Menu Close

Anonymous Remailers

This is the fifth in a series of arti­cles on read­ing inter­net mes­sage head­ers. If you haven’t already done so, please read the pre­vi­ous arti­cles: Read­ing Inter­net Mes­sage Head­ers, Where’d That Email Come From?, So It Came From a Mail­ing List — Where Did It Come From Before That?, and Track­ing the Trolls: Usenet Head­ers.

Anony­mous remail­ers are sys­tems that per­mit users to send and some­times receive email while hid­ing the user’s iden­ti­ty. Some of the anony­mous remail­ers also offer mail to news gate­ways so that their users can make tru­ly anony­mous posts to Usenet. The admin­is­tra­tors of such sys­tems either do not keep access logs or delib­er­ate­ly con­fig­ure their sys­tem so as to make it dif­fi­cult to deter­mine the iden­ti­ty of the user send­ing the email or news­group mes­sages. Anony­mous remail­ers do have legit­i­mate uses, such as pro­vid­ing a safe way for vic­tims of abuse to par­tic­i­pate in sup­port forums with­out reveal­ing their iden­ti­ty. Unfor­tu­nate­ly, they have many far less legit­i­mate uses, and from what I’ve seen 99% of the use of these ser­vices is for ille­gal or abu­sive activ­i­ty. The head­ers of almost any mes­sage post­ed through an anony­mous remail­er will give you instruc­tions on who to con­tact regard­ing abuse of the service. 

While you can use the same tech­niques I’ve out­lined in pre­vi­ous arti­cles to read the head­ers of anony­mous email and Usenet mes­sages, it won’t do you much good–you’ll just learn what ser­vice was used to send the mes­sage and who to con­tact regard­ing abuse of the ser­vice. The mes­sages can be traced in some cas­es, but it usu­al­ly takes seri­ous law enforce­ment involve­ment to do it. It has been done, but I’m only aware of that hap­pen­ing in cas­es that are of par­tic­u­lar inter­est to gov­ern­ment or big indus­try parties. 

On the plus side, most anony­mous gate­ways are set up so that only one mes­sage at a time may be sent through them, which means that they are extreme­ly imprac­ti­cal for use by spam­mers. On the minus side, peo­ple who want to send harass­ing mes­sages absolute­ly love these ser­vices. I have found that most serv­er admin­is­tra­tors will block your address so that you will not receive mes­sages from their serv­er if you request it, but there are a lot of anony­mous servers out there. You have to find each of them and make the requests one by one, and new servers pop up every day. 

If you’re hav­ing a prob­lem with mes­sages sent through anony­mous servers, I sug­gest that you con­tact law enforce­ment if the mes­sages are overt­ly threat­en­ing. Oth­er­wise, con­tact the server’s admin­is­tra­tor and have them block your address from their sys­tem. You can also use var­i­ous fil­ter­ing tools, like proc­mail or Spam­Cop, to keep all unwant­ed mes­sages from reach­ing you. 

If you want to learn more about anony­mous remail­ers and how they work from some­one far more pos­i­tive about them than I am, try Andre Bac­ard’s Anony­mous Remail­er FAQ. 

For the curi­ous, here’s an exam­ple of a mes­sage post­ed to Usenet through one anony­mous service: 

Path: typhoon.southeast.rr.com!cyclone.southeast.rr.com!newsfeed2.skycache.com!
newsfeed.skycache.com!Cidera!skynet.be!newsfeeds.belnet.be!news.belnet.be!nmaster.
kpnqwest.net!newsfeed.Austria.EU.net!anon.lcs.mit.edu!nym.alias.net!mail2news
Date: Tue, 28 Nov 2000 22:45:43 -0600
From: No User <no.user@anon.xg.nu>
Comments: This message did not originate from the Sender address above.
	It was remailed automatically by anonymizing remailer software.
	Please report problems or inappropriate use to the
	remailer administrator at <abuse@anon.xg.nu>.
Subject: Re: Atlanta police
References: 3a236b2a.91029379@news
Newsgroups: alt.fandom.cons
X-No-Archive: No
Message-ID: <f0b24cdc9996fdcbb1ae271c9a0e0880@anon.xg.nu>
Mail-To-News-Contact: postmaster@nym.alias.net
Organization: mail2news@nym.alias.net
Lines: 7
Xref: cyclone.southeast.rr.com alt.fandom.cons:10311

And the fol­low­ing is an exam­ple of a mes­sage sent to one of my email address­es via anoth­er anony­mous remailer: 

Return-Path: <mixmaster@remailer.privacy.at>
Delivered-To: usenet@null.com
Received: (qmail 11992 invoked from network); 1 Dec 2000 21:31:56 -0000
Received: from unknown (HELO remailer.privacy.at) (193.81.245.43)
  by zeus.larp.com with SMTP; 1 Dec 2000 21:31:56 -0000
Received: (from mixmaster@localhost)
	by remailer.privacy.at (8.8.8/8.8.8) id WAA06020;
	Fri, 1 Dec 2000 22:40:02 +0100
Date: Fri, 1 Dec 2000 22:40:02 +0100
From: Anonymous <nobody@remailer.privacy.at>
Comments: This message did not originate from the Sender address above.
	It was remailed automatically by anonymizing remailer software.
	Please report problems or inappropriate use to the
	remailer administrator at >abuse@remailer.privacy.at>.
To: usenet@null.com
Subject: Re: Spam targeted to people who post here?
Message-ID: <bd600638a9468921d4a4f59d6e9bb488@remailer.privacy.at>

While I can’t tell from those head­ers who sent the orig­i­nal mes­sage, they do tell me to report prob­lems to abuse@remailer.privacy.at. When I wrote to that address, I received a mes­sage explain­ing how to have my address blocked from receiv­ing fur­ther mes­sages from this remail­er (which I did, for my address­es and those of the rest of the fam­i­ly). That is, in fact, what I do every time I find out about any remail­er I haven’t seen before, as a pre­emp­tive strike due to past problems. 

That’s it for our series. You should be able to fig­ure out the ori­gin of most mes­sages on your own now. If you can’t fig­ure out a par­tic­u­lar mes­sage, how­ev­er, try using Spam­Cop for spam or ask­ing for help through Work­ing to Halt Online Abuse if it’s a harass­ing or threat­en­ing message. 

Orig­i­nal­ly pub­lished 17 Feb­ru­ary 2001. Last updat­ed 17 Feb­ru­ary 2019.