On Tue, Dec 09, 2003 at 02:46:52PM -0500, Yakov Shafranovich wrote:
Would there be a difference if the message is forwarded through a list,
or is transfered via multiple MTAs?
No. Because MTAs add headers and zillions of maillinglists add nice
(commercial/informational) trailers or remove attachments. Same for
large companies that think adding pseudo legal disclaimers makes any
difference.
All these destroy the structure of the email. These are problems that
e.g. PGP signers noticed long ago.
Now you can add headers to the sign. Which one would you add?
Date fields? How many mailservers have broken timezones. How many
mailservers are offline for 4 hours to 7 days? Add a special tag?
So what, I use this tag with my faked headers.
And the easiest solution:
a) get a Yahoo! account
b) login and send a email to joe(_at_)example(_dot_)com with the exact message
you want to spam with.
c) login as joe(_at_)example(_dot_)com and save away the messages.
d) now you have a totally legal email signed by Yahoo! itself.
e) $ sendmail -ti [some 10000 addresses] < signed.mail
Now what problem does signing solve? Ok, it solves the problem for a lot
of people, but it makes it *really* easy to "legally" spam with messages
signed by public mail service providers and these are really easy to get ;-))
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg