Re: Databasix conspiracy theories
Andy Dustman <andy@neptune.chem.uga.edu> wrote:
If I remember correctly, the documentation for at least one of the nymservers suggested that posting through a remailer and pasting in the return address would be quicker and impose less burden on the server than having to process each outgoing message through the server.
That's possible, and if true, it's probably in the documentation for redneck. Personally, I would prefer to have the server handle those messages, simply because there is a certain amount of "authentication", i.e., you can be reasonably sure that that nym really sent the message and wasn't forged.
I think it's just as well that people NOT get the idea that the e-mail address in the headers (from *ANY* ISP) is somehow authenticated and reliable. The only advantage to sending the message through the 'nymserver would be if the server itself would PGP sign the message with its own key to prove that the message was sent through the server by a properly authenticated user. The remailers themselves have become the victims of forgeries. Back during the DataBasix "reign of [t]error" directed at Jeff Burchell, the "DataBasix cabal" (called that by a Netcom news admin, BTW) accused the Mailmasher 'nymserver of being used for "forgery" of Gary Burnore's name and address to various posts. And now, even after the cajones.com domain has apparently bitten the dust, I've seen complaints of spam being received by people that's been forged to look as if it had come from that domain. In the case of the Burnore forgeries, the Path: was only traceable back to the mail2news gateway, so the header items implicating Mailmasher could have easily been forged just as Mr. Burnore's address was. Nevertheless, these alleged "forgeries" comprised the rationale used by a DataBasix employee, Billy McClatchie, for demanding the Mailmasher be shut down. Any kid with a throwaway Netcruiser account and a copy of Netscape or some other mailer that allows you to set an arbitrary From: address on outgoing SMTP mail can easily "forge" a return address, and certainly do a more convincing job than you could ever hope to do by pasting headers through a remailer. I'll bet if that happened, people like Mr. Burnore would not be so quick to demand that Netcom be shut down if it can't put a stop to this.
I'm not sure that even that is a wise precedent to set. In itself it seems innocuous enough, but it could always lead to a demand, "Well, you already mangle e-mail addresses contained in the bodies of posts, so why not also alter the contents of posts in the following way..."
Well, I'm not real happy to have to do it. It was in response to a very active spam-baiting campaign, apparently directed at the Databasix people, and primarily consisted of lists of addresses with no (or very little) other text. I doubt this methodology could realistically be applied to anything else (or that I would consider doing it for anything else).
Your solution was undoubtedly more clever than they had counted on. Unless I miss my guess, they were hoping that anything that contained one of their e-mail addresses would get blocked. They did manage to convince Jeff Burchell to do that, at least until he figured out what they were up to and he discontinued his content filtering. I once tried an experiment. I got one of those free e-mail accounts and stuck its e-mail address in the body of a Usenet post that was sent to the same set of NGs that were involved in this "spam baiting". I did this once daily for several weeks and only received one piece of spam. Knowing that, I could have confidently "spam baited" myself, if I wished, without any real consequences. Back when this was all happening, Gary was posting perhaps a dozen messages a day to usenet with his own (unmangled) address in the headers. I doubt that he'd have noticed any difference from having his address included in the BODIES of anonymous posts. Anyone who was going to harvest his address would have already done so from his own posts.
BTW, is there any evidence to indicate that anyone is really harvesting e-mail addresses from the BODIES of Usenet posts? Gary Burnore posts his flames quite widely, so it's quite likely that any bulk e-mailing lists he's on is the result of his (non-mangled) e-mail address being in the From: line of his own posts.
I really don't know. I do know when the spam-baiting campaign started, the spam-baiters would also use the remailers to contact the people spam-baited to let them know they had been spam-baited so they would complain to us.
That's even more evidence that the real target of the spam baiter(s) was the remailers themselves. Why else would you "attack" people, then anonymously warn them of what you'd done? Perhaps that's why the spam baiting reportedly was directed not only at the DataBasix gang, but also at their detractors, such as Ron Guilmette, Scott Dentice, etc. I did notice several non-anonymous Usenet "warnings" going out from Peter Hartley <hartley@hartley.on.ca>, the sysadmin of an infamous Canadian domain that provides autoresponders for spammers. He was even "helpful" enough to include several contact addresses for Jeff Burchell and his upstream providers. I'm not sure how/why he was involved, unless the spam baiters managed to push his buttons and sucker him into joining their clandestine anti-remailer campaign.
(There was another set of letters going around claiming to be pro-remailer, but I was always skeptical that that was the true intention.)
Sounds like a classic, "F.U.D." disinformation campaign like another anti-privacy bunch, the Co$, would engage in. What better way to discredit remailers that to, for example, send out anonymous messages saying "Preserve your rights -- defend remailers!" and making it look like the message came from a member of the KKK, or NAMBLA, or some other unpopular group.
On Mon, 17 Nov 1997, Anonymous wrote:
I think it's just as well that people NOT get the idea that the e-mail address in the headers (from *ANY* ISP) is somehow authenticated and reliable.
There is some merit to that...
The remailers themselves have become the victims of forgeries. Back during the DataBasix "reign of [t]error" directed at Jeff Burchell, the "DataBasix cabal" (called that by a Netcom news admin, BTW) accused the Mailmasher 'nymserver of being used for "forgery" of Gary Burnore's name and address to various posts. And now, even after the cajones.com domain has apparently bitten the dust, I've seen complaints of spam being received by people that's been forged to look as if it had come from that domain. In the case of the Burnore forgeries, the Path: was only traceable back to the mail2news gateway, so the header items implicating Mailmasher could have easily been forged just as Mr. Burnore's address was. Nevertheless, these alleged "forgeries" comprised the rationale used by a DataBasix employee, Billy McClatchie, for demanding the Mailmasher be shut down.
I've never really been convinced that Databasix has much to do with the Huge Cajones fiasco. I'm not saying nobody from there is involved, though. I'm just trying to keep an objective opinion on the subject.
That's even more evidence that the real target of the spam baiter(s) was the remailers themselves. Why else would you "attack" people, then anonymously warn them of what you'd done? Perhaps that's why the spam baiting reportedly was directed not only at the DataBasix gang, but also at their detractors, such as Ron Guilmette, Scott Dentice, etc.
That the primary target of the spam-baiting campaign was the remailer net (one at a time), I have little doubt.
(There was another set of letters going around claiming to be pro-remailer, but I was always skeptical that that was the true intention.)
Sounds like a classic, "F.U.D." disinformation campaign like another anti-privacy bunch, the Co$, would engage in. What better way to discredit remailers that to, for example, send out anonymous messages saying "Preserve your rights -- defend remailers!" and making it look like the message came from a member of the KKK, or NAMBLA, or some other unpopular group.
Yes, and that's how it appeared to me, as well. In fact, I really would doubt any other possible scenario, mainly because much of the spam-baiting was done to IP addresses (same people, different hosts), so IP addresses were basically outlawed (if you have an IP address, you've got to have a FQDN, right?). That and people were apparently being sent many copies of the "warning" (to the same address). Also, the tone of the letter seemed counter to what it was supposedly intended to accomplish, i.e., "there's nothing you can do about it, so stop whining". OTOH, I did make a public request for whoever it was doing it to stop, and they did seem to stop rather shortly after that, though spam-baiting continued. Andy Dustman / Computational Center for Molecular Structure and Design For a great anti-spam procmail recipe, send me mail with subject "spam". Append "+spamsucks" to my username to ensure delivery. KeyID=0xC72F3F1D Encryption is too important to leave to the government. -- Bruce Schneier http://www.athens.net/~dustman mailto:andy@neptune.chem.uga.edu <}+++<
At 03:24 PM 11/17/97 -0500, Anonymous wrote:
Any kid with a throwaway Netcruiser account and a copy of Netscape or some other mailer that allows you to set an arbitrary From: address on outgoing SMTP mail can easily "forge" a return address, and certainly do a more convincing job than you could ever hope to do by pasting headers through a remailer. I'll bet if that happened, people like Mr. Burnore would not be so quick to demand that Netcom be shut down if it can't put a stop to this.
Woodwose (who appears to have borrowed my last name for his "True Name") appears to have done a variation of this--except that if there are complaints about messages being sent from woodwose@mailexcite.com, I doubt anything will happen other than the woodwose account at mailexcite.com being closed. Hence, his "disposable remailer" claim. Any shmuck can log on and input a fake name, address, and demographic data to create a new account at hotmail, mailexcite, or juno. In this way, as existing remailers are harassed out of existence, new ones can be created on a daily or hourly basis. It would probably be interesting to find out how much info these outfits collect (cookies, etc.) that could be definitively linked to a True Name. Jonathan Wienke PGP Key Fingerprints: 7484 2FB7 7588 ACD1 3A8F 778A 7407 2928 3312 6597 8258 9A9E D9FA 4878 C245 D245 EAA7 0DCC "If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you. May your chains set lightly upon you; and may posterity forget that ye were our countrymen." -- Samuel Adams "Stupidity is the one arena of of human achievement where most people fulfill their potential." -- Jonathan Wienke RSA export-o-matic: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Jonathan Wienke <JonWienk@ix.netcom.com> writes:
[free mail by web accounts on mailexcite.com as remailers..]
Any shmuck can log on and input a fake name, address, and demographic data to create a new account at hotmail, mailexcite, or juno. In this way, as existing remailers are harassed out of existence, new ones can be created on a daily or hourly basis. It would probably be interesting to find out how much info these outfits collect (cookies, etc.) that could be definitively linked to a True Name.
A shortish while ago using these free email by web accounts as exit remailers in the remailer net was discussed. Someone enthused with the practicality of the idea said "let's do it". Ian Goldberg said "OK" and did it, posting perl code to interface to them. His code also automates the process of opening accounts on several of these services, and even automates the process of grabbing a random open web proxy address from a public list of them, and sending outgoing mail via them so that the sending remailer hosts IP address is not included in the headers. (Several of the email by web things include your IP address in the headers). I think several of the remailers are using this setup. If any remailers are thinking of throwing in the towel due to abuse, I'd highly recommend switching to using Ian's script as the final hop mail delivery agent. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (4)
-
Adam Back -
Andy Dustman -
Anonymous -
Jonathan Wienke