From: stewarts@ix.netcom.com
To: remailer-operators@anon.lcs.mit.edu
Message Hash: 436cd63560eab291ce267cbf78d5cad3c15e43d3a652e8aac4d7bf37b82ffc8a
Message ID: <3.0.3.32.19971201120355.006d2f34@popd.ix.netcom.com>
Reply To: <v03102802b0a801cade82@[206.170.115.5]>
UTC Datetime: 1997-12-01 22:53:34 UTC
Raw Date: Tue, 2 Dec 1997 06:53:34 +0800
From: stewarts@ix.netcom.com
Date: Tue, 2 Dec 1997 06:53:34 +0800
To: remailer-operators@anon.lcs.mit.edu
Subject: Re: Pasting in From:
In-Reply-To: <v03102802b0a801cade82@[206.170.115.5]>
Message-ID: <3.0.3.32.19971201120355.006d2f34@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>On Sun, 30 Nov 1997, Lance Cottrell wrote:
>> [Spam baiting, forged mailing list subscriptions]
These are easy enough; the address-munging gets rid of these and
also things like forgings to alt.test and other bots,
though eventually the spammers may catch on to "User <AT> Foo <DOT> com" etc.
The hard problem is
>> Forged postings with deplorable content will bring down retribution
>> on the forgery victim.
I shut down my remailer a few years ago because of this one;
the forger posted hate mail to the gay newsgroups with the victim's name
at the bottom (didn't even use From: pasting, just message body.)
Supporting From: pasting just encourages this.
It's possible to cancel the one forged usenet message,
but that didn't stop the flames many people emailed to her,
and fewer systems are accepting cancels these days,
especially when forged by remailers...
Besides Usenet, other popular tactics for retribution are
sending death threats to politicians, sending child pornography
to mailing lists, forging messages _from_ politicians, etc.
Disclaimer/warning headers help, but can't stop it all.
At 10:07 AM 12/01/1997 -0500, Andy Dustman wrote:
>Two basic points also about "forgeries". First, you can forge headers
>pretty easily without any programs other than telnet. Second, if this
This was before Gary Burnore's attacks on the remailer networks,
but it's also an obvious tactic for either flamers or Feds to use
for getting remailers shut down. If somebody forges a Usenet posting
with telnet, it's not _your_ problem (usually). If they use your remailer,
it is your problem. And if they get remailers closed down a lot,
it's all of our problems.
>2) Whenever a From: line is pasted, a disclaimer will be inserted at the
>top of the body, stating that the original sender has set the From: line,
>and that the identification cannot be verified. The fact that it is up at
>the top of the body should mean people should actually see it before
>reacting.
It's worth also repeating it at the bottom. Putting it in the headers
is invisible with most newsreaders, though.
By the way, one technical risk with From:-pasting is that you need to
parse or substitute special characters including parens and anglebrackets.
Otherwise it's easy for people to paste in syntactically incorrect headers,
which really annoy some gateways and mail clients - nested parens are
a particular problem.
Basically, I think you're getting yourself in for excitement
and adventure and really wild stuff by supporting this :-)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQBVAwUBNIMYKvthU5e7emAFAQFg6wH9HhJ2RJA0SVBAGZ7hu4mo/dtc6PzPB5+g
NP2utlAEDSbuTrchPKVw4SkZOdkRWlXLD3nmCsdOScIjuZOQtY8nKw==
=vqyf
-----END PGP SIGNATURE-----
Thanks!
Bill
Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Return to December 1997
Return to “TruthMonger <tm@dev.null>”