From: Mikolaj Habryn <dichro@tartarus.uwa.edu.au>
Date: Sun, 15 May 94 18:19:30 PDT
To: rishab@dxm.ernet.in
Subject: Re: Auto moderation
In-Reply-To: <gate.2wocmc1w165w@dxm.ernet.in>
Message-ID: <199405160118.JAA16479@tartarus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


>  
> Do you know how easy it is to fake an address? I occasionally telnet to port 25
> and talk SMTP directly, to avoid spooling, but I have to type in the address
> I want the mail to appear from. There's no way of ensuring that I type in 
> my real address, or _any_ real address at all for that matter.

	Actually, it's not quite that easy. You can mail from any 
username at your site, but if you put in a different site without using 
helo protocol, it gives an X-Authorization-Warning in the header, which 
contains your home site.
	Alternately, if you do use helo, someone can just have a look at 
the headers of the message, and work out wherethe message was posted 
from. Then, it's just a question of consulting SMTP and system logs, and 
the sysadmin has a fair chance of tracing you back. Perhaps you heard of 
some guy who sent a death threat to the president using this method? They 
traced him back REAL fast.

> 
> Digitally signed voting? Only works if you restrict yourself to 'known' voters.
> Net identities are very easy to fake or create.

	This i agree with. Any half competent cracker can create and 
remove hundreds of identities (or more, depending on when some sysadmin 
notices the suspicious batch job running in bground). There's lots of 
ways to fake this, so i agree, you'd have to work from a list of 
registered voters - and hope that no one person is represented on that 
list too many times.

*       *       Mikolaj J. Habryn
                dichro@tartarus.uwa.edu.au
    *           "Information wants to be free!"
                PGP Public key available by finger
    *           #include <standard-disclaimer.h>