Hmm. Maybe I should rejoin the cypherpunks list, after all..
Does this form of "lunch-sack" attack really work? By spamming penet.fi with "tuna fish" messages with forged From: lines can one really get the true names and corresponding anon acct numbers of people from a list of addresses?
It does. But only if the user hasn't set a password. That's why I implemented the password feature! I have also zapped all queued-up "tuna" messages. But the whole current server is getting to be a horrible patchwork. I am working on a total redesign/rewrite, as well as upgrading the machine and the connection, to eliminate the delays and allow PGP. But to do all that, I am going to need sponsors/support. Preliminary discussions started with a couple of organisations. Julf