Hi,
Alan wrote (18 Mar 2014 17:09:06 GMT) :
> I don't see what the first of these tests would check that is not also
> checked by the second.
I agree these two tests are quite unclear and confusing, as currently
written: e.g. the Message-Id and Received fields should also be
checked for a hostname or local IP application-level leak.
But they are meant to test entirely different things, and I don't
think we can simply drop one of these tests.
The first test is mainly about the TCP/IP layer: it checks that the
email is sent over Tor, based on the Received headers in the email the
recipient can see.
The second test is primarily about the application layer: it checks
that the hostname and local IP are not leaked via SMTP commands, by
sniffing the network connection.
> In addition, it's not easy to access a "non-anonymizing SMTP relay"
> through Tor.
Could you please share what SMTP relays you've tried, and were blocked
by? This would help anyone willing to improve these test by
documenting example non-anonymizing SMTP relays one can use to
"run" it.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
