From: "Jon 'Iain' Boone" <boone@psc.edu>
Date: Mon, 17 Jan 94 11:23:30 PST
To: cypherpunks@toad.com
Subject: Re: Forged messages (was: TC May advertises cypherpunks as keeping your taxes from going to 'people of colour')
In-Reply-To: <AhC3Mym00awJ8D7EpF@andrew.cmu.edu>
Message-ID: <9401171919.AA25006@igi.psc.edu>
MIME-Version: 1.0
Content-Type: text/plain



Matthew J Ghio <mg5n+@andrew.cmu.edu>  writes:
>
> "gtoal@gtoal.com" <gtoal@pizzabox.demon.co.uk> writes:
> 
> Note that pizzabox.demon.co.uk [158.152.8.236] doesn't tell where it got
> the message from.  Could it have been longs.lance.colostate.edu?  I
> liked Detweiler better when he just used anon.penet.fi.

  Perhaps you just don't understand how headers work.

  Often times, the machine which originats a message puts a header 
  in that says it "recieved" it *despite* the fact that the message 
  was originated on that machine.  This happens (I believe) because
  the mail agent submits the message to sendmail for sending.  This
  causes sendmail to tag it as "recieved" despite its origin on that
  machine.

> P.S. I sent myself a test email by telnetting to pizzabox.demon.co.uk
> 25, but it identified the IP address I telnetted from... hopefully the
> site administrators at demon.co.uk have recognized the problem and taken
> steps to prevent further detweiling.  But be on your lookout, this will
> only hold him off until he can find another SMTP port to spoof from.

  Or, more likely, there was never a problem at pizzabox.demon.co.uk
  and the message is either not forged or the forger submitted it 
  through another mechanism.

 Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959
 finger boone@psc.edu for PGP public key block