[Remops] Remailer Abuse Blocklist

[Len Sassaman]

How do users update your rab.blk, Bananasplit Admin? That's the original
point of the RAB -- giving users one web-based place to go to say "block
me" that will hopefully outlive the remailers, so that all remailers now
and future will honor the block.

(The original RAB may not have done challenge-response on the email; I
can't remember. This is an important feature, though, esp. for a RAB that
all remailers are using.)

... I'm not so sure it's necessary to have the remailers submitting
updates, honestly. Just focus on good end-user interaction, and security
(such as not letting spambots download that rab; the old RAB only allowed
connections from IPs of known remailers), and as you get more adoption,
remailer operators will start listing the RAB as the primary place people
should add their email address for blocking.


On Fri, 31 Aug 2007 remop at hermetix.org wrote:

> On Thu, Aug 30, 2007 at 03:22:52PM +0100, Bananasplit Admin wrote:
> > As recently discussed, I've set up a rab.blk file that can be downloaded
> > from http://www.mixmin.net/rab.blk
> >
> > Remops can now update this file directly by sending an email to
> > rab at blocklist.mixmin.net.
> >
> > * The email must be signed *inline* by a valid adminkey in order to be
> >   accepted.
>
> What about email coming from remailer addresses? It could be used
> as an authentication for getting the file (in an autoreply).
>
> > * Only email addresses are valid, no domains or regex's.  Please contact
> >   me if you'd like these added.
>
> Ideally it should support the same format as mixmaster's .blk, I guess,
> but it would also add some security issues so I'm not sure it's worth
> the risk.
>
> > Comments will be very much welcomed, this is a new service and probably
> > needs some polishing.
>
> Accepting addition from remailers addresses would facilitate adoption
> because a cron job would suffice. The signing process require human
> interaction.
> --
> Hermetix Admin
>

--Len.