RE: unaccessible for Tor users

Michel Py <> Tue, 15 March 2016 17:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1874012DBD9 for <>; Tue, 15 Mar 2016 10:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id k2Ok9pP3J8AI for <>; Tue, 15 Mar 2016 10:55:28 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DE94412DB8E for <>; Tue, 15 Mar 2016 10:55:27 -0700 (PDT)
Received: from newserver.arneill-py.local ([fe80::e9e0:5b4:170e:c286]) by newserver.arneill-py.local ([fe80::e9e0:5b4:170e:c286%11]) with mapi id 14.03.0279.002; Tue, 15 Mar 2016 10:55:28 -0700
From: Michel Py <>
To: 'Leif Johansson' <>
Subject: RE: unaccessible for Tor users
Thread-Topic: unaccessible for Tor users
Thread-Index: AQHRflFC8AA/Dp7z106dGFDxm4jeYp9aWcGAgACC0QD//9GTUIAAheKA//+SVWA=
Date: Tue, 15 Mar 2016 17:55:27 +0000
Message-ID: <F04ED1585899D842B482E7ADCA581B845754B70B@newserver.arneill-py.local>
References: <> <20160315002604.15726.qmail@ary.lan> <> <alpine.OSX.2.11.1603150755160.47203@ary.lan> <F04ED1585899D842B482E7ADCA581B845754B682@newserver.arneill-py.local> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [fe80::e9e0:5b4:170e:c286]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: John R Levine <>, IETF <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Mar 2016 17:55:30 -0000

>> Michel Py wrote :
>> I would not go as far as saying "most of the traffic" (as it implies some
>> volume) but "most of the exit nodes are engaged in some malicious activity".
> Leif Johansson wrote :
> Thats true to the same extent  that "the Internet is mostly about cat videos"

That is true to the extent that I counted myself several times and the last time I counted (this year) out of the known 1827 Tor exit nodes, 896 were marked as having "malicious" activities; it goes over the half mark on a regular basis. This data is not public (yet) but it will be soon, it's not based on Cloudflare data. I'm not the only one who has observed it either; there are reasons why both attack mitigation solution providers and end-networks filter and/or block Tor.

This is not guesswork.