[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system



On Mon, Mar 02, 2015 at 04:15:26PM +0100, Fabio Pietrosanti (naif) - lists wrote:
> at GlobaLeaks we're encountering a lot of issues related to sending of
> email notification behind Tor, with almost any email provider.
> 
> If the sender provider don't block you today, it will block you tomorrow
> at random.
> If the recipient's provider don't mark you as Spam today, it will do it
> tomorrow at random.
> 
> That's a known Tor's outgoing email problem, still unfixed.

So if I understand you correctly, you mean the following two problems:
a) using Tor to connect to a third-party provider (Gmail etc) won't
always work as the connection is sometimes blocked;
and
b) using Tor to connect to the recipient's mail server on port 25, if
you find an exit node that allows you to do so, will often result in the
connection being blocked, because spammers use the same exit node as
well, resulting in blacklisting?

Your solution, as I understand it, is for Tor exit nodes that allow
outgoing connections on email ports to require a proof-of-work from the
client, to prevent spammers from abusing it.

A few thoughts:

* Proof-of-work to combat spam is an old idea, which many people believe
doesn't work, because spammers do have huge resources.[1] This may be
less of an issue here as senders may be willing to do a lot more work,
given that they explicitly choose to be behind work.

* Like it or loathe it, IP addresses play a very important part in
today's email infrastructure. To achieve good delivery rates, it is
advisable not to change IP addresses too often. With Tor, you'd be
changing them all the time.

* IP addresses aren't the only part of email that can be traced to you.
Domains can as well. That is worth keeping in mind here as well. (As for
DKIM, in theory this would allow mail servers to ignore the IP address
and just look at the domain. In practise I doubt any mail server does,
if only because they know the IP address much earlier during the SMTP
transaction.)

* This would essentially require the exit node to perform a
man-in-the-middle, at least on the level of meta-data, as it would have
to be able to distinguish between you sending 1000 short emails to
example.com users and you sending one very large email to an example.com
user.

The latter still applies if you merely want to submit email to a mail
server that performs the delivery for you, rather than directly connect
to the recipient's mail server.

As for the idea of a "Per Port Exit OutBoundAddress", it is good to know
there are other reasons why people might want to prevent certain IP
addresses from sending email, not just spam: (perceived) abuse,
censorship etc. Introducing such a single point of failure sounds like a
bad idea.

Martijn.

[1] http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk