Covert Distribution Channels

Guluc and Tsudik [7] discuss potential anonymous abuse of re-mailers for the purpose of ``spreading libelous accusations, hate-filled propaganda, pornography, and other unpleasant content.'' The content of the illicit e-mail uncovered at Langley AFB validated this statement and identified a larger systemic problem.

 

Figure 4: Covert Distribution Channels

The technique of anonymously distributing covert files via a neutral intermediate MTA is illustrated in Figure four. The covert distributor, H_distributor, uses route address syntax and insecure sendmail configurations to relay illicit material to other MTAs. We have seen this technique used for private individuals, the general public, and unsuspecting network users.

In addition, the recipient of the illicit mail can be easily fooled to believe that the e-mail originated from an innocent victim's host machine. This poses a very real and dangerous method for criminals and malicious agents to victimize the Internet community. For example, an MTA for a large bank in Tokyo could be used as a relay by pornographers. The recipient of the e-mail would more-than-likely (falsely) believe that the bank was the originator of the illicit mail. This type of accusation is very difficult to defend against and it could be extremely damaging to the integrity of the bank's brand and reputation.