#26679: Hi, A good try at solving the problem but one which requires all mail
server to get onboard in the presence of established alternatives. The
proof of work system you propose doesn't address the problem of tampered
email contents or if the email was wanted. It *might* prevent exits from
being a source of blacklisting at exchanges. The suppression lists to
which you refer aren't generated based on IP (at least not primarily).
They're generated based on proof of sender authorization, proof of contents
being untampered, and sender reputation (complaint, reject). I'm not
certain about where you're sending your email from. > we're encountering
a lot of issues related to > sending of email notification behind Tor,
with > almost any email provider. Are you trying to send email from the
GlobaLeaks domain? At the very least it means all mail servers on the
internet would need to accept your proof-of-work as evidence of not being
spam and not being tampered. Such emails could still be spam. The emails
can still be tampered with by a misconfiguration of sending client (using
TLS Wrapper instead of STARTTLS and being forced to fallback to insecure
communications by traffic manipulation). In the end it takes more than
proof-of-work for public mail servers online. They don't care if the email
takes work to produce, they care about if the email is wanted in the first
place and if the contents are as originally sent. They're motivated by $$$
and their reputation. If you're trying to send emails behind Tor from a
domain you control you should use DKIM. Email servers online can then
verify the email was both authorized and un-tampered during transit. Using
DKIM
--------------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
--------------------------------------+--------------------
Hi,
A good try at solving the problem but one which requires all mail
server to get onboard in the presence of established alternatives.
The proof of work system you propose doesn't address the problem of
tampered email contents or if the email was wanted. It *might* prevent
exits from being a source of blacklisting at exchanges. The
suppression lists to which you refer aren't generated based on IP (at
least not primarily). They're generated based on proof of sender
authorization, proof of contents being untampered, and sender
reputation (complaint, reject). I'm not certain about where you're
sending your email from.
> we're encountering a lot of issues related to
> sending of email notification behind Tor, with
> almost any email provider.
Are you trying to send email from the GlobaLeaks domain?
At the very least it means all mail servers on the internet would
need to accept your proof-of-work as evidence of not being spam and
not being tampered. Such emails could still be spam. The emails can
still be tampered with by a misconfiguration of sending client (using
TLS Wrapper instead of STARTTLS and being forced to fallback to
insecure communications by traffic manipulation). In the end it takes
more than proof-of-work for public mail servers online. They don't
care if the email takes work to produce, they care about if the email
is wanted in the first place and if the contents are as originally
sent. They're motivated by $$$ and their reputation.
If you're trying to send emails behind Tor from a domain you control
you should use DKIM. Email servers online can then verify the email
was both authorized and un-tampered during transit. Using DKIM
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26679>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
