Previous Next Table of Contents

11. Anonymity

The original reason for writing premail was to provide good support for anonymous remailers. If you're not interested in sending anonymous mail, you can skip this section.

Sending anonymous mail is very similar to sending encrypted mail. Simply add the ((chain)) command to the recipient's e-mail address. Alternatively, you can add a Chain: header field, and the mail will be send anonymously to all recipients.

Even though the chain command is simple, a lot is going on under the surface. The default chain is 3, which asks that three ``good'' remailers be chosen randomly. To make sure that it makes its choice based on fresh, up-to-date information, premail downloads the remailer list and a set of PGP public keys for the remailers from the Web (the actual URLs are configuration options). After choosing the remailers, the message is multiply encrypted with the PGP public keys, and finally sent to the first remailer in the chain.

The automatic chain selection process is very good. My tests indicate that reliability is consistently above 99%. Further, the chain selection process avoids some potential problems. For example, some remailers are known not to work well in chains, probably because of incorrectly configured ``block lists.'' Also, some remailers are ``linked,'' in the sense of being hosted on the same machine, or being administered by the same person. Choosing a sequence of linked remailers wouldn't offer much security, so premail doesn't.

You can also choose the chain length. A shorter chain will be faster and more reliable, but less secure, and conversely for longer chains. For example, ((chain=5)) selects a chain of five remailers.

If this isn't enough control, you can specify the exact chain of remailers by hand. For example, ((chain=replay;jam;exon)) bounces the message around a few times outside the US.

Mixmaster chains are specified inside an additional set of parentheses. At the moment, there is no way to automatically select a chain of Mixmaster remailers, so you have to do it by hand. For example: ((chain=(replay;ecafe-mix;lcs))). You can even mix Mixmaster and type-1 remailers; for example, ((chain=(anon);1;(replay))) will sandwich one well-chosen remailer between the two Mixmaster remailers.

Extra header fields can be placed in the outgoing message by prefixing the header with ``Anon-''. A particularly common usage is an Anon-Reply-To: field, which specifies a reply-to address in the mail delivered to the recipient. The Reply-To: header field is used often enough that premail includes a default-reply-to configuration option, which automatically adds it to all anonymous messages.

The following header fields are passed through to the anonymized message, even without the Anon- prefix:

Mime-Version:
Content-Type:
Content-Transfer-Encoding:
Newsgroups:
X-Anon-To:
In-Reply-To:
References:


Previous Next Table of Contents