Anonymous Email
The purpose of anonymous email is to hide the identity of the sender and/or to thwart traffic analysis. Otherwise, it is much like regular email.
Who Needs Anonymous Email
Use this service if you need to communicate anonymously to avoid embarrassment or a negative consequence.
How Does It Work?
Normal email contains information in the header that identifies the sender. There are fields saying who the message is from, the address for replies, and the path the message has taken from sender to receiver, complete with timestamps for each stop along the way.
Anonymous email usually works through a service that strips an incoming message of those header fields then resends it with new sender and reply-to fields that cannot easily be traced back to the original sender. This may be sufficient if you only need to hide your identity from the recipient. Some people may also need to evade traffic analysis. In such cases using an anonymous remailer service such as NoName might be safer.
Some other providers of anonymous email services are listed on our product guide.
AndrĂ© Bacard’s ‘Anonymous Remailer FAQ’ gives a great historical perspective of remailing, how it has evolved and its current state.
A number of anonymous remailers are available. The Cypherpunk Anonymous Remailer Tutorial is a good reference guide for how to use them.
Pitfalls
Never attempt to send anonymous email from your work computer. Your email will be stored on your company’s server before being anonymized and may even be archived for posterity.
Never send Microsoft documents or PDF files (you generated) if you want to remain anonymous. Information that could reveal your identity is hidden in the file.
Remailers are still susceptible to certain types of attacks. However, people are constantly working on making them more secure.
The Nitty Gritty
This section is for people who want to know the technical aspects of remailers. The rest of you are done here.
At the moment, there are three types of remailer systems. They each work differently and serve different purposes.
Type I: Cypherpunk Remailers
In the Cypherpunk system, all messages are encrypted with the server’s key before being sent. The address of the recipient resides in the message body and is read by the server after decryption. The server then forwards the message to that recipient. The return address on the message is now that of the server not the original sender.
The obvious weakness is that the server knows the identity of both the sender and recipient. A determined attacker or a legal authority might be able to discover the identity of the sender. But, this is easy to overcome by using multiple servers. In practice, Alice would prepare a message for Bob and encrypt it with the public key of server Z. Then she would add instructions for the message to be forwarded to server Z and encrypt the result with the key for server Y. Then she would add instructions to forward the message to server Y and encrypt everything with the key for server X. Finally, she can send the whole message to server X. Server X will remove her identifying information and follow the instruction to forward to Y. Y will decrypt and forward to Z. Note that Y has no knowledge of either the sender or the recipient. Z will get the message and decrypt it revealing the Bob’s address and send him the email. For the email to be traced back, all three server would have to be compromised.
Complex but workable methods allow sending encrypted return paths to allow replies without giving away the original senders identity.
Type II: Mixmaster Remailers
Type I remailers are fairly secure but, any large, well funded, three letter organization that routinely engages in wiretapping, can still work out senders and recipients through detailed traffic analysis. Mixmaster was created to solve this traffic analysis problem. It assumes every network connection is monitored.
Two ways an agent can track a message are by time and by size. Mixmaster changes the order of messages passing through a server to make timing more difficult. It also pads messages so that every message is the same size.
Unlike Type I remailers, Type II usually requires client software as well as server software. Some providers, such as Novo Ordo offer work arounds to this problem.
Type III: Mixminion Remailers
Type III remailers are new and may not yet be stable. Mixminion builds upon Mixmaster. It incorporates a more secure reply mechanism and introduces link-level encryption with ephemeral keys to ensure forward anonymity for each message.
Like Type II remailers, Type III require client software.
Mixminion is currently in alpha testing – not ready for prime time.