I am curious about what is happening on alt.test. Someone is apparently forging letters containing the line: I am (insert True Name and address here) from a large list of account names and sending them through anon@penet.fi to alt.test. If the address is not previously registered with penet.fi it generates a new acct number (thus the long list of messages with sequential acct nums anXXXXXX) however every once in a while there will be a message (they are all 43 lines long, and have the subject "tuna fish test numero nnn" making them easy to spot from real anon.testers) that will have an account number that is out of sequence (e.g. a much lower number). It would seem that this is revealing the anon acct numbers of people who have already got accts at penet.fi. There are a number of messages posted to alt.test from apparently real acct addresses saying that they never requested anon accts. and generally disavowing all knowledge of how the "tuna fish" messages ended up posted. Does this form of "lunch-sack" attack really work? By spamming penet.fi with "tuna fish" messages with forged From: lines can one really get the true names and corresponding anon acct numbers of people from a list of addresses? If this is possible then I'm sure it wouldn't take long for one of you mail-gurus to whip up some code to download a "who cypherpunks" and feed it through a spam grinder to recover true names. So much for trusting a Finnish Identity Escrow Agent. HH C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick <cjl@welchlink.welch.jhu.edu> / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / )