1993-07-23 - Re: forged mail

Header Data

From: Peter Breton <pbreton@cs.umb.edu>
To: cypherpunks@toad.com
Message Hash: 96e808b7311b230c32f0526a42cb0a2264315838a176c03a76131f06dd7c55d0
Message ID: <Pine.3.05.9307231654.B26575-b100000@ra.cs.umb.edu>
Reply To: <9307222213.AA26650@toxicwaste.MEDIA.MIT.EDU>
UTC Datetime: 1993-07-23 20:15:40 UTC
Raw Date: Fri, 23 Jul 93 13:15:40 PDT

Raw message

From: Peter Breton <pbreton@cs.umb.edu>
Date: Fri, 23 Jul 93 13:15:40 PDT
To: cypherpunks@toad.com
Subject: Re: forged mail
In-Reply-To: <9307222213.AA26650@toxicwaste.MEDIA.MIT.EDU>
Message-ID: <Pine.3.05.9307231654.B26575-b100000@ra.cs.umb.edu>
MIME-Version: 1.0
Content-Type: text/plain





> you anything if you're up against a smart person.  If you just forge
> mail to me, most likely I can track you down to at LEAST the machine
> you forged it from!

....but a smart person can ensure that you can't track him down FARTHER
than the machine he forged it from (without extraordinary aid, like
access to the site's sendmail logs).
 
> If you go through a remailer, then it strips the headers off, so its
> not a problem.  But there is no reason to need to forge a message to a
> remailer since it hides your identity in the first place.  That's its
> job.

  Actually, forging mail at the machine you're on en route to the remailer
protects you against:

1) Anyone who can snoop the message headers on the way to the remailer
("Tra la la. Let's keep a little list of everyone using those remailers...")

2) A corrupt remailer operator.

  I'm assuming you send from a fairly large organization. Then even though
they can find out which machine originated the message, one can't
determine which of the users (and there may be more than 100) originated the
message. Plausible deniability.


		Peter 

	(NOT the one who allegedly forged mail from bass.sco.atmel.com ;-)






Thread