From firstname.lastname@example.org Mon Apr 25 03:54:49 1994
Subject: Anonymous help.
The anon.penet.fi Anonymous Server
Yes, another anonymous server. Why? Well, several well-known servers have
bitten the dust recently. And most of them have served only a very limited
Due to reasons too complicated to mention here I wanted to set up an anonymous
of one of the server packages. As the version I got relied heavily on the
advanced features of MMDFII, I had to modify it quite a bit. While hacking
around, I removed the restriction of only supporting selected newsgroups.
Within a week of startup, the server had been discovered by transatlantic
users, and more recent stats show european users are definitely a minority.
So what does the anon server really do? Well, it provides a front for
very first message to the server, it automatically allocates you an id of
the form anNNN, and sends you a message containing the allocated id. This id
s used in all your subsequent anon posts/mails. Any mail messages sent to
email@example.com gets redirected to your original, real address. Any
chooses to reveal her identity explicitly.
everything from there on. But if your signature starts with anything else,
t's your own responsibility to remove it from your messages.
There are two basic ways to use the system. The easiest way is by sending a
message to firstname.lastname@example.org:
Of course, in the case of mailing to a known user, you have to use addresses of
the form email@example.com, or the pretty obscure source addressing
construct of @anon.penet.fi:firstname.lastname@example.org. These constructs are not
necessarily handled properly by all mail systems, so I strongly recommend the
"X-Anon-To:" approach in these cases. This works by you sending a message to
"email@example.com", including a X-Anon-To: header line containing the desired
first empty line in the message. So:
Valid recipients in both cases are fully qualified user addresses in RFC-822
format (firstname.lastname@example.org), anon user id's (anNNN), newsgroup names
(alt.sex.paperclips) or one of the "special" user names of ping, nick, help,
admin and stat.
Sending to "ping" causes a short reply to be sent confirming (and
allocating, if needed) your anon id. "nick" takes the contents of the
Subject: header and installs it as your nickname. If you have a nickname, it
appears in the From: header in the anonymized message along with your anon
d. "help" returns this text, and stat gives some statistics about the
When crossposting to several newsgroups, you can list several newsgroups
maintain reply threads.
Ah yes, please remember that the posting takes place at my local site, so you
can only post to groups that are received at penet.fi. I get all "worldwide"
a couple of comments about permitting anonymous postings to technical groups.
anonymous postings are a privilege, and use them accordingly. I believe adult
As the server was originally intended to be used by scandinavians, it
ncludes help files for various languages. This works by using the
language in question as the address. So to get the german help file,
Support for new languages is added every now and then, when I find
volunteers to do the translation. Any new ones?
The user-id database is based on RFC822-ized forms of your originating
address. This may cause problems for some users, either because their site
s not properly registered in the name servers, resulting in
non-deterministic addresses, or because their mail router doesn't hide the
dentity of individual workstations, resulting in different originating
addresses depending on which workstation you mail from. Talk to your
administrator. If that doesn't help, let me know, and I will make a manual
You might wonder about the sense of using a server out somewhere, as the
Well, in fact, as we live in a wonderfully networked world, the major delay
s not going over the atlantic, but my local connection to the Finnish EUnet
backbone, fuug.fi. Once you reach a well-connected host, such as
uunet.uu.net, there's a direct SMTP connection to fuug.fi. My connection to
fuug.fi is currently a polled connection over ISDN, soon to be upgraded to
on-demand-SMTP/NNTP. But for now, expect a turn-around delay of 2-4 hours for
Short of having everyone run a public-key cryptosystem such as PGP,
there is no way to protect users from malicious administrators. You have to
trust my personal integrity. Worse, you have to trust the administrators on
every mail routing machine on the way, as the message only becomes anonymous
once it reaches my machine. Malicious sysadmins and/or crackers could spy on
SMTP mail channels, sendmail queues and mail logs. But as there are more
than 3000 messages being anonymized every day, you have to be pretty perverted
to scan everything...
Another thing is mail failures. I've had cases of mail routers doing the wrong
thing with % addresses, "shortcutting" the path to the destination site.
This could cause your mail to go to the final destination without ever
touching my server (and thus without getting anonymized). This can be avoided
by using the X-Anon-To: method.
And if your return address bounces for some reason (nameservers down,
temporary configuration failures etc.), the original sender and/or
dentity, and maybe even the full message.
There is at least one known way to discover the anon id of a user. It involves
being able to falsify your real identity, so it is not too easy to use, and it
to discover what anon id a certain user is using. To fix this problem, the
First you have to set a password by mailing to email@example.com, with
a message containing only your password. The password can be any string of
upper- or lowercase characters, numbers and spaces.
Once you have set your password, you must include it in all your messages, in
a "X-Anon-Password:" line. As with the X-Anon-To: line, it can be either a
So your first message might look like this:
And your subsequent messages might look like something like this:
confidentiality of your anon id, you can set the password to "none", in which
case the server doesn't require you to have a password.
etc, somebody has managed to use your account and set a password. In that
case, contact firstname.lastname@example.org.
Crackers are just too clever. Undoubtedly somebody is going to come
up with some novel method.... Not much I can do about that...
marriage or inheritance, _please_ send a test message first. The software
control) screw things up. And if you happen to find a problem, _please_ for
the sake of all the other users, _let me know asap_.
And _please_ use the appropriate test newsgroups, such as alt.test or
misc.test. Yes, _you_ might get excited by reading 2000 "This is a test.."
messages on alt.sex, but I warn you that most psychologists consider this
And remember this is a service that some people (in groups such as
alt.sexual.abuse.recovery) _need_. Please don't do anything stupid that
there is very little political pressure anyone can put on me, but if
might be able to order me to shut down the service. I don't particularly
you come up with suggestions for improving this text, please mail me! Remember
English is my third language...
- - - ------------------------------------------------------------------- - - -
Johan Helsingius Kuusikallionkuja 3 B 25 02210 Espoo Finland Yourp
net: email@example.com bellophone: int. +358 0400 2605 fax: int. +358 013900166