Karl said:
Somebody is trying to be clever and forging mail to figure out my penet id (surprise, I don't have one, but now I do).
I doubt it's a forgery attack. More likely, somebody subscribed to the list under a anXXXX address rather than naXXXX -- possibly intentionally, but probably just by mistake. The effect is that everyone who posts to the list has their headers pseudonymized before their messages are passed to the subscriber. The people who were told they had been given anXXXX addresses were the lucky ones. People who already had unpassworded addresses, and who have unstripped .sigs or other indentifiers, have had their pseudonyms and truenames silently handed to the subscriber. Nasty failure mode. This has happened on the list a few times before. The first or second time was one of the major reasons Julf added the naXXXX capability, as I recall, to let anonymous users safely subscribe to mailing lists. Passwords were intended to stop the forgery attack, but are helpful here too. This mail, for example, should never reach the subscriber in question, because I didn't include my password. A handy stopgap would be for majordomo to screen out anXXXX addresses (better, convert them to naXXXX), and other known double-blinding addresses. The behavior of anon.penet.fi interacts poorly with mailing lists, but we've had that discussion before. Eli ebrandt@hmc.edu