Hi, Alan wrote (18 Mar 2014 17:09:06 GMT) : > I don't see what the first of these tests would check that is not also > checked by the second.
I agree these two tests are quite unclear and confusing, as currently written: e.g. the Message-Id and Received fields should also be checked for a hostname or local IP application-level leak. But they are meant to test entirely different things, and I don't think we can simply drop one of these tests. The first test is mainly about the TCP/IP layer: it checks that the email is sent over Tor, based on the Received headers in the email the recipient can see. The second test is primarily about the application layer: it checks that the hostname and local IP are not leaked via SMTP commands, by sniffing the network connection. > In addition, it's not easy to access a "non-anonymizing SMTP relay" > through Tor. Could you please share what SMTP relays you've tried, and were blocked by? This would help anyone willing to improve these test by documenting example non-anonymizing SMTP relays one can use to "run" it. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.