[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forged mail






> you anything if you're up against a smart person.  If you just forge
> mail to me, most likely I can track you down to at LEAST the machine
> you forged it from!

....but a smart person can ensure that you can't track him down FARTHER
than the machine he forged it from (without extraordinary aid, like
access to the site's sendmail logs).
 
> If you go through a remailer, then it strips the headers off, so its
> not a problem.  But there is no reason to need to forge a message to a
> remailer since it hides your identity in the first place.  That's its
> job.

  Actually, forging mail at the machine you're on en route to the remailer
protects you against:

1) Anyone who can snoop the message headers on the way to the remailer
("Tra la la. Let's keep a little list of everyone using those remailers...")

2) A corrupt remailer operator.

  I'm assuming you send from a fairly large organization. Then even though
they can find out which machine originated the message, one can't
determine which of the users (and there may be more than 100) originated the
message. Plausible deniability.


		Peter 

	(NOT the one who allegedly forged mail from bass.sco.atmel.com ;-)