Relays can lie about their exit policy, e.g., they claim that they exit to port 80 and 443, but won't actually do it when they receive data from clients. We should have an exitmap module that verifies that a relay follows its own policy.

This could be done by attempting to establish TCP connections to a dedicated scanning host that has all of its port open. That would make it possible for relays to game the system, however, by whitelisting this dedicated scanning host and still refusing to exit to other IP addresses.

I was looking through this enhancement and was wondering whether it would be possible through a hidden service. To elaborate, we could have a dedicated hidden service that has all its port open and through multiple open connections to this HS, we could determine whether an exit node abides by its exit policy or not. We could also use certain trusted exit nodes in our scans to compare results. I have not read about the hidden service protocol in detail, but if the introduction points stay the same for the duration of one scan, we could have some results.

Sorry for the previous comment, I realised the flaw in this would be that between the client circuit, Rendezvous point and the Introduction points, traffic would flow through the OR Port and not the ExitPolicy enabled ports.

Another possible idea that I can think of is to use a large scale collection of globally distributed nodes like PlanetLab, where all of them could have their ports open to overcome the barrier of whitelisting a few IP addresses.