Re: Pasting in From:
At 03:50 PM 12/01/1997 +0100, Amad3us <cypherpunks@cyberpass.net> wrote:
Then it has to allow you to put headers back in otherwise you can't interoperate with software. Eg pasting in References:, Subject:
Pasting those in isn't controversial, and is generally supported; you could be using Subject: pasting today with most remailers, using the ## syntax.
(I would like to see Cc: and Bcc: being allowed to be pasted in also). At minimum, addresses in Cc: and Bcc: need to be checked against blocking lists, and it's probably worth checking the number of names in the list against some threshold - especialy Bcc:s, which tend to be popularly used by spamware.
I would also like to see From: pasted in. In fact I can see no purpose to restrict what can be pasted in, other than to reduce complaints to the remailer operator possibly. Too easy to be abused by forgers, as are Reply-To: and Sender:.
My software shows be all headers. I am not sure what other software would do, probably, only display the first From field (the remailers).
MSMail and other closed systems are generally quite arrogant about only showing you the mail headers they "know" you want to see, and discarding the rest, whether that's what you want or not. Lots of mail clients only show you one From:, either discarding others or making them available in a "Show all headers" mode.
However you'll notice that my address is: Amad3us <cypherpunks@cyberpass.net> which means that I would like it to be pasted in as it is replyable (for encrypted mail) even though not being a nymserver account.
Which is a bit annoying, by the way, for cypherpunks who don't want to read your mail :-) On the other hand, alt.anonymous.messages is a fine place for people to send replies, and you can do things like alt.anonymous.messages@mail2news.some-relay-server.com At one time, there was a message-pool service on the extropia remailer which forwarded anything retrieved to all its subscribers; if the list is small it's not much protection, but it's one way to obscure mail sent to middleman remailers. There are other remailer-like systems that provide mailboxes for anonymous retrieval; I think Jenaer does something like that. And then of course there are hotmail and juno :-) Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Mon, 1 Dec 1997 stewarts@ix.netcom.com wrote:
These are easy enough; the address-munging gets rid of these and also things like forgings to alt.test and other bots, though eventually the spammers may catch on to "User <AT> Foo <DOT> com" etc.
It's probably too much effort for them to bother with. If you were a spammer, and wanted loads of addresses, how would you get them? Headers are the most address-rich part of the message, so you just get headers from the server. Then you look for addresses with a regex. Looking for mangled addresses means that now you have to have two regexes, which increases your search time for not much benefit. No, the only ones which will bother will be the spiteful ones...
I shut down my remailer a few years ago because of this one; the forger posted hate mail to the gay newsgroups with the victim's name at the bottom (didn't even use From: pasting, just message body.) Supporting From: pasting just encourages this.
It's possible to cancel the one forged usenet message, but that didn't stop the flames many people emailed to her, and fewer systems are accepting cancels these days, especially when forged by remailers...
With the address munging on USENET posts, you have to do a bit of work in order to even find the actual forged address (look at the headers, dig out Author-Address:, unmangle it), and by then you ought to be wondering, Did this person really send this?
By the way, one technical risk with From:-pasting is that you need to parse or substitute special characters including parens and anglebrackets. Otherwise it's easy for people to paste in syntactically incorrect headers, which really annoy some gateways and mail clients - nested parens are a particular problem.
Ah. When munging, I just use: sendmail -bv -- $ADDR and then a bit of sed magic. If anything can parse it correctly, it's sendmail.
(I would like to see Cc: and Bcc: being allowed to be pasted in also). At minimum, addresses in Cc: and Bcc: need to be checked against blocking lists, and it's probably worth checking the number of names in the list against some threshold - especialy Bcc:s, which tend to be popularly used by spamware.
On cracker, you can paste To:, CC:, and Bcc:. All are checked against the destination block file. At present, if a blocked address is on a list of addresses, the entire list is blocked. Maximum number of recipients is 20, at which point the whole thing is dropped.
I would also like to see From: pasted in. In fact I can see no purpose to restrict what can be pasted in, other than to reduce complaints to the remailer operator possibly. Too easy to be abused by forgers, as are Reply-To: and Sender:.
Sender: we don't allow, or X-Sender: or Received: or Comments: authenticated sender is. Reply-To: is allowed, and checked against the destination block list. In practice, this stuff doesn't seem to be a problem. Andy Dustman / Computational Center for Molecular Structure and Design For a great anti-spam procmail recipe, send me mail with subject "spam". Append "+spamsucks" to my username to ensure delivery. KeyID=0xC72F3F1D Encryption is too important to leave to the government. -- Bruce Schneier http://www.athens.net/~dustman mailto:andy@neptune.chem.uga.edu <}+++<
participants (2)
-
Andy Dustman -
stewarts@ix.netcom.com