Anonymous E-Mail Using Remailers

by angelazaharia

Sending an ordinary e-mail is equivalent to the old way of mailing a postcard through the post office.

Think about this for a moment.  E-mails get passed along several servers before they arrive at their final destination.  There is nothing stopping the administrators of these servers from reading them if they so desire.  A copy of your e-mail will be kept in all the places your mail goes through.  Worse, while traveling toward its destination, unscrupulous profiteers may snag it, copy your e-mail address, and begin to send you spam.

A lot of people think that by using free web-based e-mail services such as Hotmail, Yahoo!, or any of the other countless free ones they will be anonymous.  How wrong they are!

First, all of the above mentioned keep excellent logs.

Second, they always will send your IP in the header of your message, so using them won't make you anonymous at all!

Third, those places like to cooperate with the "authorities" as much as they can, and they may even monitor the e-mails.  (I don't have any actual proof that they do any monitoring, I'm just speculating.  It stands to reason.

So What's a Person To Do?

Short answer: A person should learn how to use remailers to send e-mail anonymously.

If you just want to send simple e-mail anonymously (no attachments, only text) and not expect an answer, you can do that by using free web-based remailers.  They are very easy to utilize, but very insecure because the encrypting process is on the server and not on your computer.

Several are available just for that purpose.  Here is a list of working (at the time of this article being written) ones:

• riot.eu.org/anon
• www.all-nettools.com/tools4.htm
• www5.tripnet.se/~brodd/anonmail.html
• www.oldmadison.com/anon.htm
• www.manicmail.net
• www.gilc.org/speech/anonymous/remailer.html
• freedom.gmsociety.org/remailer/mixmaster.cgi

I'd definitely recommend you proxy yourself while using them.

Just remember you won't be very secure since your message will not be encrypted and everyone it goes through will be able to read it.

What is a Remailer?

Let's look at ordinary e-mails for a moment first.

They all carry the same From:, To:, and Subject: fields.  But they also carry invisible fields that will include your e-mail server domain's name, IP address, the time and the date your e-mail was sent, and other info.  These fields are called headers.

Just by their names alone, remailers should be clear to you as to what they do - they re-send e-mail.  But they not only blindly re-send the mail, no sir!

They also strip the headers so nobody should know where the message came from and/or who was the original sender.  They make sending anonymous e-mail possible.  A remailer will also pass the message along to other remailers if that's what the poster wanted.  From there, the message can get passed along some more, or it can go to its final destination.

A remailer is nothing more than a specialized server running software.

A Little History

Remailers started way back in the 1990s.

The most famous was anon.penet.fi run by Johan Helsingius of Oy Penetic Ab in Finland.  He wanted to create a way for individuals to express themselves freely on the Internet, without fear of reprisal or prosecution.

Unfortunately, anon.penet.fi was brought down when a court ordered its operator to turn over records after the Church of Scientology claimed a user was posting copyrighted information to an Internet discussion forum.  anon.penet.fi was shut down.

Fortunately, the concept of remailers survived, and many more remailers opened up.

Types of Remailers

There are two types of remailers.

The first type are the older remailers known as Cypherpunk or Type I.  The newer and more advanced are called Mixmasters or Type II.

Cypherpunk accepts messages encrypted with its publicly available PGP key.  PGP is Pretty Good Privacy, the well-respected public-key encryption program which is widely available and, with a few exceptions, freeware.

Users encrypt their cleartext outgoing message with the Cypherpunk remailer's public key.  This can be done with any text editor like Notepad and a properly installed version of PGP.  There is a particular message format to follow, one that the remailer software can understand.

The building of a Mixmaster message cannot be done with a text editor, so special client software is required.  Some popular (and free) packages are QuickSilver, Reliable, Jack B. Nymble, etc.  I will detail how to use them below.

Preparation Steps

Remailers need a bit of extra work and preparation on your part before you can utilize them.

Here's a list of the steps you need to take:

1.)  Download PGP (Pretty Good Privacy) encryption software, install it, learn how to use it, and create your set of PGP keys.  This way nobody, not even the remailer operators will be able to read your message.  You have a choice of either getting the free older version from MIT or the newer version.  Teaching you how to use PGP is beyond the scope of this article, but you can easily find a PGP tutorial on the Internet.

2.)  Decide if you want to use a Type I (Cypherpunk) or Type II (Mixmaster) remailer.  Cypherpunk versions work with PGP or OpenPGP from www.openpgp.org.  Remember, for Mixmaster you will also have to download and configure an application package.  Here are some of them:

• Mixmaster  (DOS/UNIX/MacOS X)
• Reliable  (Windows 95/98/NT)
• QuickSilver  (Windows 95/98/NT)
• Jack B. Nymble  (Windows 95/98/NT)
• Mixfit  (MacOS)
• PGP International
• GnuPG

3.)  Find a working remailer.  Several sites keep and constantly update a fresh list of working remailers.  The best is by Electronic Frontiers Georgia (EFGA) at anon.efga.org/Remailers.  The list is updated every day, so you should be able to obtain the most current list and their reliability rating.  Another list of current remailers is kept at: www.publius.net/rlist.html.  It's a good idea to choose a remailers that's not in your home country!

4.)  Evaluate the remailer by looking at its reliability statistics.  Anything below 90 percent is not reliable.

On this site you can find the public keyrings or Type II remailers (Mixmaster) in a secure connection:

• riot.eu.org/anon/pubring.mix  (insecure pubring.mix)
• riot.eu.org/anon/type2.list  (insecure type2.list)
• riot.eu.org/anon/pubring.asc  (insecure pubring.asc)

There are many sites that offer statistics and public keyrings.

For a complete index you can look at All Pingers' Index or the Computer Cryptology's Comparison at www.eskimo.com/~turing/remailer/stats or www.noreply.org/meta.

Updated statistics can be found at:

• EFGA
• Shinn
• FarOut
• Frog
• Austria
• Computer Cryptology
• Cmeclax  (Shinn mirror)

5.)  Create a nym for yourself.  A good place to use is Nym.Alias.net.  Very detailed instructions can be found at: riot.eu.org/anon/doc/nym.html

Once the programs are installed and configured, you must periodically download (at least once a day) the public keyrings and the reliability statistics of any remailer.

Remailer Commands and Fields

Remailers all use the same basic commands:

• anon-to:  Anonymous remailing.
• anon-post-to:  Anonymous posting to newsgroups (USENET).
• cutmarks:  Discards everything bellow the designate line.
• encrypted: PGP  Tells the remailer it must encrypt the message with PGP.
• encrypt-key:  Encrypts message with PGP using conventional encryption.
• latent-time:  Allows time delays to be programmed into the message.
• ##  Pastes new headers to the remailed message.
• null  Instructs the remailer to discard the message.

To send a message, and be sure it gets delivered, you need to properly format it.  An example:

From: your-email@example.com To: remailer@address.com

On the first line of the message, you put two back-to-back colons like this: ::

On the next line, you print the remailer command anon-to:, followed by the e-mail address of the person receiving the mail.

For example:

:: anon-to: recipient@example.org

Skip the next line and then begin typing your message.

When the remailer receives your message, it will remove the header information and forward the rest of your message on to the address on the anon-to: line.

Because the remailers remove the headers, they also delete the subject line of the message.

If you want to include a Subject: line, you do this by using the ## remailer command and placing a subject on the following line.

For example:

## Subject: This is an anonymous e-mail message to you.

Some free web e-mail places such as Yahoo! add a tag line at the end of each e-mail advertising their services.  The Yahoo! one looks like this:

----------------------- Do you Yahoo?

Fortunately, remailers solve this problem with the cutmark command.

The cutmark command instructs the remailer to remove everything from the line beginning with a chosen symbol.

In this example, == was chosen.

cutmark: == This line will be included in your message. == This line will be removed because it follows the remarks.

As mentioned above, the latent-time command will delay a message for a certain amount of time before it is delivered to the next remailer.

This will confuse and prevent somebody from tagging you and comparing the times you are logged on to your e-mail server with the times an anonymous e-mail is received.  It also lets you delay messages in order to be somewhere else when the message is received.

For example:

latent-time: +3:00

This will delay the delivery of the message from the remailer for three hours from the time it was received by the remailer.  It is also possible to add a random factor to the latent command, by adding an r after the time.

latent-time: +3:00r

This will deliver the message at a random time after it was received by the remailer.

Let's now look at a properly formatted message using the various commands we discussed so far:

From: your-email@example.com To: mix@remailer.com :: anon-to: recipient@example.org cutmark: == latent-time: +3:00 ## Subject: This is an anonymous e-mail message to you. This is the text of your message. It will be delayed up to two hours from the time it was received by the mix@remailer and later forwarded to recipient@example.org. Remember, there is an empty line between the remailer commands and the body of your message. == This text is below the cutmarks so it will be removed from the remailed message.

Using PGP With Remailers

PGP encryption is an important part of remailing because PGP increases the security and anonymity of your e-mail communicating.

Even if somebody is monitoring your e-mail as it leaves your PC, it will be impossible for them to read the content or to determine who the messages are being sent to if the messages are encrypted.

PGP has a bit of a steep learning curve at first, and many novices get confused with it.  Just remember the basics: you produce two sets of keys, a public key for a friend to open your email and a private key for you to encrypt your mail with.  You send your friend the public key.  Then you collect corresponding public keys from remailers and from friends and place those on a "keyring."

Let's now go over the steps for using PGP with remailers.  I'll assume you have prepared your PGP keys and collected the PGP keys from remailers you plan to use.

Prepare your message to be sent as explained above.

Now encrypt it with the remailer's public PGP key.

Type the encrypted: PGP command into your e-mail text window and use cut-and-paste to paste your encrypted message below it.

:: encrypted: PGP -----BEGIN PGP MESSAGE----- -----END PGP MESSAGE-----

When the remailer receives your message, it will un-encrypt it and follow the instructions you specified.  Some remailers only accept encrypted messages.

Chaining Remailers

Remailers can be chained, just like proxies.

This will further make tracking the original sender of a message very difficult - almost impossible.  It is advisable to use remailers located in several countries.

To chain remailers, simply prepare the message as if it will be sent through a single remailer.  Then begin inserting remailer addresses above the address of the final recipient.

Here's an example:

From: your-email@example.com To: first-remailer@first-remailer.com :: anon-to: second-remailer@second-remailer.com :: anon-to: third-remailer@third-remailer.com :: anon-to: recipient@example.org ## Subject: Anonymous email This anon email has been sent through several remailers.

Finally, here are some remailers that were up at the time of this article:

• Squirrel: mix@squirrel.owl.de  (Germany)
• mix@remailer.ch (Switzerland)
• Hyper: mix@hyperreal.art.pl  (Poland)
• LCS: mix@anon.lcs.mit.edu  (USA)
• McCain: mccain@notatla.demon.co.uk  (England)
• BPM: mix@bpm.ai
• Widow: mix@wol.be  (Belgium)

A couple of good links if you want to learn more about e-mail remailers are www.sendfakemail.com/~raph/remailer-list.html and www.theargon.com.

This article only dealt with sending anonymous e-mail.

The same concepts are used to post anonymously on USENET too (since USENET shares the same basic principles), but that subject is a lot more complicated and requires a whole article of its own.