gburnore+NOspam@netcom.com (Gary L. Burnore)

:If Gary Burnore is so concerned about "forgery", maybe he ought to :start using that PGP key he keeps advertising in his .sig to :actually sign his posts. Unless he does, he's still vulnerable to :forgery from his fellow Netcom users who are still allowed to insert :arbitrary From: lines in their Usenet posts. Actually, forging a :post with Gary Burnore's name and address in the From: line can be :much more convincingly (no disclaimers) done from a throwaway :Netcruiser account, and with less effort than learning the proper :protocol to do it through a remailer.

Please specify how PGP signing the inside of a post will stop UCE-Baiting.

PGP signing a post is a lot like the new anti-counterfeiting measures in US currency, only a lot more effective. But if some bozo decides to start printing up three dollar bills with a portrait of Mickey Mouse, and others are foolish enough to accept them, what are you going to do? It's hard to protect people from their own stupidity. I'd contend that a $3 bill isn't even a counterfeit or forgery, since there is not genuine equivalent which it seeks to fraudulently duplicate. Maybe it's time that the brain-dead software that mindlessly harvests e-mail addresses from the net was shut down. That sounds like the real problem.

:Munging of addresses is better left to the discretion of the poster. :Let those who perceive a need for this "capability" use it. At :least one of the mail2news gateways implements that as an option for :those desiring it. I'm in favor of leaving that choice with the :poster.

Please specify how PGP signing the inside of a post will stop UCE-Baiting.

I'm not sure what comment you intended to make about that paragraph, since it appears that you inadvertantly pasted in your comment from the last paragraph again. The text you're supposedly commenting on nowhere mentions PGP.

:Mr. Burnore made a similar "forgery" complaint here several months :ago and was advised to PGP sign his posts and request source-level :blocking if he perceived forgery to be a problem. He has evidently :not taken the trouble to implement the first suggestion and, :assuming he took the second suggestion, he's posted no evidence to :suggest that it's not been effective.

The second has been effective. I've not denied that.

Since you've already found a solution to the problem that works, there seems to be no need to do anything more drastic to solve it.

I can see however, that allowing anon posts with someone elses' address in the from line is a great tool for UCE-Baiting. I fail to see any other reason for it in an anonymous post. What other reason would there be for putting a REAL email address in the from line of an ANONYMOUS post?

For one thing, to identify posts as originating from one's pseudonym, which *MIGHT* be a "real" e-mail address. Most times I've seen it used, though, it has been used to place identifying information in the From: field which many newsreaders use to identify posts so that they are recognizeable by the reader.

Again, it's nothing to do with the CONTENT. It has more to do with the ability to post to an mlm group with someone elses' email address. Oh, and btw, if a NETCOM customer is caught doing this, his/her account is terminated.

The key word there is "caught", and then you'd have to convince Netcom to actually do something about it. It is my understanding that spammers routinely utilize Netcom's OPEN SMTP SERVERS to send out their spam, using whatever From: field they wish, and Netcom doesn't seem to care. Anyone using those same servers to send mail to a mail2news gateway could forge someone's name and e-mail address to a Usenet post, couldn't they? Also, even if a complaint to Netcom got an individual account shut down, that wouldn't stop some other Netcom user from doing the same thing, nor would it stop the first Netcom user from opening another account under a phony name and repeating the process, or even doing it from a non-Netcom account. So if my e-mail address were being forged via Netcom, would they be able to source-block it as the remailers currently can do? If not, doesn't your own ISP have a bigger abuse potential than the remailer net?

AGAIN IT'S NOT FORGERY THAT'S A PROBLEM. IT'S UCE BAITING. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

There's no need to shout. Perhaps you've forgotten two earlier posts you made to this NG in the past couple of weeks in which you said: -> Subject: Re: Controlling the From: line in PIdaho -> -> Hopefully replay has corrected this as others have suggested so that the above -> CAN'T be done. It's a simple way to forge someone else's name. Early last ^^^^^ -> year comes to mind. -> -> [...] -> -> Posting anonymously is a valid thing to do, posting with someone else's name -> in the From line is simply forgery. Try sending your message from a hotmail ^^^^^^^ -> address or other site where you can just make up a name if you want this sort -> of thing. And in another post: -> Subject: Re: 'from' other than anonymous -> -> [...] -> -> Again, a forged from line (Forged as in someone's _REAL_ email address shows ^^^^^^ ^^^^^^ -> up) is a BAD THING. You claimed to be concerned about FORGERY back then, now you're saying "IT'S NOT FORGERY THAT'S A PROBLEM". Which is the case?

AGAIN. Please specify how PGP signing a post will stop UCE Baiting based soley on the from line.

But you were given two solutions, so if one of them works, then you don't need the other one. --