From: "Michael E. Marotta" <MERCURY@lcc.edu>
Date: Tue, 21 Dec 93 01:54:54 PST
To: mercury@lodden.com
Subject: Regarding "Free Willy"
Message-ID: <455B48CD008002F1@sleepy.egr.msu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm sorry to have to confess this, but I don't understand how I as 
a mere user receiving mail am supposed to know that the Free Willy 
message did not come from the President. 
 
Here is what I got:
-----------------------------------------------------------------
 
Message 5/12  From President@whitehouse.gov        Dec 19 '93 at 2:13 pm pst 
Return-Path: <heifetz!toad.com!owner-cypherpunks>
Return-Path: <President@whitehouse.gov>
Date: Sun, 19 Dec 93 14:13:02 PST
 
I Love encryption.  I Love PGP.  I Love PseudoSpoofing.
Please send me lots of mail about my Health Care Plan.
 
And always remember...
 
Free Willy!
 
--Slick
-----------------------------------------------------------------
 
Looks good to me.  But, ferguson says he knows better
 
> Return-Path: <President@whitehouse.gov>
> Received: from [144.92.136.35] by toad.com id AA13485; 
>   Sun, 19 Dec 93 14:16:03 PST
>
 
Which ferguson shows as 
   TELGATE.ADP.WISC.EDU         144.92.104.20
 
To me, 144.92 could be wisc.edu or telgate.adp but in any event, 
I didn't see this at all and would have ignored it if I had.  
Messages get routed all over the place. You call Detroit from 
Lansing and it goes via Chicago.  144.92 proves nothing.
 
Then charliemerritt offers another solution.
 
> Return-path: President@whitehouse.gov
> Received: from delphi.com by bix.com (CoSy3.31.1.45) id
>  <9312191740.memo.19248@BIX.com>; Sun, 19 Dec 1993 17:40:07 -0500 (EST)
> Received: from relay2.UU.NET by delphi.com (PMDF V4.2-11 #4520) id
> <01H6O7JJ9BJK94H43Q@delphi.com>; Sun, 19 Dec 1993 17:37:58 EDT
> Received: from toad.com by relay2.UU.NET with SMTP
>  (5.61/UUNET-internet-primary) id AA10179; Sun, 19 Dec 93 17:37:09 -0500
> Received: by toad.com id AA13572; Sun, 19 Dec 93 14:19:04 PST
> Received: by toad.com id AA13552; Sun, 19 Dec 93 14:17:31 PST
> Received: from [144.92.136.35] by toad.com id AA13485; Sun,
>  19 Dec 93 14:16:03 PST
> From: President@whitehouse.gov
> Date: Sun, 19 Dec 1993 14:13:02 -0800 (PST)
> To: charliemerritt@bix.com
> Message-id: <9312192216.AA13485@toad.com>
> Content-transfer-encoding: 7BIT
> X-Envelope-to: bix.com!charliemerritt
> Apparently-To: Cypherpunks
>
 
Wex himself was also on top of this, and what did he find?
 
>Received: by toad.com id AA13552; Sun, 19 Dec 93 14:17:31 PST
>Return-Path: <President@whitehouse.gov>
>Received: from [144.92.136.35] by toad.com id AA13485; Sun, 19 Dec 93 14:16:0
>3 PST                             
>Date: Sun, 19 Dec 93 14:13:02 PST 
>From: President@whitehouse.gov 
>Message-Id: <9312192216.AA13485@toad.com> 
 
Which does show the wisconsin 144 stuff, but none of the Delphi-
Bix-UUnet nonsense.  So what I am to make of this?  Two sharp 
'punks finger this as coming from (through?) wisconsin 144.  So, 
I conclude that this spoofer goes to U-Wisc.  He has accounts on 
Bix and Delphi.  He forwards Free Willy from 144 to Delphi to Bix 
and from there to toad.  But ferguson didn't have Delphi and Bix 
in his solution.  And, again, the message came to me with just the 
address of the Presidential Palace in Federal City. 
 
Seems to me, the most reasonable explanation is that the message 
probably did not come from The President, but that conjecture is 
based on the CONTENT, not the addressing.  As for Wex, ferguson, 
and charliemerritt, perhaps these are merely tentacles of
Hillary who is discrediting Willy's desperate shot at freedom.