Draft 1.0
                 Copyright (C) 1994 Homer Wilson Smith
       Redistribution rights granted for non commercial purposes.
     The anon server is used to create an anon id for you and to send
your mail to other people or newsgroups with all your original headers
stripped off your file and your anon id and anon headers put in their
place, along with your chosen nickname if you choose to set one.
     For example, assume you have been granted an19187 as your anon id,
and you send a file to  Your mail would come to him
with as the sending address (yours) and as the
reply-to address.
     Your anon id, in this case, becomes a
permanently valid email address in the internet domain.  That means that
anyone can send mail to and it will come directly
to you.  What actually happens is the mail is sent to, where the anon server looks up who an19187 is,
and replaces the anon id with your true id, and then remails it to you.
     The anon server serves two purposes.  The first is to allow normal
people to send mail to anonymous people via their anon id's.  The second
is to allow people to send mail anonymously themselves to anyone whether
they are anonymous or not.
     Thus there are four possible transactions that can take place.
     SENDER       ---->  RECEIVER
     1.) real-id  ---->  real-id
     2.) real-id  ---->  anon-id
     3.) anon-id  ---->  real-id
     4.) anon-id  ---->  anon-id
     1.) real-id ---> real-id
     There is no reason for people to send mail from a real-id to a
real-id via the server as they can do this with standard e-mail.  Thus
when you send from a real-id to a real-id the server ASSUMES that you
wish YOUR mail to be anonymous and it gives you an anon-id if you don't
already have one and sends your mail on with your new anon-id in the
place of your real-id to the real-id of the intended recipient.  Thus #1
becomes the same as #3.
     2.) real-id ---> anon-id
     If you send from a real-id to an anon-id, the server looks up who
the anon-id recipient is and replaces that person's anon-id with their
real-id and sends the mail on to them.  However the server ALSO replaces
YOUR real-id with your anon-id, or if you don't have one yet it will
ASSIGN you one and inform you that it has done so.  Thus the first time
you respond to an anon-id you will be given an anon-id yourself.  Thus
2.  becomes the same as 4.
     This may sound like a nuisance for the sender who may only wish to
send something to an anonymous person, and not be anonymous himself.
But it prevents the anonymous receiver from replying by mistake DIRECTLY
to the sender and thus giving away their own secret id.
     By forcing all senders to have anon ids before their mail is passed
on to other ids, this protects the identity of the recipient from their
own stupid mistakes.  They HAVE to respond to the sender VIA THE SERVER,
so their own real address is always stripped off and replaced with their
anon id, guaranteeing their security.
     This means that if you send mail to a person with an anon-id, the
anon-id recipient will not know who is sending him mail, unless you
identify yourself explicitly.  Now you may have no real desire to be
anonymous, so your first inclination may be to just tell the person who
you are.  But if sometime later you wish to actually USE your anon id
anonymously, that person will know what it is.  This might be a security
break for you, so when you respond to anon postings, make sure you stay
anon yourself.  Unless you are utterly SURE you will never want to use
your own anon id anonymously.
     3.) anon-id ---> real-id
     4.) anon-id ---> anon-id
     Since anyone sending mail to the server to be passed on is
automatically given an anon-id, 3 and 4 are actually the normal modes of
operation.  You can send mail to any real-id address or to any anon-id
address or to any newsgroup on usenet.  Your mail will get there with
your anon-id in the header for them to respond it.
     There is an inherent problem with anon servers in that people can
find out what anon-id you are using IF they know your real-id.
     They can NOT take an anon-id and find out what real-id belongs to
it, but they CAN take a real-id and find out what anon-id you are using.
This is called "sniffing" the server.
     This is how it works.  Both the news and mail systems use protocols
that anyone can tap into with a little knowledge.  The documentation for
doing this is widely available and understandable by anyone with the
drive to understand and use it.
     Thus, for example, anyone can feed a posting directly to the news
port and give the posting any headers he wants to.  In this way he can
send a posting to any newsgroup that has some other name than his own as
the Sender.  He can fabricate a totally anonymous name, or he can put
someone else's real-id, thereby making everyone think the posting came
from someone it didn't.
     This might seem outrageous, but its true, and always has been true,
and probably will continue to be true for a long time.
     The same thing goes for mail which works just like news except that
it uses a different protocol.  Thus any one can feed the mail port a
file destined for someone else, and place an anonymous name and return
address in the From: header or even the real-id of anyone they want to.
This is called forging, because they mail file comes to you looking like
it came from someone it didn't.  There is clearly a lot of room for
mischief here, but also for safe anonymous mailing, in case you want to
contact someone and you really don't want to be traced.
     So I can forge a mail file 'from you' and send it TO ME via the
anon server.  Its really coming from me, but it SAYS its coming from
you.  When the server gets the mail file 'from you', it looks up your
anon-id and places it in the reply-to: header and then sends it on to
me.  When I get it, I can see your anon-id in the reply-to: header.
     If you don't actually have an anon-id, the server will allocate you
one, and inform you it has done so, which will allow you to know that
someone has successfully sniffed your anon-id, even though it is brand
new, being itself created in the act of sniffing.
     If you do already have an anon-id, the server will merely pass the
mail file on back to me with you anon-id in the reply-to: header and you
will never know you have been sniffed.
     This is clearly a security break.
     The answer to this is to provide for the use of a PASSWORD.  Once
you get an anon-id, you can set a password at the server.  Then any mail
coming from you must have that password or the server will reject it
back to you.  Since there is no way I can know your password, if I try
to send a mail file to the server forged 'from you' and it doesn't have
the correct password, the server will reject the mailfile sending it
BACK TO YOU NOT ME, so you will know exactly who tried to sniff you.
     However passwords are a pain in the butt, and often non anon people
just want to respond to an anon-id, and they don't want to be bothered
with getting a password for themselves, even though they are by default
given an anon-id when their first mail file comes into the server.
     So if you merely respond to an anon-id for the first time, you will
be given an anon-id but no password.  Your mail will get through to the
anon-id you sent it to and they will be able to send back to you via
your new anon-id and no password will be needed by you.
     So if you have gotten an anon-id by whatever means you should set a
password unless you really don't care.  Remember that you might START
caring some time down the road, and by that time someone may have long
since sniffed your anon-id and you would never know it.  If you are
notorious on the net, be sure someone will do it.  If you set your
password, you will find out if someone tries, and they won't get squat
on you.
     If you send a posting through the server to a REAL-ID instead of an
anon-id, the server assumes you really want to be anonymous, so it will
insist that you set a password FIRST before accepting your anon posting
to the real-id.  Once you have set a password, you MUST use it for ALL
postings both to real-ids and to anon-ids.
                         HOW TO GET AN ANON ID.
     There are seven accounts at that you should be aware
of and facile with.  They are explained below.
     1.)      These first 4 help you with
     2.)     administration of your anon-id.
     5.)      These 3 allow you to use
     6.)      the server.
     Sending any mail to this address will return to you online help,
which is confusing and barely readable, hence this writeup.  However
they do have it in many languages, so in case English is not your
language, you can probably get a copy in your own language.
     Mail to this address will go directly to the system administrator
of the server, Johan Helsingus who is one brave dude.  He is overwhelmed
with mail about the server so don't bother him unless it is really
really necessary.  You should inform him of any problems you find with
the server, but it might be nice to tell him he doesn't have to ack you.
     Mail to this address will return you a short listing of various
interesting statistics about the server, which you should all try at
least once just to get a feel for it.
     Mail to this address will return to you a short file telling you
what your anon-id is if you have one and will allocate you one if you
don't.  It won't tell you what your password is, and you don't need your
password to get the info.  If someone tries to forge mail 'from you' to
the ping address, the return answer will go to YOU not the forger, so
you will know that someone tried to sniff you.
     Ping by the way is a computer term meaning to send a signal to
another machine to get a response back to see if the other machine is
     Mail to this address will assign you a nickname and will ALSO
assign you an anon-id if you don't already have one.  If you don't
already have a password set, you won't need your password to change your
nickname, but someone can forge a change to your nickname if they want
     Mail sent to this address will set your password for the first time
and allocate you an anon-id if you don't already have one.  Until you
set your password for the first time, someone can forge a mailfile 'from
you' and set a password for you.  After your password has been set, you
will need to USE your password you change it.
     A.) To set it the first time, the password you want to set is the
first and only line of the message text of the file that you send.  It
can be any length, upper or lower case letters and numbers and symbols.
     B.) To change it you will need to use the password to change it,
using the X-Anon-Password: (your password here) as the first non-blank
line after the headers.
     For example,
     (other headers:)
     X-Anon-Password: Old Password
     New Password
     The safest way to send mail to the server is to send your mail or
posting to  Then inside the file you place in the
headers, anywhere before the first blank line which marks the end of the
headers, where you want to send it to like so:
     (other headers:)
     X-Anon-Password: secret
                                   (blank line marking end of headers.)
     Text of your message.
     You can place real-ids, anon-ids and newsgroup names in the X-Anon-
To line.  You can also string them together, with commas and no spaces.
You can crosspost by placing more than one newsgroup on the line, again
separated with commas and NOT SPACES.
     If you find the X-Anon-To: approach to be clumsy you can use a
short cut, but it is not guaranteed to work properly, and has possible
security risks.  Suppose you wanted to send to  You
would use,
     mail     (notice the % sign)
     (other headers:)
     X-Anon-Password: secret
     Your text.
     There is a danger with using this form because some mailers have
been known to bypass the double name, and send it directly to which will give you way.
     If you are sending to a known anon-id like an19187 you can just
send it like normal.  Don't forget password line if needed.
     This is the way most reply's will go out, as
will be the return address that the server placed in your mail header to
let you know who sent you the mail in the first place.
     To send to Usenet newsgroups, merely place the name of the
newsgroup in the address like so, (don't forget password line if
     So that's it.  It can seem pretty complicated, mainly due to the
extra security precautions which are the result of the fact that the
internet is was never designed to be secure in the first place.
     If you have any questions about this document, or criticisms, or
something is not clear, or should be added or dropped please inform me,
as I hope to improve on it as time goes on.
     I make no guarantees as to its correctness, and only playing around
with the server will let you know if things really work the way I said
they do.
     Homer Wilson Smith