Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!ncar!boulder!stan!dancer!imp
From: imp@dancer.Solbourne.COM (Warner Losh)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: trash message from usenet (BIFF)
Message-ID: <1990Jun4.033717.14118@Solbourne.COM>
Date: 4 Jun 90 03:37:17 GMT
References: <9006011556.AA23309@sonny.proteon.com> <670006@gore.com>
Sender: news@Solbourne.COM
Organization: Solbourne Computers Inc.
Lines: 27

In article <670006@gore.com> jacob@gore.com (Jacob Gore) writes:
>But what's so special about mailing lists?  It IS easy to fake Usenet
>messages; but are you saying that it's hard to fake messages sent to a
>mailing list?

	Jacob makes a good point.  SMTP mail is trivially easy for
anybody with an account on any internet machine to forge.  Details can
be found elsewhere.  The "good" thing about USENET news is that it
puts an explicit path on all messages, so they can be traced fairly
easily.  Given the current state of the art of SMTP daemons, it is
possible to create a message that can't be traced back to the
offending system, much less the user that posted it.

	Fortunately, there is some good working going on to help stop
this.  The new host requirements RFC helps some.  Other efforts are
also in the works.  Some of them are misdirected (like fingering the
"from" line or assuming ports below 1024 are secure), while others are
good (like using heuristics to place a "Warning, this may be bogus" in
the headers).

	Someday we will reach the state where it is not possible to
forge mail, or at the very least we will know where the forgery came
from.  Until that date, you must do what you do with your 50's and
100's today: Double Check them before you accept them.

-- 
Warner Losh		imp@Solbourne.COM