[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system
A good try at solving the problem but one which requires all mail
server to get onboard in the presence of established alternatives.
The proof of work system you propose doesn't address the problem of
tampered email contents or if the email was wanted. It *might* prevent
exits from being a source of blacklisting at exchanges. The
suppression lists to which you refer aren't generated based on IP (at
least not primarily). They're generated based on proof of sender
authorization, proof of contents being untampered, and sender
reputation (complaint, reject). I'm not certain about where you're
sending your email from.
> we're encountering a lot of issues related to
> sending of email notification behind Tor, with
> almost any email provider.
Are you trying to send email from the GlobaLeaks domain?
At the very least it means all mail servers on the internet would
need to accept your proof-of-work as evidence of not being spam and
not being tampered. Such emails could still be spam. The emails can
still be tampered with by a misconfiguration of sending client (using
TLS Wrapper instead of STARTTLS and being forced to fallback to
insecure communications by traffic manipulation). In the end it takes
more than proof-of-work for public mail servers online. They don't
care if the email takes work to produce, they care about if the email
is wanted in the first place and if the contents are as originally
sent. They're motivated by $$$ and their reputation.
If you're trying to send emails behind Tor from a domain you control
you should use DKIM. Email servers online can then verify the email
was both authorized and un-tampered during transit. Using DKIM won't
fix your sending domain already being on a suppression list from
bounces before using DKIM (and due to use of Tor). You'll still need
to apply for removal from applicable suppression lists. Where it will
help is to prevent your domain from being added to lists in the
future. From there if you get no complaints (spam) or rejects (virus)
you'll be on the road to establishing the good reputation of your
domain. (I didn't see a DKIM record for GlobaLeaks using default
That just leaves one problem--mail servers who block incoming
connections from tor exits the same way websites sometimes block
exits. This might happen if the exchange is attacked from a Tor exit.
If you meant this in your proposal I would be very concerned. The
strength of Tor is in diversity. This would weaken path selection to
always hold a node static for some-particular traffic. Irregardless
it creates a single point of attack. Now an adversary can just watch
the node(s) that handle email and correlate traffic with destination
exchange. This is effectively the same question as "how to keep
web-sites from blocking tor exits?".
You might then be better off using DKIM and choosing a non-blocked
exit (which might need to be changed depending on destination
exchange). This provides proof of legitimate use of tor exits and
creates incentives to unblock exits. i.e an exchange might not like
the reputation of censoring GlobaLeaks
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to