On Feb 2, 2011, at 6:47 PM, Jan Weiher wrote: Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). Walenty rozdaje prezenty! Co minute inny prezent! Sprawdź http://linkint.pl/f28f8 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
On Wed, Feb 2, 2011 at 5:47 PM, Jan Weiher j...@buksy.de wrote: In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). In addition to e-mail headers which do indeed generally contain multiple IP addresses and time zone information, there is a fair bit of stuff that can be used for fingerprinting as well. Not just the obvious things like the X-Mailer header, but things like which headers are present, the order they appear in, and the formatting of the MIME envelope, can all help identify the software in use. Combine that sort of stuff with analysis of writing style, vocabulary, etc. and you might be able to correlate two e-mails as originating from the same person with some degree of accuracy. I'm not aware of any research into the trackability of such things, as e-mail generally isn't considered anonymous anyway, but a lot of the work that has gone into fighting spam would actually have implications here as well. -- Bjarni R. Einarsson The Beanstalks Project ehf. Making personal web-pages fly: http://pagekite.net/
Re: What are email risks?
Bjarni Rúnar Einarsson writes: Combine that sort of stuff with analysis of writing style, vocabulary, etc. and you might be able to correlate two e-mails as originating from the same person with some degree of accuracy. I'm not aware of any research into the trackability of such things, as e-mail generally isn't considered anonymous anyway, but a lot of the work that has gone into fighting spam would actually have implications here as well. Hi Bjarni, There is a stylometry item in the anonbib where they do statistical analysis of features of writing style: http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/rao/rao.pdf I bet these techniques have gotten more powerful as the field of machine learning has developed, although I don't know if there are more recent studies of what this means for anonymity. -- Seth Schoen Senior Staff Technologist sch...@eff.org Electronic Frontier Foundationhttps://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/