Andy Dustman <andy@neptune.chem.uga.edu> wrote:
If I remember correctly, the documentation for at least one of the nymservers suggested that posting through a remailer and pasting in the return address would be quicker and impose less burden on the server than having to process each outgoing message through the server.
That's possible, and if true, it's probably in the documentation for redneck. Personally, I would prefer to have the server handle those messages, simply because there is a certain amount of "authentication", i.e., you can be reasonably sure that that nym really sent the message and wasn't forged.
I think it's just as well that people NOT get the idea that the e-mail address in the headers (from *ANY* ISP) is somehow authenticated and reliable. The only advantage to sending the message through the 'nymserver would be if the server itself would PGP sign the message with its own key to prove that the message was sent through the server by a properly authenticated user. The remailers themselves have become the victims of forgeries. Back during the DataBasix "reign of [t]error" directed at Jeff Burchell, the "DataBasix cabal" (called that by a Netcom news admin, BTW) accused the Mailmasher 'nymserver of being used for "forgery" of Gary Burnore's name and address to various posts. And now, even after the cajones.com domain has apparently bitten the dust, I've seen complaints of spam being received by people that's been forged to look as if it had come from that domain. In the case of the Burnore forgeries, the Path: was only traceable back to the mail2news gateway, so the header items implicating Mailmasher could have easily been forged just as Mr. Burnore's address was. Nevertheless, these alleged "forgeries" comprised the rationale used by a DataBasix employee, Billy McClatchie, for demanding the Mailmasher be shut down. Any kid with a throwaway Netcruiser account and a copy of Netscape or some other mailer that allows you to set an arbitrary From: address on outgoing SMTP mail can easily "forge" a return address, and certainly do a more convincing job than you could ever hope to do by pasting headers through a remailer. I'll bet if that happened, people like Mr. Burnore would not be so quick to demand that Netcom be shut down if it can't put a stop to this.
I'm not sure that even that is a wise precedent to set. In itself it seems innocuous enough, but it could always lead to a demand, "Well, you already mangle e-mail addresses contained in the bodies of posts, so why not also alter the contents of posts in the following way..."
Well, I'm not real happy to have to do it. It was in response to a very active spam-baiting campaign, apparently directed at the Databasix people, and primarily consisted of lists of addresses with no (or very little) other text. I doubt this methodology could realistically be applied to anything else (or that I would consider doing it for anything else).
Your solution was undoubtedly more clever than they had counted on. Unless I miss my guess, they were hoping that anything that contained one of their e-mail addresses would get blocked. They did manage to convince Jeff Burchell to do that, at least until he figured out what they were up to and he discontinued his content filtering. I once tried an experiment. I got one of those free e-mail accounts and stuck its e-mail address in the body of a Usenet post that was sent to the same set of NGs that were involved in this "spam baiting". I did this once daily for several weeks and only received one piece of spam. Knowing that, I could have confidently "spam baited" myself, if I wished, without any real consequences. Back when this was all happening, Gary was posting perhaps a dozen messages a day to usenet with his own (unmangled) address in the headers. I doubt that he'd have noticed any difference from having his address included in the BODIES of anonymous posts. Anyone who was going to harvest his address would have already done so from his own posts.
BTW, is there any evidence to indicate that anyone is really harvesting e-mail addresses from the BODIES of Usenet posts? Gary Burnore posts his flames quite widely, so it's quite likely that any bulk e-mailing lists he's on is the result of his (non-mangled) e-mail address being in the From: line of his own posts.
I really don't know. I do know when the spam-baiting campaign started, the spam-baiters would also use the remailers to contact the people spam-baited to let them know they had been spam-baited so they would complain to us.
That's even more evidence that the real target of the spam baiter(s) was the remailers themselves. Why else would you "attack" people, then anonymously warn them of what you'd done? Perhaps that's why the spam baiting reportedly was directed not only at the DataBasix gang, but also at their detractors, such as Ron Guilmette, Scott Dentice, etc. I did notice several non-anonymous Usenet "warnings" going out from Peter Hartley <hartley@hartley.on.ca>, the sysadmin of an infamous Canadian domain that provides autoresponders for spammers. He was even "helpful" enough to include several contact addresses for Jeff Burchell and his upstream providers. I'm not sure how/why he was involved, unless the spam baiters managed to push his buttons and sucker him into joining their clandestine anti-remailer campaign.
(There was another set of letters going around claiming to be pro-remailer, but I was always skeptical that that was the true intention.)
Sounds like a classic, "F.U.D." disinformation campaign like another anti-privacy bunch, the Co$, would engage in. What better way to discredit remailers that to, for example, send out anonymous messages saying "Preserve your rights -- defend remailers!" and making it look like the message came from a member of the KKK, or NAMBLA, or some other unpopular group.