From: Andy Dustman <andy@neptune.chem.uga.edu>
Date: Mon, 1 Dec 1997 07:05:39 -0800 (PST)
To: Lance Cottrell <loki@infonex.com>
Subject: Re: Pasting in From:
In-Reply-To: <v03102802b0a801cade82@[206.170.115.5]>
Message-ID: <Pine.LNX.3.94.971201095438.6085P-100000@neptune.chem.uga.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 30 Nov 1997, Lance Cottrell wrote:

> The risks of allowing pasted From: lines far outweigh the benefits. Pasting
> of From lines makes remailer operators much more vulnerable to charges of
> fostering forgery rather than simple anonymity.
> 
> Spam baiting is another obvious risk. Forged postings with deplorable
> content will bring down retribution on the forgery victim. Forged From
> lines can also be used to subscribe victims to thousands of mailing lists.
> 
> The uses of this "feature" can be duplicated with other mechanisms such as
> nym-servers, which provide persistent unique From lines without the
> possibility of forgery of arbitrary addresses. Users desiring greater
> security can simply point the reply capability of the nym server at the
> nearest /dev/null.

I've said all of this before myself, and still people want it. So there
will be two safeguards which should prevent the aforementioned problems:

1) The From: address on USENET posts will be mangled a la mail2news_nospam
to prevent spam baiting. Most of the posts I see with pasted From: lines
(from replay, in alt.privacy.anon-server) use a fake address and aren't
trying to impersonate anyone. 

2) Whenever a From: line is pasted, a disclaimer will be inserted at the
top of the body, stating that the original sender has set the From: line,
and that the identification cannot be verified. The fact that it is up at
the top of the body should mean people should actually see it before
reacting.

3) As someone else has suggested, it does indeed insert a Sender: header
with the remailer's address.

Two basic points also about "forgeries". First, you can forge headers
pretty easily without any programs other than telnet. Second, if this
actually does become misused frequently, all I need to do is delete one
character from one file (a # in headers.del) and it will be disabled. I
consider this an experimental feature, and if it doesn't work out, I'll
just turn it back off.

Andy Dustman / Computational Center for Molecular Structure and Design
For a great anti-spam procmail recipe, send me mail with subject "spam".
Append "+spamsucks" to my username to ensure delivery.  KeyID=0xC72F3F1D
Encryption is too important to leave to the government. -- Bruce Schneier
http://www.athens.net/~dustman mailto:andy@neptune.chem.uga.edu   <}+++<