[tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system
Mike Ingle
mike at confidantmail.org
Mon Mar 2 19:19:08 UTC 2015
That email system, with built in Tor support and proof of work based
anti-spam, has already been built.
Get it here:
http://www.confidantmail.org
Mike Ingle <mike at confidantmail.org> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
On 3/2/2015 7:15 AM, Fabio Pietrosanti (naif) - lists wrote:
> Hi all,
>
> at GlobaLeaks we're encountering a lot of issues related to sending of
> email notification behind Tor, with almost any email provider.
>
> If the sender provider don't block you today, it will block you tomorrow
> at random.
> If the recipient's provider don't mark you as Spam today, it will do it
> tomorrow at random.
>
> That's a known Tor's outgoing email problem, still unfixed.
>
> That's because any provider that's used continuously behind Tor, before
> or later get abused/will block you (including Google), and because the
> IP reputation of any Tor Exit Relay on the internet is very bad.
>
> So, thinking on how to fix it, why don't create an outbound email system
> that's based on proof of work to heavily disincentive spammer/fraudster,
> enabling a Tor user to send email to general Internet users without
> major problems?
>
> If my Tor client computer had to run heavy computations for 15-30s to
> send a single email, i think that spammer and fraudster will be KO, but
> an average user could still find it acceptable because a single user is
> "low volume" but any automated systems are high-volume.
>
> A Tor Exit node could require such a "proof of work" from a Tor Client
> in order to enable a single outgoing connection for that "highly
> sensible exit port" (25, 465, 587).
>
> If this method work, it should be required to improve Tor to run a
> dedicated "Per Port Exit OutBoundAddress" that would enable to have a
> dedicated IP address for outgoing connections trough port 25/465/587.
> This IP address will have a good reputation on the internet, because
> will be only used by real-users to send a relatively limited amount of
> emails.
>
> That way it would be transparent for the end-user to send outgoing email
> trough Tor.
>
> If this would be in place, the Tor2web inbound SMTP feature #LINKTICKET,
> to be developed before or later, will complement this picture allowing
> full inbound/outbound SMTP email traffic.
>
>
> Beware: I'm pro-compatibility, i don't like any "let's make/use a new
> protocol, Email is dead, SMTP is dead, PGP is dead!" and i concretely
> think that we shall improve the existing internet-standards to fulfill
> new requirements, rather than create new ones.
>
>
>
More information about the tor-talk
mailing list