sandcastle icon indicating copy to clipboard operation
sandcastle copied to clipboard

Published 20 hours ago verified publisher icon iflowfor8hours

Determine the most reliable way to send mail from a server running Tor hidden services

Open cameroncking opened this issue 9 years ago • 4 comments

Web applications may assume that email is readily available, and may even use it as an authentication method (login with email address). We should research which email delivery methods are most reliable, and do not reveal the location of the server running hidden services.

The solution should be:

  1. Easy to use
  2. Reliable (not arriving in junk mail)
  3. Private (not revealing the IP address of the server)

cameroncking avatar Nov 17 '15 01:11 cameroncking

https://riseup.net do not embed the IP address of the sender and even have onion addresses for their servers.

jacksingleton avatar Nov 17 '15 01:11 jacksingleton

I think we should just recommend always using an external MTA that you can rely on when running a hidden service you want to remain anonymous.

jacksingleton avatar Nov 17 '15 01:11 jacksingleton

I have not used riseup as an MTA, but it sounds like it could be a good fit. Since setting up a smarthost with authentication is not trivial, we should see about how we can configure this using ansible variables.

cameroncking avatar Nov 17 '15 03:11 cameroncking

Currently we just rely on configuration inside the Sandstorm admin console to allow us to enter an outgoing SMTP server (as in, a manual process).

Not sure if sandstorm has a config file option for outgoing SMTP server... I would think so.

jacksingleton avatar Nov 17 '15 05:11 jacksingleton