On Sat, 29 Dec 2001, Bill Stewart wrote: > Obviously there are some destinations that need to be exceptions. > Usenet's easy - keep track of known mail2news gateways, > and any time you send mail to Usenet, you need to put lots of disclaimers > about it's remailed, it's probably forged, there's no way to reply, etc.
Certainly wise, though not popular with the remailer users (see the thread on alt.privacy.anon-server discussing the recent switch by one of the most popular mail2news gateways to this type of system, where a disclaimer is placed at the top of the message.) The simple truth is that the average user can't be expected to look at mail or news headers, though, so you need to place such things in the body. > Mailing lists are tougher, because you obviously can't keep a list of them. What about an "opt-in" service for mailing list admins? > Another way to deal with unencrypted outgoing message is to send mail > saying "we've received an anonymous message for you. You can pick it up > at https://myremailer.com/tempoutgoing/msg124354.txt within 7 days." > or some such. I've thought about this before. I was concerned about the potential risks of keeping the messages in an identifiable manner on the remailer server... but if everything is encrypted, it wouldn't matter. Unfortunately, requiring everything be encrypted also limits the whistle-blower, anonymous tipster applications of these systems. Additionally, it would be nice if the major PGP implementations supported the "stealth encryption" features, too. (Yes, there's ways to make do without it...) -MW-
