Hm... this topic seems to come up every few months - just today I was reading the newest Risks digest and an32153 (or something like that) was announcing the "risk" of using penet. I mailed off a submission describing how to avoid this. I think people don't know about this because it isn't published anywhere. Or is it? Maybe somebody could help Julf out and offer to write a new help file that specifically mentions the an/na trick. Last time I looked at the penet help file, this wasn't mentioned. It only takes a bit of work to avoid blowing your id - you just can't hit 'r' and reply to the addressee; instead you must type in the address manually (and be sure to type na#### instead of an####). Last week I responded to some email from a penet user. I was careful to respond to na####, or penet would have allocated me an id for klbarrus@owlnet.rice.edu (since I don't have one for this account) and thus someone would have been able to correlate my penet id and this account. As a matter of fact, I think that I revealed the penet id for an old account of mine (elee9sf@menudo.uh.edu) this exact way, although this was before the an/na functionality. -- Karl L. Barrus: klbarrus@owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories