From: Anonymous <anon@anon.efga.org>
Date: Tue, 18 Nov 1997 05:33:27 +0800
To: remailer-operators@anon.lcs.mit.edu
Subject: Re: Databasix conspiracy theories
Message-ID: <0738cb51233c79e1c67184be72abdb44@anon.efga.org>
MIME-Version: 1.0
Content-Type: text/plain



Andy Dustman <andy@neptune.chem.uga.edu> wrote:

> > If I remember correctly, the documentation for at least one of the nymservers
> > suggested that posting through a remailer and pasting in the return address
> > would be quicker and impose less burden on the server than having to process
> > each outgoing message through the server.
>   
> That's possible, and if true, it's probably in the documentation for
> redneck. Personally, I would prefer to have the server handle those
> messages, simply because there is a certain amount of "authentication",
> i.e., you can be reasonably sure that that nym really sent the message and
> wasn't forged.

I think it's just as well that people NOT get the idea that the e-mail
address in the headers (from *ANY* ISP) is somehow authenticated and reliable.
The only advantage to sending the message through the 'nymserver would be if 
the server itself would PGP sign the message with its own key to prove that
the message was sent through the server by a properly authenticated user.

The remailers themselves have become the victims of forgeries.  Back during
the DataBasix "reign of [t]error" directed at Jeff Burchell, the "DataBasix
cabal" (called that by a Netcom news admin, BTW) accused the Mailmasher
'nymserver of being used for "forgery" of Gary Burnore's name and address
to various posts.  And now, even after the cajones.com domain has apparently
bitten the dust, I've seen complaints of spam being received by people that's
been forged to look as if it had come from that domain.  In the case of the
Burnore forgeries, the Path: was only traceable back to the mail2news gateway, 
so the header items implicating Mailmasher could have easily been forged just 
as Mr. Burnore's address was.  Nevertheless, these alleged "forgeries" 
comprised the rationale used by a DataBasix employee, Billy McClatchie, for 
demanding the Mailmasher be shut down.

Any kid with a throwaway Netcruiser account and a copy of Netscape or some
other mailer that allows you to set an arbitrary From: address on outgoing
SMTP mail can easily "forge" a return address, and certainly do a more 
convincing job than you could ever hope to do by pasting headers through a 
remailer.  I'll bet if that happened, people like Mr. Burnore would not be
so quick to demand that Netcom be shut down if it can't put a stop to this.

> > I'm not sure that even that is a wise precedent to set. In itself it seems
> > innocuous enough, but it could always lead to a demand, "Well, you already
> > mangle e-mail addresses contained in the bodies of posts, so why not also
> > alter the contents of posts in the following way..."
>     
> Well, I'm not real happy to have to do it. It was in response to a very
> active spam-baiting campaign, apparently directed at the Databasix people,
> and primarily consisted of lists of addresses with no (or very little)
> other text. I doubt this methodology could realistically be applied to
> anything else (or that I would consider doing it for anything else).

Your solution was undoubtedly more clever than they had counted on.  Unless I
miss my guess, they were hoping that anything that contained one of their
e-mail addresses would get blocked.  They did manage to convince Jeff Burchell
to do that, at least until he figured out what they were up to and he
discontinued his content filtering.

I once tried an experiment.  I got one of those free e-mail accounts and stuck
its e-mail address in the body of a Usenet post that was sent to the same set 
of NGs that were involved in this "spam baiting".  I did this once daily for 
several weeks and only received one piece of spam.  Knowing that, I could have
confidently "spam baited" myself, if I wished, without any real consequences.

Back when this was all happening, Gary was posting perhaps a dozen messages a
day to usenet with his own (unmangled) address in the headers.  I doubt that
he'd have noticed any difference from having his address included in the
BODIES of anonymous posts.  Anyone who was going to harvest his address would 
have already done so from his own posts.

> > BTW, is there any evidence to indicate that anyone is really harvesting e-mail
> > addresses from the BODIES of Usenet posts? Gary Burnore posts his flames quite
> > widely, so it's quite likely that any bulk e-mailing lists he's on is the
> > result of his (non-mangled) e-mail address being in the From: line of his own
> > posts.
>   
> I really don't know. I do know when the spam-baiting campaign started, the
> spam-baiters would also use the remailers to contact the people
> spam-baited to let them know they had been spam-baited so they would
> complain to us. 

That's even more evidence that the real target of the spam baiter(s) was the
remailers themselves.  Why else would you "attack" people, then anonymously
warn them of what you'd done?  Perhaps that's why the spam baiting reportedly
was directed not only at the DataBasix gang, but also at their detractors,
such as Ron Guilmette, Scott Dentice, etc.

I did notice several non-anonymous Usenet "warnings" going out from Peter 
Hartley <hartley@hartley.on.ca>, the sysadmin of an infamous Canadian 
domain that provides autoresponders for spammers.  He was even "helpful" 
enough to include several contact addresses for Jeff  Burchell and his 
upstream providers.  I'm not sure how/why he was involved, unless the spam 
baiters managed to push his buttons and sucker him into joining their 
clandestine anti-remailer campaign.

> (There was another set of letters going around claiming to
> be pro-remailer, but I was always skeptical that that was the true
> intention.)

Sounds like a classic, "F.U.D." disinformation campaign like another
anti-privacy bunch, the Co$, would engage in.  What better way to discredit
remailers that to, for example, send out anonymous messages saying "Preserve
your rights -- defend remailers!" and making it look like the message came
from a member of the KKK, or NAMBLA, or some other unpopular group.