Hi, I’m operating a tor node around 6 Months. I offered my mail address in the configuration as it is recomanded. I have used a special mail address for this, and that makes me sure, that a lot of spam and phishing is send to this address. That this mail address is needed, I saw, as I got around 2 reminder for update or that the node is down. I think this spam will increase a lot over the time and I don’t will be able to find the single important mail than anymore.
My idea is, that the node code could be adjusted to encrypt the mail address with a public key and offer just an unreadable email address.
The tor-bot, who is checking the nodes could have the private key to decrypt the node mail address and could send me the important mail.
It must not be that extreme secure. Also somthing like abcd (at) defg.com should also help to avoid spam mails. I was on the githup page from the tor code, but I havn’t seen a possibility to create a feature request. This is the reason, why I post it here. What is about this Idea?
I think there are still benefits to anyone (human) being able to view the email address and contact the operator. My guess is that the simplest of CAPTCHAs, like an ‘enter the text you see in the image’ hosted directly on the server side of the site would stop essentially all email scraper bots while still allowing everyone to view the email address manually
Sounds good to me. I think, just a button or copy the encrypted mail to this field to decode is also suitable and complex enough for mail search bots.
I’d also like the public-key-encrypted mail address in the contact information as i don’t like getting SPAM, too.
I also agree with this suggestion.
I remember i had made a comment about those kind of stuff early days but seems was refused by mods.
Emails today are a bit dangerous and you can get easy spammed by bad people. Email field on torrc is some kind you can be creative and put other stuff there if you know what are you doing.
I recommend this simple mitigation:
- Create a dedicated email for your contact info.
- Add a rule to allow only emails from *@torproject.org.
Other possible workaround: use a GitLab service desk as contact info. It works quite well and it’s a free service provided by gitlab.com.
This is not a good idea as not everybody is able to have server based rules for mail.