[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system


A good try at solving the problem but one which requires all mail
server  to get onboard in the presence of established alternatives.

The proof of work system you propose doesn't address the  problem of
tampered email contents or if the email was wanted. It *might* prevent
exits from being a  source of blacklisting at exchanges. The
suppression lists to which you refer aren't generated based on IP (at
least not primarily). They're generated based on proof of sender
authorization, proof of contents being untampered, and sender
reputation (complaint, reject). I'm not certain about where you're 
sending your email from.

> we're encountering a lot of issues related to 
> sending of email notification behind Tor, with 
> almost any email provider.

Are you trying to send email from the GlobaLeaks domain?

At  the very least it means all mail servers on the internet would
need to  accept your proof-of-work as evidence of not being spam and
not being  tampered. Such emails could still be spam. The emails can
still be  tampered with by a misconfiguration of sending client (using
TLS Wrapper  instead of STARTTLS and being forced to fallback to
insecure  communications by traffic manipulation). In the end it takes
more than  proof-of-work for public mail servers online. They don't
care if the  email takes work to produce, they care about if the email
is wanted in  the first place and if the contents are as originally
sent. They're  motivated by $$$ and their reputation.

If you're trying to send  emails behind Tor from a domain you control
you should use DKIM. Email  servers online can then verify the email
was both authorized and  un-tampered during transit. Using DKIM won't
fix your sending domain  already being on a suppression list from
bounces before using DKIM (and  due to use of Tor). You'll still need
to apply for removal from  applicable suppression lists. Where it will
help is to prevent your  domain from being added to lists in the
future. From there if you get no  complaints (spam) or rejects (virus)
you'll be on the road to  establishing the good reputation of your
domain. (I didn't see a DKIM record for GlobaLeaks using default
EuroDNS selector)

That just  leaves one problem--mail servers who block incoming
connections from tor  exits the same way websites sometimes block
exits. This might happen if  the exchange is attacked from a Tor exit.
If you meant this in your  proposal I would be very concerned. The
strength of Tor is in diversity.  This would weaken path selection to
always hold a node static for  some-particular traffic. Irregardless
it creates a single point of  attack. Now an adversary can just watch
the node(s) that handle email  and correlate traffic with destination
exchange. This is effectively the  same question as "how to keep
web-sites from blocking tor exits?".

You  might then be better off using DKIM and choosing a non-blocked
exit  (which might need to be changed depending on destination
exchange). This  provides proof of legitimate use of tor exits and
creates incentives to  unblock exits. i.e an exchange might not like
the reputation of  censoring GlobaLeaks

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to