Hi, A good try at solving the problem but one which requires all mail server to get onboard in the presence of established alternatives.
The proof of work system you propose doesn't address the problem of tampered email contents or if the email was wanted. It *might* prevent exits from being a source of blacklisting at exchanges. The suppression lists to which you refer aren't generated based on IP (at least not primarily). They're generated based on proof of sender authorization, proof of contents being untampered, and sender reputation (complaint, reject). I'm not certain about where you're sending your email from. > we're encountering a lot of issues related to > sending of email notification behind Tor, with > almost any email provider. Are you trying to send email from the GlobaLeaks domain? At the very least it means all mail servers on the internet would need to accept your proof-of-work as evidence of not being spam and not being tampered. Such emails could still be spam. The emails can still be tampered with by a misconfiguration of sending client (using TLS Wrapper instead of STARTTLS and being forced to fallback to insecure communications by traffic manipulation). In the end it takes more than proof-of-work for public mail servers online. They don't care if the email takes work to produce, they care about if the email is wanted in the first place and if the contents are as originally sent. They're motivated by $$$ and their reputation. If you're trying to send emails behind Tor from a domain you control you should use DKIM. Email servers online can then verify the email was both authorized and un-tampered during transit. Using DKIM won't fix your sending domain already being on a suppression list from bounces before using DKIM (and due to use of Tor). You'll still need to apply for removal from applicable suppression lists. Where it will help is to prevent your domain from being added to lists in the future. From there if you get no complaints (spam) or rejects (virus) you'll be on the road to establishing the good reputation of your domain. (I didn't see a DKIM record for GlobaLeaks using default EuroDNS selector) That just leaves one problem--mail servers who block incoming connections from tor exits the same way websites sometimes block exits. This might happen if the exchange is attacked from a Tor exit. If you meant this in your proposal I would be very concerned. The strength of Tor is in diversity. This would weaken path selection to always hold a node static for some-particular traffic. Irregardless it creates a single point of attack. Now an adversary can just watch the node(s) that handle email and correlate traffic with destination exchange. This is effectively the same question as "how to keep web-sites from blocking tor exits?". You might then be better off using DKIM and choosing a non-blocked exit (which might need to be changed depending on destination exchange). This provides proof of legitimate use of tor exits and creates incentives to unblock exits. i.e an exchange might not like the reputation of censoring GlobaLeaks --leeroy -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
