[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Auto moderation
> Do you know how easy it is to fake an address? I occasionally telnet to port 25
> and talk SMTP directly, to avoid spooling, but I have to type in the address
> I want the mail to appear from. There's no way of ensuring that I type in
> my real address, or _any_ real address at all for that matter.
Actually, it's not quite that easy. You can mail from any
username at your site, but if you put in a different site without using
helo protocol, it gives an X-Authorization-Warning in the header, which
contains your home site.
Alternately, if you do use helo, someone can just have a look at
the headers of the message, and work out wherethe message was posted
from. Then, it's just a question of consulting SMTP and system logs, and
the sysadmin has a fair chance of tracing you back. Perhaps you heard of
some guy who sent a death threat to the president using this method? They
traced him back REAL fast.
> Digitally signed voting? Only works if you restrict yourself to 'known' voters.
> Net identities are very easy to fake or create.
This i agree with. Any half competent cracker can create and
remove hundreds of identities (or more, depending on when some sysadmin
notices the suspicious batch job running in bground). There's lots of
ways to fake this, so i agree, you'd have to work from a list of
registered voters - and hope that no one person is represented on that
list too many times.
* * Mikolaj J. Habryn
* "Information wants to be free!"
PGP Public key available by finger
* #include <standard-disclaimer.h>