On Mon, Mar 02, 2015 at 04:15:26PM +0100, Fabio Pietrosanti (naif) - lists wrote: > at GlobaLeaks we're encountering a lot of issues related to sending of > email notification behind Tor, with almost any email provider. > > If the sender provider don't block you today, it will block you tomorrow > at random. > If the recipient's provider don't mark you as Spam today, it will do it > tomorrow at random. > > That's a known Tor's outgoing email problem, still unfixed. So if I understand you correctly, you mean the following two problems: a) using Tor to connect to a third-party provider (Gmail etc) won't always work as the connection is sometimes blocked; and b) using Tor to connect to the recipient's mail server on port 25, if you find an exit node that allows you to do so, will often result in the connection being blocked, because spammers use the same exit node as well, resulting in blacklisting? Your solution, as I understand it, is for Tor exit nodes that allow outgoing connections on email ports to require a proof-of-work from the client, to prevent spammers from abusing it. A few thoughts: * Proof-of-work to combat spam is an old idea, which many people believe doesn't work, because spammers do have huge resources.[1] This may be less of an issue here as senders may be willing to do a lot more work, given that they explicitly choose to be behind work. * Like it or loathe it, IP addresses play a very important part in today's email infrastructure. To achieve good delivery rates, it is advisable not to change IP addresses too often. With Tor, you'd be changing them all the time. * IP addresses aren't the only part of email that can be traced to you. Domains can as well. That is worth keeping in mind here as well. (As for DKIM, in theory this would allow mail servers to ignore the IP address and just look at the domain. In practise I doubt any mail server does, if only because they know the IP address much earlier during the SMTP transaction.) * This would essentially require the exit node to perform a man-in-the-middle, at least on the level of meta-data, as it would have to be able to distinguish between you sending 1000 short emails to example.com users and you sending one very large email to an example.com user. The latter still applies if you merely want to submit email to a mail server that performs the delivery for you, rather than directly connect to the recipient's mail server. As for the idea of a "Per Port Exit OutBoundAddress", it is good to know there are other reasons why people might want to prevent certain IP addresses from sending email, not just spam: (perceived) abuse, censorship etc. Introducing such a single point of failure sounds like a bad idea. Martijn. [1] http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk