While looking over some of the detcrud I noticed something interesting...

From colton@netcom.com Mon Jul 18 15:48:30 1994 Received: from virginia.edu (uvaarpa.Virginia.EDU [128.143.2.7]) by kaiwan.kaiwan.com (8.6.9/8.6.5) with SMTP id PAA27245 for <ghio@kaiwan.com>; Mon, 18 Jul 1994 15:48:24 -0700 *** KAIWAN Internet Access *** From: colton@netcom.com Received: from fulton.seas.virginia.edu by uvaarpa.virginia.edu id aa05968; 18 Jul 94 18:48 EDT Received: from <netcom12.netcom.com> (nym@netcom14.netcom.com [192.100.81.126]) by fulton.seas.Virginia.EDU (8.6.8/8.6.6) with SMTP id SAA67017 for <ghio@kaiwan.com >; Mon, 18 Jul 1994 18:48:20 -0400 Date: Mon, 18 Jul 1994 18:48:20 -0400 Message-Id: <199407182248.SAA67017@fulton.seas.Virginia.EDU> To: ghio@kaiwan.com Request-Remailing-To: alt.59.79.99@comlab.ox.ac.uk

## Followups-To: news.admin.policy Reply-To: <support@netcom.com> Subject: Netcom is being SCAPEGOATED

...drivel removed... In the Received: header, fulton.seas.Virginia.EDU identifies the message as coming from nym@netcom14.netcom.com My question is, How did it do this??? Did it use identd? I tried making a fake mail thru that site and it did not show my username...but neither kaiwan nor andrew have identd installed. nova.unix.portal.com did the same thing:

Received: from <netcom12.netcom.com> (nym@netcom2.netcom.com [192.100.81.108]) by nova.unix.portal.com (8.6.7/8.6.5) with SMTP id SAA22450 for <ghio@kaiwan.com >; Mon, 18 Jul 1994 18:09:22 -0700

Comments?