[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pasting in From:




[email protected] (Gary L. Burnore)

> :If Gary Burnore is so concerned about "forgery", maybe he ought to
> :start using that PGP key he keeps advertising in his .sig to
> :actually sign his posts.  Unless he does, he's still vulnerable to
> :forgery from his fellow Netcom users who are still allowed to insert
> :arbitrary From:  lines in their Usenet posts.  Actually, forging a
> :post with Gary Burnore's name and address in the From:  line can be
> :much more convincingly (no disclaimers) done from a throwaway
> :Netcruiser account, and with less effort than learning the proper
> :protocol to do it through a remailer.
>  
>  
> Please specify how PGP signing the inside of a post will stop  UCE-Baiting.

PGP signing a post is a lot like the new anti-counterfeiting measures in US
currency, only a lot more effective.  But if some bozo decides to start printing
up three dollar bills with a portrait of Mickey Mouse, and others are
foolish enough to accept them, what are you going to do?  It's hard to protect
people from their own stupidity.  I'd contend that a $3 bill isn't even a
counterfeit or forgery, since there is not genuine equivalent which it seeks to
fraudulently duplicate.

Maybe it's time that the brain-dead software that mindlessly harvests e-mail
addresses from the net was shut down.  That sounds like the real problem.
 
> :Munging of addresses is better left to the discretion of the poster.
> :Let those who perceive a need for this "capability" use it.  At
> :least one of the mail2news gateways implements that as an option for
> :those desiring it.  I'm in favor of leaving that choice with the
> :poster.
>    
> Please specify how PGP signing the inside of a post will stop UCE-Baiting.

I'm not sure what comment you intended to make about that paragraph, since it
appears that you inadvertantly pasted in your comment from the last paragraph
again.  The text you're supposedly commenting on nowhere mentions PGP.
   
> :Mr. Burnore made a similar "forgery" complaint here several months
> :ago and was advised to PGP sign his posts and request source-level
> :blocking if he perceived forgery to be a problem.  He has evidently
> :not taken the trouble to implement the first suggestion and,
> :assuming he took the second suggestion, he's posted no evidence to
> :suggest that it's not been effective.
>    
> The second has been effective. I've not denied that. 

Since you've already found a solution to the problem that works, there seems
to be no need to do anything more drastic to solve it.
   
> I can see however, that
> allowing anon posts with someone elses' address in the from line is a great
> tool for UCE-Baiting. I fail to see any other reason for it in an anonymous
> post.  What other reason would there be for putting a REAL email address in
> the from line of an ANONYMOUS post?

For one thing, to identify posts as originating from one's pseudonym, which 
*MIGHT* be a "real" e-mail address.  Most times I've seen it used, though, it has 
been used to place identifying information in the From: field which many newsreaders 
use to identify posts so that they are recognizeable by the reader.

> Again, it's nothing to do with the CONTENT. It has more to do with the ability
> to post to an mlm group with someone elses' email address.  Oh, and btw, if a
> NETCOM customer is caught doing this, his/her account is terminated.

The key word there is "caught", and then you'd have to convince Netcom to actually
do something about it.  It is my understanding that spammers routinely utilize
Netcom's OPEN SMTP SERVERS to send out their spam, using whatever From: field they
wish, and Netcom doesn't seem to care.  Anyone using those same servers to send mail 
to a mail2news gateway could forge someone's name and e-mail address to a Usenet post, 
couldn't they?

Also, even if a complaint to Netcom got an individual account shut down, that wouldn't
stop some other Netcom user from doing the same thing, nor would it stop the first
Netcom user from opening another account under a phony name and repeating the
process, or even doing it from a non-Netcom account.  So if my e-mail address were
being forged via Netcom, would they be able to source-block it as the remailers
currently can do?  If not, doesn't your own ISP have a bigger abuse potential than the
remailer net?
 
> AGAIN  IT'S NOT FORGERY  THAT'S A PROBLEM. IT'S UCE BAITING. 
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

There's no need to shout.  Perhaps you've forgotten two earlier posts you made to
this NG in the past couple of weeks in which you said:

-> Subject: Re: Controlling the From: line in PIdaho
-> 
-> Hopefully replay has corrected this as others have suggested so that the above
-> CAN'T be done.  It's a simple way to forge someone else's name.  Early last
                                        ^^^^^
-> year comes to mind.
->
-> [...]
->      
-> Posting anonymously is a valid thing to do, posting with someone else's name
-> in the From line is simply forgery.   Try sending your message from a hotmail
                              ^^^^^^^
-> address or other site where you can just make up a name if you want this sort
-> of thing.

And in another post:

-> Subject: Re: 'from' other than anonymous
-> 
-> [...]
-> 
-> Again, a forged from line (Forged as in someone's _REAL_ email address shows
            ^^^^^^            ^^^^^^
-> up) is a BAD THING.

You claimed to be concerned about FORGERY back then, now you're saying "IT'S NOT 
FORGERY THAT'S A PROBLEM".  Which is the case?
 
> AGAIN. Please specify how PGP signing a post will stop UCE Baiting based soley
> on the from line.

But you were given two solutions, so if one of them works, then you don't need the
other one.

--