Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!pasteur!ucbvax!hplabs!hp-pcd!uoregon!dboyes From: dboyes@uoregon.UUCP (David Boyes) Newsgroups: comp.mail.misc Subject: Re: BITNET Message-ID: <1624@uoregon.UUCP> Date: 1 Mar 88 09:06:50 GMT References: <7136@tut.cis.ohio-state.edu< <1619@tulum.UUCP> <1615@uoregon.UUCP> <456@fig.bbn.com> Reply-To: dboyes@drizzle.UUCP (David Boyes) Organization: University of Oregon, Computer Science, Eugene OR Lines: 81 In article <456@fig.bbn.com> rsalz@bbn.com (Rich Salz) writes: >>I sent the following letter to Karl a few days ago. These messages are >>legitimate and are caused by the software DOING THE RIGHT THING. >No they're not. See below. The software is performing exactly as specified -- contact Alan Crosswell at Columbia or Eric Thomas at the Pasteur Institute in Paris if you think it's being done wrong. Better yet, write something superior to RSCS and get IBM to market it. From the standpoint of receiving mail from J. Random Luser via some random mailing list, if the mail is not coming from a trusted gateway, it is *bogus* and the person ostensibly being impersonated should know that his/her/its name is being used without his/her/its permission. >>[my somewhat irritated comment about the authentication mechanisms] >>[(or lack thereof) provided by any Usenet-related program I've seen] >Usenet is not electronic mail. RN does not try to be imposter-proof because >the the underlying transport mechanism (UUCP or NNTP) are known to be >insecure. We live with that. One question: Why? >What does that have to do with mail, and >why would a Usenet poster give a rat's ass? I suggest you ask the people who have been carrying on the series of accusations about forged postings in any of three to six newsgroups. Names on request -- I'm not about to bring that down on this group. It's important to *someone* out there. >David explained the UOREGON failure messages tons of folks recently got came >about because some local person moved queued mail files. Read more carefully, Rich. The failure was at UWAVM -- the University of WASHINGTON. Long way from here, guy. >**If the BITNET mailer thought the message was spoofed it should have sat >**on it and told the postmaster! It should not have sent it! It did. 3576 times, to be exact. Tell me, Rich, would you rather that I deleted all 3576 postings? I know *I* haven't got time to read all of those messages. I'd much rather have the system warn the person this mail is trying to impersonate and then let THEM handle it. If they don't care, fine. If they DO care, let them use their own time and CPU to go after whoever it is. >As I've said before, I get lots of messages from BITNET sites almost every >time I put out something in comp.sources.unix. I'm tired of it, and I will >continue to complain and gripe in public forums to drum up sympathy and >support to get it stopped. > /r$ "As I've said before, I get lots of messages from Unix sites almost every time I put out something in SAS-L. I'm tired of it, and I will continue to complain and gripe in public forums to drum up sympathy and support to get it stopped." I'd certainly appreciate a better way to do things. Perhaps BBN would lend your services to the BTINET NIC for the express purpose of developing some better alternatives? I know I'd be glad to have some better tools. Until then, we're doing the best we can, given the inconsistencies in Usenet messages, different mail standards, brain-dead VMS mailers generating impossible-to-parse (even with REAL intelligence) rejection mail. At least you could understand the message you got. -- David Boyes | ARPA: 556%OREGON1.BITNET@CUNYVM.CUNY.EDU Systems Division | BITNET: 556@OREGON1 UO Computing Center | UUCP: dboyes@uoregon.UUCP 'How long d'ya think it'll be before just us oldtimers remember WISCVM?'