[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system



That email system, with built in Tor support and proof of work based anti-spam, has already been built.
Get it here:
http://www.confidantmail.org
Mike Ingle <mike@confidantmail.org> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2


On 3/2/2015 7:15 AM, Fabio Pietrosanti (naif) - lists wrote:
Hi all,

at GlobaLeaks we're encountering a lot of issues related to sending of
email notification behind Tor, with almost any email provider.

If the sender provider don't block you today, it will block you tomorrow
at random.
If the recipient's provider don't mark you as Spam today, it will do it
tomorrow at random.

That's a known Tor's outgoing email problem, still unfixed.

That's because any provider that's used continuously behind Tor, before
or later get abused/will block you (including Google), and because the
IP reputation of any Tor Exit Relay on the internet is very bad.

So, thinking on how to fix it, why don't create an outbound email system
that's based on proof of work to heavily disincentive spammer/fraudster,
enabling a Tor user to send email to general Internet users without
major problems?

If my Tor client computer had to run heavy computations for 15-30s to
send a single email, i think that spammer and fraudster will be KO, but
an average user could still find it acceptable because a single user is
"low volume" but any automated systems are high-volume.

A Tor Exit node could require such a "proof of work" from a Tor Client
in order to enable a single outgoing connection for that "highly
sensible exit port" (25, 465, 587).

If this method work, it should be required to improve Tor to run a
dedicated "Per Port  Exit OutBoundAddress" that would enable to have a
dedicated IP address for outgoing connections trough port 25/465/587.
This IP address will have a good reputation on the internet, because
will be only used by real-users to send a relatively limited amount of
emails.

That way it would be transparent for the end-user to send outgoing email
trough Tor.

If this would be in place, the Tor2web inbound SMTP feature #LINKTICKET,
to be developed before or later, will complement this picture allowing
full inbound/outbound SMTP email traffic.


Beware: I'm pro-compatibility, i don't like any "let's make/use a new
protocol, Email is dead, SMTP is dead, PGP is dead!" and i concretely
think that we shall improve the existing internet-standards to fulfill
new requirements, rather than create new ones.



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk