Anonymous Remailers

This is the fifth in a series of arti­cles on read­ing inter­net mes­sage head­ers. If you haven’t already done so, please read the pre­vi­ous arti­cles: Read­ing Inter­net Mes­sage Head­ers, Where’d That Email Come From?, So It Came From a Mail­ing List — Where Did It Come From Before That?, and Track­ing the Trolls: Usenet Head­ers.

Anony­mous remail­ers are sys­tems that per­mit users to send, and some­times to receive, email while hid­ing the user’s iden­tity. Some of the anony­mous remail­ers also offer mail to news gate­ways, so that their users can make truly anony­mous posts to usenet. The admin­is­tra­tors of such sys­tems either do not keep access logs, or delib­er­ately con­fig­ure their sys­tem so as to make it dif­fi­cult to deter­mine the iden­tity of the user send­ing the email or news­group mes­sages. Anony­mous remail­ers do have legit­i­mate uses, such as pro­vid­ing a safe way for vic­tims of abuse to par­tic­i­pate in sup­port forums with­out reveal­ing their iden­tity. Unfor­tu­nately, they have far more less legit­i­mate uses, and from what I’ve seen 99% of the use of these ser­vices is for ille­gal or abu­sive activ­ity. The head­ers of almost any mes­sage posted through an anony­mous remailer will give you instruc­tions on who to con­tact regard­ing abuse of the service.

While you can use the same tech­niques I’ve out­lined in pre­vi­ous arti­cles to read the head­ers of anony­mous email and usenet mes­sages, it won’t do you much good — you’ll just learn what ser­vice was used to send the mes­sage, and who to con­tact regard­ing abuse of the ser­vice. The mes­sages can be traced in some cases — but it usu­ally takes seri­ous law enforce­ment involve­ment to do it. It has been done, but I’m only aware of that hap­pen­ing in cases that are of par­tic­u­lar inter­est to gov­ern­ment or big indus­try parties.

On the plus side, most anony­mous gate­ways are set up so that only one mes­sage at a time may be sent through them, which means that they are extremely imprac­ti­cal for use by spam­mers. On the minus side, peo­ple who want to send harass­ing mes­sages absolutely love these ser­vices. I have found that most server admin­is­tra­tors will block your address so that you will not receive mes­sages from their server if you request it — but there are a lot of anony­mous servers out there, you have to find each of them and make the requests one by one, and new servers pop up every day.

If you’re hav­ing a prob­lem with mes­sages sent through anony­mous servers, I sug­gest that you do con­tact law enforce­ment if the mes­sages are overtly threat­en­ing. Oth­er­wise, con­tact the server’s admin­is­tra­tor and have her block your address from her sys­tem. You can also use var­i­ous fil­ter­ing tools, like proc­mail or Spam­Cop, to keep all unwanted mes­sages from reach­ing you.

If you want to learn more about anony­mous remail­ers and how they work — from some­one far more pos­i­tive about them than I am — try Andre Bacard’s Anony­mous Remailer FAQ.

For the curi­ous, here’s an exam­ple of a mes­sage posted to usenet through one anony­mous service:

Path: typhoon.southeast.rr.com!cyclone.southeast.rr.com!newsfeed2.skycache.com!
newsfeed.skycache.com!Cidera!skynet.be!newsfeeds.belnet.be!news.belnet.be!nmaster.
kpnqwest.net!newsfeed.Austria.EU.net!anon.lcs.mit.edu!nym.alias.net!mail2news
Date: Tue, 28 Nov 2000 22:45:43 -0600
From: No User <no.user@anon.xg.nu>
Comments: This message did not originate from the Sender address above.
	It was remailed automatically by anonymizing remailer software.
	Please report problems or inappropriate use to the
	remailer administrator at <abuse@anon.xg.nu>.
Subject: Re: Atlanta police
References: 3a236b2a.91029379@news
Newsgroups: alt.fandom.cons
X-No-Archive: No
Message-ID: <f0b24cdc9996fdcbb1ae271c9a0e0880@anon.xg.nu>
Mail-To-News-Contact: postmaster@nym.alias.net
Organization: mail2news@nym.alias.net
Lines: 7
Xref: cyclone.southeast.rr.com alt.fandom.cons:10311

And the fol­low­ing is an exam­ple of a mes­sage sent to one of my email addresses via another anony­mous remailer:

Return-Path: <mixmaster@remailer.privacy.at>
Delivered-To: usenet@technomom.com
Received: (qmail 11992 invoked from network); 1 Dec 2000 21:31:56 -0000
Received: from unknown (HELO remailer.privacy.at) (193.81.245.43)
  by zeus.larp.com with SMTP; 1 Dec 2000 21:31:56 -0000
Received: (from mixmaster@localhost)
	by remailer.privacy.at (8.8.8/8.8.8) id WAA06020;
	Fri, 1 Dec 2000 22:40:02 +0100
Date: Fri, 1 Dec 2000 22:40:02 +0100
From: Anonymous <nobody@remailer.privacy.at>
Comments: This message did not originate from the Sender address above.
	It was remailed automatically by anonymizing remailer software.
	Please report problems or inappropriate use to the
	remailer administrator at >abuse@remailer.privacy.at>.
To: usenet@technomom.com
Subject: Re: Spam targeted to people who post here?
Message-ID: <bd600638a9468921d4a4f59d6e9bb488@remailer.privacy.at>

While I can’t tell from those head­ers who sent the orig­i­nal mes­sage, they do tell me to report prob­lems to abuse@remailer.privacy.at. When I wrote to that address, I received a mes­sage explain­ing how to have my address blocked from receiv­ing fur­ther mes­sages from this remailer (which I did, for my addresses and those of the rest of the fam­ily). That is, in fact, what I do every time I find out about any remailer I haven’t seen before, as a pre­emp­tive strike due to past problems.

That’s it for our series. You should be able to fig­ure out the ori­gin of most mes­sages on your own now. If you can’t fig­ure out a par­tic­u­lar mes­sage, how­ever, try using Spam­Cop for spam or ask­ing for help through Work­ing to Halt Online Abuse if it’s a harass­ing or threat­en­ing message.

Orig­i­nally pub­lished Feb­ru­ary 17, 2001

Leave a Reply

Comments links could be nofollow free.