Tim mentioned that he'd had some problems getting stuff back from the list. Others have sent me mail wondering about strange formats from the mailer. Well, toad got mailbombed. The culprit--and no attempt at anonymity here--was 'css@netcom.com'. He was trying to get off the list by sending to owner-cypherpunks@toad.com. Well that address is a bounce handling address, and I don't read it very often, and then I ignore non-computer generated messages. Two words: clueless and projecting. He made at least three separate kinds off attacks: sending mail back to posters to the list, sending mail back to the list at large, and mailbombing toad with UNSUBSCRIBE x 200 messages, many (several dozen) at a time. What is humorous to me is not the lost sysadmin time (hours) but the lack of sophistication in the attack. No attempt at hiding identity, lack of creativity in bomb content, lack of specificity in targeting. For example, he could have forged a post to one of the .test groups in usenet with the list administrator (me) as target. Hundreds of messages would have flowed in to my mailbox over the next week, cramping my ability to use my inbox. Such a forgery could be done, say, by using an anonymous poster and gluing in a Reply-To: field. Or even better might have been picking a large mailing list that doesn't rewrite header fields and making sure that it leaves the mailer with 17 Received: fields and an Errors-To: field pointing to the victim. The cypherpunks alias on toad, for example, tacks on 3 Received fields in addition to the one or two that your mailer uses, but you can just add empty Received: fields--the code that bounces mail when it sees more than 17 (or 18-21, depending) Received: fields doesn't look at their contents. These fields can be added with outgoing ## header pasting, for example. I do not recommend using the cypherpunks mailing list for this purpose, however. Eric