From: Anonymous <anon@anon.efga.org>
To: mail2news@basement.replay.com
Message Hash: 0fb60e6e9a04ef0b8013d05ecfad2ccde219b12974fcf009a7863227a2459b36
Message ID: <d2fb24d6e9a80e7f6a5f5c4146d2845f@anonymous.poster>
Reply To: <Pine.LNX.3.94.971130135656.6085F-100000@neptune.chem.uga.edu>
UTC Datetime: 1997-12-01 01:13:11 UTC
Raw Date: Mon, 1 Dec 1997 09:13:11 +0800
From: Anonymous <anon@anon.efga.org>
Date: Mon, 1 Dec 1997 09:13:11 +0800
To: mail2news@basement.replay.com
Subject: Re: Pasting in From:
In-Reply-To: <Pine.LNX.3.94.971130135656.6085F-100000@neptune.chem.uga.edu>
Message-ID: <d2fb24d6e9a80e7f6a5f5c4146d2845f@anonymous.poster>
MIME-Version: 1.0
Content-Type: text/plain
gburnore@netcom.com (Gary L. Burnore) wrote:
> : Presently, cracker (and some other remailers) do not allow pasting in a
> : From: header. As I have stated before, the purpose of an anonymous
> : remailer is to be anonymous, so pasting in a From: seems contradictory.
> : However, as has been pointed out, a lot of people like to do it to avoid
> : sending through nymservers, or at least psuedo-identify themselves.
> :
> : So, I propose a compromise: What if I enable pasting of From:, but if a
> : From: header is pasted in, a short disclaimer is added to the beginning of
> : the body of the message. Would that mess anyone up? I think this would be
> : sufficient to avoid most problems with "forging".
>
> Not a good thing. If you allow a valid address to be in the from line, the
> results (regardless of the inside of the message) will be UCE baiting.
> Posting a message to an mlm type group with someone elses' name in the from
> line. The address cullers would not read the post to know the address was
> false.
>
> A better comprimise would be to allow the From line to be altered but not to
> form a valid email address. Like name <at> site <dot> com.
>
> At least make sure it doesn't allow the from line to be modified to a name in
> your blocked list.
Maybe when other ISPs, like Netcom where Mr. Burnore is posting
from, impose similar restrictions it might make sense to implement
them at the remailers as well. (Remailers might well be considered
the ISP of last resort for those who consider the risks of posting
controversial ideas from a traceable address to be an intolerable
risk.) Remailer users should not be considered second class
citizens, nor have their capabilities (such as header pasting)
crippled to appease anyone who makes a demand. Right now, Netcom
users can and do have the capability to put just about anything in
the From: line (or other header lines) of their usenet posts.
Presumably if that capability were such an open invitation to
"forgery", Netcom would either have disabled it or Mr. Burnore would
have cancelled his Netcom account in protest. Why single out the
remailers?
Andy Dustman's suggestions seem quite reasonable. When something is
loaded with disclaimers that the identity of the author has not been
authenticated, then it's not "forgery" -- not anymore than when
celebrity impersonators on Saturday Night Live are engaging in
"fraud" for pretending to be President Clinton, etc.
If Gary Burnore is so concerned about "forgery", maybe he ought to
start using that PGP key he keeps advertising in his .sig to
actually sign his posts. Unless he does, he's still vulnerable to
forgery from his fellow Netcom users who are still allowed to insert
arbitrary From: lines in their Usenet posts. Actually, forging a
post with Gary Burnore's name and address in the From: line can be
much more convincingly (no disclaimers) done from a throwaway
Netcruiser account, and with less effort than learning the proper
protocol to do it through a remailer.
Munging of addresses is better left to the discretion of the poster.
Let those who perceive a need for this "capability" use it. At
least one of the mail2news gateways implements that as an option for
those desiring it. I'm in favor of leaving that choice with the
poster.
Mr. Burnore made a similar "forgery" complaint here several months
ago and was advised to PGP sign his posts and request source-level
blocking if he perceived forgery to be a problem. He has evidently
not taken the trouble to implement the first suggestion and,
assuming he took the second suggestion, he's posted no evidence to
suggest that it's not been effective.
Return to December 1997
Return to “Anonymous <anon@anon.efga.org>”
Unknown thread root