The Anonymous Remailer Page

A Down And Dirty Tutorial

Section II: EMail, The Spy In Your Computer

Back To Main Index

1. Fun With EMail Headers

As anyone who's got more sense than an educated doorknob can tell you, email is about as secure as the Top Secret nuke lab at Los Alamos, which is to say you'd just as well be putting your stuff up on a billboard somewhere. YOU know that, or you wouldn't be into PGP. You are into PGP, right? That's one of the prerequisites for this little project I mentioned in the last section.

Anyhow, PGP persons (that would be me and you) understand that unencrypted email is public email.

So far, so good. We all encrypt our email to protect our privacy. What isn't widely known is that the message contained in the email isn't the only data that might get you wrapped around the axle, subject you to spam attacks, and generally run roughshod over your privacy. As you may or may not know, all email has "header" information. Even if you do know it, odds are you didn't realize what all it discloses.

Let's take, for example, the header information from a piece of email sent through "Yahoo" mail. Now, you'd think that since you can set up a Yahoo mail account on a whim, use phony information, and be sending email under an address that has nothing to do with you on a moment's notice, that you're pretty well covered on the anonymity front, right?

Well, let's see how well covered the following email, sent to me by "" really is. This is the entire email, including all headers:
Received: (cpmta 9509 invoked from network); 22 Oct 2000 22:54:11 -0700
Received: from (
  by ( with SMTP; 22 Oct 2000 22:54:11 -0700
X-Received: 23 Oct 2000 05:54:11 GMT
Received: (qmail 4988 invoked by uid 60001); 23 Oct 2000 05:54:11 -0000
Message-ID: <>
Received: from [] by; Mon, 23 Oct 2000 02:54:11 PDT
Date: Sun, 22 Oct 2000 22:54:11 -0700 (PDT)
From: El Phony <>
Subject: An Email
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Status: U
X-PMFLAGS: 34078848 0 1 P49240.CNM

Betcha can't track this!
Now, note particularly the line I've got highlighted in red. This line, and all the lines above it, are tracking information that lists every place the email has been, all the way from the originating machine, right to my mailbox.

The "red" line includes the following information: The IP address of the originating machine ( and the date and time of transmission (22 Oct 2000 22:54:11 PDT). A little work reveals that IP registers to:
Comp u wise (NETBLK-SPRINT-C644D2-1)
   1504 Hwy 51
   Decatur, TX 76320

   Netname: SPRINT-C644D2-1
   Netblock: -

      Burdick, Michele  (MB673-ARIN)  chelle@MORGAN.NET
No, I'm not going to tell you how to go about this. Trust me, it's pretty simple, but this isn't that kind of tutorial. Maybe another day.

So, what have we learned? First, we now know that the ISP is controlled out of Decatur, TX, and even better, we have the address and phone number of the Coordinator. Now all we have to do is drop a little appropriate paperwork on her, including the date and time of transmission, and she'll cough up the customer information for whoever was using that IP at that date and time. Congratulations! Yerrrrr BUSTED!

Now if li'l ol' me can do it, trust me, Channel 4's crack investigative news team can do it. So much for web-based mail anonymity - you're the lead story tonight.

Tonight on News 4 at Nine! EXPOSED! Investigative Reporter Antonia Fernwhistle looks into the twisted underground culture of Armpit Fart Music! And you'll never guess the SHOCKING TRUTH: Which local pillar of the community is a regular contributor to the national organization's newsletter and web page? See our exclusive coverage TONIGHT only on 4 at 9!

2. Getting Rid Of EMail Headers

So, clearly email headers are a problem. More accurately, they are THE problem. What to do?

Well, you can arrange it so that your machine doesn't produce any email headers. This works really well, mostly because without headers the email doesn't go anywhere, so you won't actually be sending anything at all. Of course, not actually sending your stuff out onto the internet is the MOST secure way to retain your anonymity, however, it does put something of a crimp on actually communicating with other people, which kinda defeats the purpose.
PLEASE NOTE: If you are actually considering this method, you are WAY too stupid to be reading this in any event, and should go away now. Thank you for your cooperation.
Still here? Congrats. OK, let's rethink this. We want headers, since we actually want the email or the article to go somewhere. What we DON'T want is our headers on the stuff.

Simple Solution: If you've got a really good buddy, you can send the email to him. Following your instructions, he can take the body of the mail and re-send it as new mail from his machine to its final destination. That way, the mail has his headers on it, not yours. Your email to him would say something like: "Yo, Spike! Remail the following to Thanks, you're a pal!" and would be followed up by the message that you want sent to

Of course, this also means that you have to trust your buddy to not give you up when "they" track him down.

What, are you brain damaged? Is this not the same guy who sold you out to your ex-girlfriend that night for a cold beer, who in fact has been rolling over on you since that time he squealed to your mom about what really happened to the goldfish when you were both 8 years old? As I recall, this is the guy you once described as having the intestinal fortitude of a frightened rabbit, and who literally crapped his chaps that time the cops showed up trying to find out who owned the keg. Yeah, now there's a good bet as an anonymity firewall. He's got your back.

But wait. Before you get discouraged and begin kicking yourself over your lifelong history of shoddy choices in the "friends" department, let's think about this. There's really nothing wrong with the basic idea. You just need someone who's not as terminally useless as your buddy (you really MUST get new friends, by the way) and/or who can't give you up, because they don't know who you are, to take care of this header stripping and remailing that you need done.

How cool would THAT be? Very cool, as it turns out. There are actually people and/or organizations that do exactly that.

3. Introducing The Concept of Truly Anonymous Remailers

Out in the freewheeling world of cyberspace, privacy and anonymity are major issues, and, as with anything else you can think of, there are people and organizations dedicated to very little else either (a) because they strongly believe in it or (b) because they like screwing with The Man just for something to do in their spare time or (c) someone told them they couldn't do it.

Their motivations are pretty much immaterial. The bottom line is they exist, and you can use them for your own nefarious purposes.

They do what you wanted your buddy to do. They forward mail without any of your headers. Putting it in terms of a paper letter (you remember paper, don't you, from before computers, the mashed tree pulp you made marks on?), you write a letter, put it in a blank envelope with nothing but the address of the recipient on it. Then you put THAT envelope into another envelope addressed to the remailer. The remailer opens the first envelope and throws it away, then drops the second envelope into the mail. Your correspondent gets mail with a postal stamp from, oh, say Sri Lanka, instead of from your hometown.

This is pretty darned anonymous, yeah? Want to increase the anonymity even further? Stick the whole shebang into yet another envelope, and send it to yet another remailer. Remailer #1 opens the envelope and throws it away, takes the envelope addressed to remailer #2, and tosses it into the mail for you. Remailer #2 opens the envelope addressed to them, which contains the final addressed envelope, and tosses the final envelope into the mail, which goes to your intended recipient. This is called "chaining", and is useful because it means you don't have to trust one - both have to be compromised at the same time to track you.

Now, put all the above into email terms, substituting PGP for "envelope":
  1. Type your message.
  2. Add instructions that tell a remailer where to send it.
  3. Encrypt the whole shebang with PGP, using the remailer's public key.
  4. Email it to the remailer.
  5. Remailer "opens the envelope" by decrypting the PGP message using their private key, resulting in the text of the message plus your instructions. Since you've encrypted it to them, no one but them on the planet can decrypt it, so if you screw up and send it to the wrong place, all that's received is unintelligible garbage.
  6. Remailer uses your instructions to send the text to the recipient using the remailer's headers.
  7. Remailer immediately destroys all logs and traces of the transaction.
To "Chain" the remail, just to be sure do exactly the same thing, adding a couple of steps:
  1. Type your message.
  2. Add instructions that tell Remailer #2 where to send it.
  3. Encrypt the whole shebang with PGP, using Remailer #2's public key.
  4. Add instructions that tell Remailer #1 to send it to Remailer #2.
  5. Encrypt it all with PGP, using Remailer #1's public key.
  6. Email it to Remailer #1.
  7. Remailer #1 "opens the envelope" by decrypting the PGP message using their private key, which pops out the PGP message encrypted with Remailer #2's key plus your instructions to send it to Remailer #2.
  8. Remailer #1, following your instructions, sends it along to Remailer #2.
  9. Remailer #2 "opens the envelope" by decrypting the PGP message using their private key, which produces the text of the message plus your instructions to send it to the recipient.
  10. Remailer uses your instructions to send the text to the recipient using the remailer's headers.
  11. All remailers immediately erase all logs and traces of the transaction.
It's just an envelope within an envelope within an envelope. Cool, yeah?

Now, right in here somewhere, there's always someone who asks whether you could chain it through three remailers. Yup. In fact, you can chain it through any number, however, keep in mind that remailers aren't 100% reliable, so the more you chain it through, the higher the chances are that your message is going to get flushed altogether. Generally, a chain of three is about as far as I'd care to push it. With four or more, you're just begging for lost mail.

Besides, if your adversary has the capability to track you through three remailers, AND hack multiple PGP encryptions, you've got lots bigger problems than anonymous email. We're talking no-bullshit, Enemy Of The State, multi-billion dollar, Federal Alphabet Agency, Ultra-Classification, Men In Black, Make You Disappear And Never Be Heard From Again stuff, and frankly, I'd be pretty astounded if even THEY could pull it off. If you're playing the game at that kind of level, they already know who you are and, with the proper utilization of electrical current and certain edged tools, will no doubt obtain your full cooperation without mucking about trying to track some piss-ant email. I'll gar-on-tee that no one at any level that us regular humans ever deal with can do it.

4. Finding Available Remailers And Translating Their "Statistics"

Peachy. There are remailers out there, and they'll do what you want (get rid of your email headers). So, then, where are they and how can you find them?

First, you can get on your favorite search engine (Yahoo! or whatever) and tell it to find "Remailer Stats". This will pop up a buttful of hits which will link you to to so-called "Remailer Statistics" pages. These pages are generally automatically updated, and their purpose is to give you an idea how reliable a given remailer is, and what the capabilities of the various remailers are. You can also click on any of the following links. These seem to be fairly reliable, but, as with all remailer stuff, may come and go. If one doesn't work, try another.

OK, lets give it a shot, and see if we can come up with anything useful. Click on one of the following links. It should open a new page in your browser. If you hit a dead link, try another. Once you get one of them running, come back here and we'll go through the pages and explain what you've found. Got one running? If you do, you will notice that they all have links to two types of remailers. The first type are so-called "Cypherpunk" remailers, or "Type 1 Remailers". The second type are "Mixmaster" remailers, or "Type 2 Remailers". Type 2 remailers are somewhat more secure than the Type 1 (Cypherpunk) remailers for a variety of reasons that I don't want to get into yet. Perhaps later. For now, we're going to discuss TYPE 1 (CYPHERPUNK) REMAILERS ONLY. From here on out, when I say "remailer," I mean a Type 1 remailer. Once you learn how to use Type 1's, then you can move up to Mixmaster remailers.

Go back to the remailer page you should now have open and click on the link that will take you to the "Type 1" or "Cypherpunk" or whatever they're calling the not-Mixmaster page.

If you've done this correctly, you should be looking at a page that says "Remailer List". It is divided into several sections. The first section that we're interested in is the one that has a whole batch of lines that look like this:
$remailer{"austria"} = " cpunk mix pgp pgponly remix latent hash cut test ek ekx esub inflt50 rhop20 reord klen100";
Got it? Good, let's proceed. This section tells you what the capabilities of each of the remailers are. If you scroll down to the "Options and Features" part of the page, it will translate all that garbage. Most of it will make no sense for the moment, but feel free to take a look, then come back here.

OK, the second part that we have an interest in is another batch of lines. This one looks different:

Last update: Wed 22 Nov 100 8:39:19 PST
remailer  email address                        history  latency  uptime
noisebox   ***++++++++*    22:40  99.99%
austria    *****+**+*+*    10:53  99.99%
( of the list omitted....)
This chunk of the page tells you what the "History" of each remailer is. Again, if you scroll down, you'll find a legend that translates all the "history" junk. The parts that we are interested in are:
  1. The "Last update:" line. See below for further, but this should be within the last 12 hours, preferably less.
  2. The names of the remailers (noisebox and austria in the above example).
  3. The email addresses of the remailers.
  4. The "Latency" of the remailers. "Latency" is how long a remailer holds onto a message on average before it sends it along. In the above example, "austria" tends to hold onto messages for 10 minutes 53 seconds, on average, before sending them along.
  5. The "Uptime" of the remailers. Both of these are pretty reliable, being up 99.99% of the time. Obviously, you want to use the most reliable you can get.
Note that these statistics change all the time. A remailer may be 100% reliable for weeks at a time, then suddenly drop to about 5% for no apparent reason. New remailers appear, and old ones disappear. Not surprising, considering that most of these are run on a shoestring by whoever happens to have an interest in loading the remailer software onto a machine and putting it up on the net. That's why it's important that you check one of these pages periodically. They are updated VERY frequently. The "Last Update:" line you see just above the statistics [above] should be within the last 12 hours, and preferably less.

OK, the final thing you want to find on the page is a link to "PGP Keys". Clicking on it will take you to a page with an enormously long PGP key block. Import it to your keyring, and you have the public keys for all the remailers.

SIDE NOTE IF YOU DON'T KNOW HOW TO IMPORT PGP KEYS: Tough. I TOLD you that you'd need to be familiar with it, and I have no intention of getting into a PGP tutorial, thanks. If this is you, stop here. Go back and learn PGP and come back later. From here on out, PGP is going to be a big feature, and I won't be stopping for many explanations.
So, now you have the PGP Public Keys for the remailers and their email addresses. That's pretty much all you need to get started. Now, how do you go about using all of it? For that, proceed on to Section III: Using A Remailer. You should probably leave the remailer list open or bookmark it so you can get back to it in a hurry.

Back To Top
Back To Main Index
1998 - 2003 All Rights Reserved