[tor-dev] Email Bridge Distributor Interactive Commands

Matthew Finkel matthew.finkel at gmail.com
Sun Jul 27 16:21:25 UTC 2014

On Sat, Jul 26, 2014 at 09:42:04PM -0700, Ken Keys wrote:
> On 7/26/2014 1:54 AM, Matthew Finkel wrote:
> > We also do try to discard fake requests, isis actually added another
> > yesterday!
> Could you elaborate on this? I don't understand what you mean my fake
> requests but the incident sounds interesting.

Sure :) Fake requests meaning requests that do not appear to be from
users who need bridges to access the Tor network.

The way we currently do it is by keeping a blacklist of known-spammy
email addresses. When we receive a request for bridges we compare the
source email address against the email addresses in the blacklist. If
they are identical or very similar[0] then we probably deny[1] the
request. See the ticket[2] for some more details.

[0] https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/20b3063ffb81225f642503ec1d335077a6e73b0d?hp=ece0df775f3b83a5c0ce677fb9f5b899d3969201
[1] https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/98a1ed16d711bfa73495adb0b0e0666f472460f3?hp=f84416b3b50f74a0d61ea1fcce7185908fad6615
[2] https://trac.torproject.org/projects/tor/ticket/9385

More information about the tor-dev mailing list