~ advanced techniques-anon e-mail ~
Published @ searchlores.org
in March 2003
advanced techniques-anon e-mail
damn much required reading...
Anonymous E-mail using remailers
Sending an ordinary e-mail is equivalent to the olde way of mailing a postcard through the post office. Think about this for a moment. E-mails get passed along several servers before they arrive at their final destination. There is nothing stopping the administrators of these servers from reading it if they so desire. A copy of it will be kept in all the places your mail goes through. Worse, while traveling toward its destination, unscrupulous profiteers may snag it, copy your e-mail address and begin to send you spam.
A lot of people think using free web-based e-mails such as www.Hotmail.com or www.Yahoo.com, or any of the other countless free ones they will be anonymous. How WRONG they are! First, all of the above mentioned keep excellent logs and second, they always will send your IP in the header of your message, so using them won't make you anonymous at all! Third, those places like to cooperate with the "authorities" as much as they can, and they may even monitor the e-mails. (I don't have any actual proof that they do any monitoring, I'm just speculating, it stands to reason. So what's a person to do?
Short answer: A person should learn how to use remailers to send E-mail anonymously.
If you just want to send simple E-mail anonymously (no attachments, only text) and not expect an answer, you can do that by using free Web based remailers. They are very easy to utilize, but very insecure, because the encrypting process is on the server and not on your computer. Several are available just for that purpose. Here is a list of working( at the time of this article being written) ones:
Riot Anonymous Remailer at http://riot.eu.org/anon.
Anon remailer at www.all-nettools.com/tools4.htm(uses Riot),
www.manicmail.net(needs Java on),
http://freedom.gmsociety.org/remailer/mixmaster.cgi and http://remailer-nossl.html.en. I'd definitely recommend you proxy yourself while using them. Just remember you won't be very secure, since your message will not be encrypted and everyone it goes through will be able to read it.
What is a remailer?
Let's look at ordinary e-mails for a moment first. They all carry the same From:, To:, and Subject: fields. But they also carry invisible fields that will include your e-mail server domain's name, IP address, the time and the date your e-mail was send, and any other info. These fields are called headers.
Just by their names alone, remailers should be clear to you as to what they do-they re-send E-mail. But they not only blindly re-send the mail, no sir! They also strip the headers so nobody should know where the message came from and/or who was the original sender. They make sending anonymous E-mail possible. A remailer will also pass the message along to other remailers if that's the poster wanted. From there, the message can get passed along some more, or it can go to its final destination.
A remailer is nothing more than a specialized server running a software.
A little history
Remailers started way back in 1990s. The most famous was Anon.Penet.Fi run by Johan Helsinius of Oy Penetic Ab in Findland. He wanted to create a way for individuals to express themselves freely on the Internet, without fear of reprisal or prosecution.
Unfortunately, Anon.Penet.Fi was brought down when a court ordered its operator to turn over records after the Church of Scientology claimed a Anon.Penet.Fi user was posting copyrighted information to an Internet discussion forum. Anon.Penet.Fi was shut down. Fortunately, the concept of remailers survived, and many more remailers opened up.
Types of remailers
There are two types of remailers. The first type is the older remailers known as Cypherpunk or Type I. The newer and more advanced are called MixMasters or Type II
Cypherpunk accepts messages encrypted with its publicly available PGP key. PGP is Pretty Good Privacy, the well-respected public-key encryption program which is widely available and, with a few exceptions, freeware. Users encrypt their clear-text, outgoing message with the Cypherpunk remailer's public key. This can be done with any text editor like Notepad and a properly installed version of PGP. There is a particular message format to follow, one that the remailer software can understand.
The building of a Mixmaster message cannot be done with a text editor, so a special client software is required. Some popular (and free) packages are Quicksilver, Potato, Jack B. Nymble, etc. I will detail how to use them bellow.
Remailers need a bit of extra work and preparation on your part before you can utilize them. Here's a list of the steps you need to take:
1. Download PGP(Pretty Good Privacy) encryption software, install it, learn how to use it and create your set of PGP keys.
This way nobody, not even the remail operators will be able to read your message. You have a choice if either getting the free older version 6.2 from MIT, or the newer version. Teaching you how to use PGP is beyond the scope of this article, but you can easily find a PGP tutorial on the Internet.
2. Decide if you want to use Type I(Cypherpunk) or Type II(Mixmaster) remailer. To use a Cypherpunks works with PGP or OpenPGP from http://www.openpgp.org compatible. Remember, for Mixmaster you will also have to download and configure an application package. Here's some of them:
3. Find a working remailer. Several sites keep and constantly update a fresh list of working remailers. The best is by The Electronic Frontier Georgia (EFGA) at http://anon.efga.org/Remailers. The list is updated every day, so you should be able to obtain the mots current list and their reliability rating. Another list of current remailers is kept at:
It's a good idea to choose a remailers that's NOT in your home country..;-)
4. Evaluate the remailer by looking at its reliability statistics. Anything bellow 90% is not reliable. On this site you can find the public keyrings or type II remailers (Mixmaster) in a secure connection:
There are many sites that offers statistics and public keyrings; for a complete index you can look at http://www.privacyresources.org/frogadmin/Pingers.html or the Computer Cryptology's Comparison at
Updated statistics can be found at:
Cmeclax (Shinn mirror)
5. Create a nym for yourself. Good place to use is Nym.Alias.Net. Very detailed instructions can be found at: http://riot.eu.org/anon/doc/nym.html#INSTRUCTIONS_FOR_NYM_ALIAS_NET. The main FAQ is at http://riot.eu.org/anon/doc/nym.html.
Once the programs are installed and configured, you must periodically download (at least once a day) the public keyrings and the reliability statistics of any remailer.
Remailer commands and fields
Remailers all use the same basic commands:
anon-to: Anonymous remailing
anon-post-to: Anonymous posting the news groups(Usenet)
cutmarks: Discards everything bellow the designate line
encrypted: PGP Tells the remailer it must encrypt the message with PGP
encrypt-key: Encrypts message with PGP using conventional encryption
latent-time: Allows time delays to be programmed into the message
# # Pastes new headers to the remailed message
null Instructs the remailer to discard the message
To send a message and be sure it gets delivered you need to properly format it. An example:
On the first line of the message you put two colons like this ::. On the next line you print the remailer command "anon-to", followed by the e-mail address of the person receiving the mail. For example:
Skip the next line and then begin typing your message. When the remailer receives your message, it will remove the header information and forward the rest of your message on to the address on the "anon-to:" line.
Because the remailers remove the headers, they also delete the subject line of the message. If you want to include a subject line, you do this by using the # # remailer command and placing a subject on the following line. For example:
Subject: This is an anonymous e-mail message to you.
Some free web e-mail places such as Yahoo add a tag line at the end of each e-mail advertising their services. The Yahoo looks like this:
Do you Yahoo?
Fortunately remailers solve this problem with the cutmark command. The cutmark command instructs the remailer to remove everything from the line beginning with a chosen symbol used at the cutmarks command and everything after. In this example, == were chosen.
this line will be included in your message
this line will be removed because it follows the remarks
As mentioned above the latent command will delay a message for certain amount of time before it is delivered to the next remailer. This will confuse and prevent somebody from tagging you and comparing the times you are logged to your e-mail server with the times an anonymous e-mail is received. It also lets you delay messages in order to be somewhere else when the message is received. For example:
will delay the delivery of the message from the remailer for 3 hours from the time it was received by the remailer. It is also possible to add a random factor to the latent command, by using the "r" letter after the time. latent-time: +3:00r will deliver the message at a random time after it was received by the remailer.
Let's now look at a properly formatted message using the various commands we discussed so far:
Subject: This is the info you requested.
This is the text of your message. it will be delayed up to 2
hours from the time it was received by the mix@remailer and
later forwarded to email@example.com.
Remember, there is an empty line between then remailer commands
and the body of your message.
This text is below the cutmarks, so it will be removed
from the remailed message.
Using PGP with remailers
PGP encryption is an important part of remailing, because PGP increases the security and anonymity of your e-mail communicating. Even if somebody is monitoring your e-mail as it leaves your PC, it will be impossible for them to read the content of your e-mails or to determine to whom the messages are being send if the messages are encrypted. PGP has a bit of a steep learning curve at first, and many novices get confused with it. Just remember the basics: you produce 2 sets of keys, a public key for a friend to open your e-mail and private key for you to encrypt your mail with. You send your friend the public key. Then you collect corresponding public keys from remailers and from friends, and place those on a "keyring". Let's now go over the steps for using PGP with remailers. I'd assume you have prepared your PGP keys, and collected the PGP keys from remailers you plan to use.
Repair your message to be send, as explained above. Now encrypt it with the remailer's public PGP key. Type the encrypted PGP command into your e-mail text window and use cut and paste to paste your encrypted message bellow it.
---------BEGIN PGP MESSAGE--------
---------END PGP MESSAGE----------
When the remailer receives your message, it will un-encrypt it, and follow the instructions you specified. Some remailer only accept encrypted messages.
Remailers can be chained, just like proxies. This will further make tracking the original sender of a message very difficult, almost impossible. It is advisable to use remailers located in several countries.
To chain remailers, simply prepare the message as if it will be send through a single remailer. Then begin inserting remailer addresses above the address of the final recipient. Here's an example:
Subject: Anonymous email
This anon email has been send through several remailers.
Finally, here are some remailers that were up at the time of this article:
- squirrel firstname.lastname@example.org (Germany)
- swiss email@example.com
- hyper firstname.lastname@example.org (Poland)
- lcs email@example.com (USA)
- mccain firstname.lastname@example.org (England)
- bpm email@example.com
- widow firstname.lastname@example.org
Here are some good links if you want to learn more about e-mail remailers: http://www.replay.com/remailer/anon.html
can a good list of e-mail remailers can be found on:
You can find many many Anonymous Remailers at http://www.theargon.com.
This article only dealt with sending anonymous E-mail. The same concepts are used to post anon on Usenet too(since Usenet shares the same basic principles), but that subject is a lot more complicated and requires a whole article of its own.
(c) III Millennium: [fravia+], all rights
reserved, reversed, revered