gburnore@netcom.com (Gary L. Burnore) wrote:
: Presently, cracker (and some other remailers) do not allow pasting in a : From: header. As I have stated before, the purpose of an anonymous : remailer is to be anonymous, so pasting in a From: seems contradictory. : However, as has been pointed out, a lot of people like to do it to avoid : sending through nymservers, or at least psuedo-identify themselves. : : So, I propose a compromise: What if I enable pasting of From:, but if a : From: header is pasted in, a short disclaimer is added to the beginning of : the body of the message. Would that mess anyone up? I think this would be : sufficient to avoid most problems with "forging".
Not a good thing. If you allow a valid address to be in the from line, the results (regardless of the inside of the message) will be UCE baiting. Posting a message to an mlm type group with someone elses' name in the from line. The address cullers would not read the post to know the address was false.
A better comprimise would be to allow the From line to be altered but not to form a valid email address. Like name <at> site <dot> com.
At least make sure it doesn't allow the from line to be modified to a name in your blocked list.
Maybe when other ISPs, like Netcom where Mr. Burnore is posting from, impose similar restrictions it might make sense to implement them at the remailers as well. (Remailers might well be considered the ISP of last resort for those who consider the risks of posting controversial ideas from a traceable address to be an intolerable risk.) Remailer users should not be considered second class citizens, nor have their capabilities (such as header pasting) crippled to appease anyone who makes a demand. Right now, Netcom users can and do have the capability to put just about anything in the From: line (or other header lines) of their usenet posts. Presumably if that capability were such an open invitation to "forgery", Netcom would either have disabled it or Mr. Burnore would have cancelled his Netcom account in protest. Why single out the remailers? Andy Dustman's suggestions seem quite reasonable. When something is loaded with disclaimers that the identity of the author has not been authenticated, then it's not "forgery" -- not anymore than when celebrity impersonators on Saturday Night Live are engaging in "fraud" for pretending to be President Clinton, etc. If Gary Burnore is so concerned about "forgery", maybe he ought to start using that PGP key he keeps advertising in his .sig to actually sign his posts. Unless he does, he's still vulnerable to forgery from his fellow Netcom users who are still allowed to insert arbitrary From: lines in their Usenet posts. Actually, forging a post with Gary Burnore's name and address in the From: line can be much more convincingly (no disclaimers) done from a throwaway Netcruiser account, and with less effort than learning the proper protocol to do it through a remailer. Munging of addresses is better left to the discretion of the poster. Let those who perceive a need for this "capability" use it. At least one of the mail2news gateways implements that as an option for those desiring it. I'm in favor of leaving that choice with the poster. Mr. Burnore made a similar "forgery" complaint here several months ago and was advised to PGP sign his posts and request source-level blocking if he perceived forgery to be a problem. He has evidently not taken the trouble to implement the first suggestion and, assuming he took the second suggestion, he's posted no evidence to suggest that it's not been effective.