A remailer provides anonymity to the sender by acting as an intermediary between the sender and recipient. It can be used for free speech, personal privacy, and protection for whistleblowers. Using multiple remailers in a chain can provide greater security. However, anyone can run a remailer, and using PGP encryption is recommended. There are freeware programs and web services available for using remailers.
A remailer is a service that provides anonymity to the sender of an e-mail or newsgroup message by acting as an intermediary between the sender and the recipient. The sender’s message goes first to the remailer, which strips the headers associated with the sender, replacing them with its own. Then forward the mail to its final destination. The recipient cannot infer the origin of the mail or message by looking at its headers – only the remailer’s headers will appear.
There are myriad practical reasons for using a remailer. For example, they can provide anonymous participation in USENET support groups to prevent employers, or even children and spouses, from Googling personal posts. The service offers people in every country the opportunity for free speech, even where local governments prohibit it. They also protect the sender when the nature of the message could cause personal repercussions, such as in the case of a whistleblower.
For the average person on the Internet, a remailer can be a useful tool for keeping a personal email address private. If you would like to send feedback to a favorite website or blogger, using this service will ensure they get your message without receiving your email address. This also applies to USENET messages. Participating in controversial debate-based newsgroups can get controversial, but a remailer will ensure that you won’t have “stalkers” following you to your inbox.
Along with the freedom this service offers comes responsibility. Using a remailer to harass, threaten, taunt, or engage in fire warfare is considered abuse. In the headers of any resent email or message, there is an address to which the recipient can send an email complaining of abuse. These may or may not be considered, depending on the owner of the service and the nature of the posts.
While using one remailer is sufficient for casual purposes, several can be used in a “chain” to make the message harder to trace and provide even greater security. In this case, the first member of the chain removes your headers and sends the mail to another remailer. That service does the same, stripping the previous headers and sending the message to the next in line, until the message is delivered. Ultimately, tracing the origin of the message goes only down to the last participant in the chain. If there are still server records available, the message could be traced another step, but the detective would encounter the same problem at that time. The remailers, as a matter of security, claim to delete all messages from their servers daily, precisely to eliminate the need to hand over server records to the authorities.
Note that anyone with skills can run a remailer. It is widely believed among the remailing community that some are likely run by government agencies. Even a standard “Joe” can perform an unscrupulous service, reading the messages that pass through his server. For this reason, most people who use one encrypt their messages with PGP (Pretty Good Privacy). The message is unencrypted only at the end of the chain. Without using PGP, your message may be anonymous to the recipient, but will be available to all intermediaries in between.
There are several widely used freeware programs designed to deliver e-mail and newsgroup messages via remailers. Purists argue that using remailers manually with these programs is safer, although there is a learning curve. There are also services on the web that automate the process and are probably sufficient for most people’s purposes. Most purists reject web services because there is no real guarantee that the service itself doesn’t use a “back door.”
Protect your devices with Threat Protection by NordVPN
