I only have access to an email connection to the internet, so I cannot test a method of forging mail that I learned. Is this a taboo topic? It seems it would be useful for anonomous mailers. Give me the go ahead, and I'll continue...tomorrow. I'm done for the day. Peter Baumbach baumbach@atmel.com
No, forging e-mail is not a taboo topic, but then again it doesn't buy you anything if you're up against a smart person. If you just forge mail to me, most likely I can track you down to at LEAST the machine you forged it from! If you go through a remailer, then it strips the headers off, so its not a problem. But there is no reason to need to forge a message to a remailer since it hides your identity in the first place. That's its job. -derek
you anything if you're up against a smart person. If you just forge mail to me, most likely I can track you down to at LEAST the machine you forged it from!
....but a smart person can ensure that you can't track him down FARTHER than the machine he forged it from (without extraordinary aid, like access to the site's sendmail logs).
If you go through a remailer, then it strips the headers off, so its not a problem. But there is no reason to need to forge a message to a remailer since it hides your identity in the first place. That's its job.
Actually, forging mail at the machine you're on en route to the remailer protects you against: 1) Anyone who can snoop the message headers on the way to the remailer ("Tra la la. Let's keep a little list of everyone using those remailers...") 2) A corrupt remailer operator. I'm assuming you send from a fairly large organization. Then even though they can find out which machine originated the message, one can't determine which of the users (and there may be more than 100) originated the message. Plausible deniability. Peter (NOT the one who allegedly forged mail from bass.sco.atmel.com ;-)
participants (3)
-
baumbach@atmel.com
-
Derek Atkins
-
Peter Breton