bureau42 Anonymous Remailer <nobody@bureau42.ml.org> writes:
On Sun, 14 Dec 1997 at 08:12:31 -0600 Human Gus-Peter wrote:
It is interesting to note that the emails from treasury.gov constituted the same type of 'threat' that Bell was roundly accused of by government officials and the press.
I've seen brief mention of this before, but have never seen any details on the list. Aside from Jim Choate questioning my arithmetic or attention span, would anyone be kind enough to provide pointers to information about incidents of c-p list members having received unsolicited email from .gov?
Check the archives. There was plenty of discussion when it happened. I'm convinced they used names pulled out of Bell's computer, not a cypherpunks subscriber list as they sent my copy of the SPAM to an email address that had long been retired at the time of the mailing, but had been used to exchange email with Jim. Far more active list members than I didn't get a copy.
Declan, did you catch a whiff of this when it happened? I would think everyone's alarm bells would have gone off and people would have been intensely interested in the messages themselves, particularly the headers.
They did, and we were. Here's a copy of one message I saved: To: cypherpunks@algebra.com Subject: gotcha (was Re: DEATH TO THE TYRANTS) References: <1.5.4.32.19970723233941.006d1374@pop.pipeline.com> <v03102800affc86bdca7e@[207.167.93.63]> From: SL Baur <steve@xemacs.org> In-Reply-To: Tim May's message of "Wed, 23 Jul 1997 21:21:48 -0700" Date: 23 Jul 1997 22:18:12 -0700 Message-ID: <m2lo2xauzv.fsf_-_@altair.xemacs.org> Tim May <tcmay@got.net> writes:
Namely, who is "irsnwpr@net.insp.irs.gov" and what does he or she think of the "DEATH TO TYRANTS" subject header, sent to me (and maybe others). ... The headers in the first of the messages I received were:
Received: from tcs_gateway1.treas.gov (tcs-gateway1.treas.gov [204.151.245.2]) by you.got.net (8.8.5/8.8.3) with SMTP id PAA28395 for <tcmay@got.net>; Fri, 18 Jul 1997 15:29:59 -0700 ... Received: from tcs_gateway1.treas.gov (tcs-gateway1.treas.gov [204.151.245.2]) by you.got.net (8.8.5/8.8.3) with SMTP id PAA28954 for <tcmay@got.net>; Fri, 18 Jul 1997 15:39:39 -0700
If those headers are forged, it is an expert forgery. The MX hosts for the net.insp.irs.gov domain are fun: net.insp.irs.gov preference = 10, mail exchanger = tcs-gateway2.treas.gov net.insp.irs.gov preference = 20, mail exchanger = tcs-gateway1.treas.gov net.insp.irs.gov preference = 30, mail exchanger = gotcha.treas.gov irs.gov nameserver = gotcha.treas.gov irs.gov nameserver = nis.ans.net irs.gov nameserver = ns.ans.net tcs-gateway2.treas.gov internet address = 204.151.246.2 tcs-gateway1.treas.gov internet address = 204.151.245.2 gotcha.treas.gov internet address = 204.151.246.80 `gotcha.treas.gov'? It's a real host connected through ans.net ... 12 h10-1.t32-0.New-York.t3.ans.net (140.223.57.30) 139.839 ms 126.702 ms 125.82 ms 13 h11-1.t56-1.Washington-DC.t3.ans.net (140.223.57.21) 147.248 ms 124.774 ms 118.815 ms 14 f0-0.cnss60.Washington-DC.t3.ans.net (140.222.56.196) 192.54 ms 125.939 ms 166.529 ms 15 enss3080.t3.ans.net (192.103.66.18) 130.917 ms 131.057 ms 145.377 ms 16 gotcha.treas.gov (204.151.246.80) 133.065 ms 134.345 ms 131.596 ms Except for hop 16, this is the same traceroute as to tcs-gateway2.treas.gov. For what it's worth, the traceroute to tcs-gateway1 is slightly different: 8 h13-1.t16-0.Los-Angeles.t3.ans.net (140.223.9.14) 44.997 ms 51.526 ms 51.875 ms 9 h14-1.t112-0.Albuquerque.t3.ans.net (140.223.17.10) 60.895 ms 60.426 ms 57.762 ms 10 h14-1.t64-0.Houston.t3.ans.net (140.223.65.9) 81.131 ms * 85.067 ms 11 h14-1.t80-1.St-Louis.t3.ans.net (140.223.65.14) 117.62 ms 100.623 ms 104.878 ms 12 h10-1.t60-0.Reston.t3.ans.net (140.223.61.13) 126.368 ms 136.017 ms 123.367 ms 13 f2-0.c60-10.Reston.t3.ans.net (140.223.60.220) 129.505 ms 128.214 ms 128.52 ms 14 enss3079.t3.ans.net (204.148.66.66) 134.707 ms 162.912 ms 160.774 ms 15 tcs-gateway1.treas.gov (204.151.245.2) 154.268 ms * 155.898 ms