Do you know how easy it is to fake an address? I occasionally telnet to port 25 and talk SMTP directly, to avoid spooling, but I have to type in the address I want the mail to appear from. There's no way of ensuring that I type in my real address, or _any_ real address at all for that matter.
Actually, it's not quite that easy. You can mail from any username at your site, but if you put in a different site without using helo protocol, it gives an X-Authorization-Warning in the header, which contains your home site. Alternately, if you do use helo, someone can just have a look at the headers of the message, and work out wherethe message was posted from. Then, it's just a question of consulting SMTP and system logs, and the sysadmin has a fair chance of tracing you back. Perhaps you heard of some guy who sent a death threat to the president using this method? They traced him back REAL fast.
Digitally signed voting? Only works if you restrict yourself to 'known' voters. Net identities are very easy to fake or create.
This i agree with. Any half competent cracker can create and remove hundreds of identities (or more, depending on when some sysadmin notices the suspicious batch job running in bground). There's lots of ways to fake this, so i agree, you'd have to work from a list of registered voters - and hope that no one person is represented on that list too many times. * * Mikolaj J. Habryn dichro@tartarus.uwa.edu.au * "Information wants to be free!" PGP Public key available by finger * #include <standard-disclaimer.h>