On Mon, 1 Dec 1997 stewarts@ix.netcom.com wrote:
These are easy enough; the address-munging gets rid of these and also things like forgings to alt.test and other bots, though eventually the spammers may catch on to "User <AT> Foo <DOT> com" etc.
It's probably too much effort for them to bother with. If you were a spammer, and wanted loads of addresses, how would you get them? Headers are the most address-rich part of the message, so you just get headers from the server. Then you look for addresses with a regex. Looking for mangled addresses means that now you have to have two regexes, which increases your search time for not much benefit. No, the only ones which will bother will be the spiteful ones...
I shut down my remailer a few years ago because of this one; the forger posted hate mail to the gay newsgroups with the victim's name at the bottom (didn't even use From: pasting, just message body.) Supporting From: pasting just encourages this.
It's possible to cancel the one forged usenet message, but that didn't stop the flames many people emailed to her, and fewer systems are accepting cancels these days, especially when forged by remailers...
With the address munging on USENET posts, you have to do a bit of work in order to even find the actual forged address (look at the headers, dig out Author-Address:, unmangle it), and by then you ought to be wondering, Did this person really send this?
By the way, one technical risk with From:-pasting is that you need to parse or substitute special characters including parens and anglebrackets. Otherwise it's easy for people to paste in syntactically incorrect headers, which really annoy some gateways and mail clients - nested parens are a particular problem.
Ah. When munging, I just use: sendmail -bv -- $ADDR and then a bit of sed magic. If anything can parse it correctly, it's sendmail.
(I would like to see Cc: and Bcc: being allowed to be pasted in also). At minimum, addresses in Cc: and Bcc: need to be checked against blocking lists, and it's probably worth checking the number of names in the list against some threshold - especialy Bcc:s, which tend to be popularly used by spamware.
On cracker, you can paste To:, CC:, and Bcc:. All are checked against the destination block file. At present, if a blocked address is on a list of addresses, the entire list is blocked. Maximum number of recipients is 20, at which point the whole thing is dropped.
I would also like to see From: pasted in. In fact I can see no purpose to restrict what can be pasted in, other than to reduce complaints to the remailer operator possibly. Too easy to be abused by forgers, as are Reply-To: and Sender:.
Sender: we don't allow, or X-Sender: or Received: or Comments: authenticated sender is. Reply-To: is allowed, and checked against the destination block list. In practice, this stuff doesn't seem to be a problem. Andy Dustman / Computational Center for Molecular Structure and Design For a great anti-spam procmail recipe, send me mail with subject "spam". Append "+spamsucks" to my username to ensure delivery. KeyID=0xC72F3F1D Encryption is too important to leave to the government. -- Bruce Schneier http://www.athens.net/~dustman mailto:andy@neptune.chem.uga.edu <}+++<