----- Original Message -----
From: "Chuck Mead" <csm(_at_)moongroup(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, July 15, 2004 2:37 PM
Subject: Re: [spf-discuss] SPF is not usable as legal measure against
spammers.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gmail: Oye....
Love it! Great story. Here is another based on a real events in mail
history.. I have been sending this to various people who might have an
interesting in making "noise" about it, (Hint: media).
----- Original Message -----
From: "Hector Santos" <hsantos(_at_)XXXXXXXX(_dot_)com>
To: <xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Mail Stripping Wars
Hello XXXXXX,
During the 80s and into the early 90s of the rapidly growing online
mail/file hosting days, before the internet became mainstream, there existed
other original Local Community "Social Networking" of users by a local
community online hosting system.
Back then users had dial up modem phone lines (not PPP TCP/IP connections
yet). All the local community host systems created a network called
"Fidonet" to establish the first form of a dialup P2P mail/file networking
market.
So you have a world-wide network that:
a) Allow users to create/read mail, exchange files to their local host.
b) Local host distributed the mail/files to the next local host, and so on.
The software market at the time to make this all work came in components or
parts. Commercial venders (like us), shareware (Like I started) and/or free
systems created thousands of:
- Dialup Software, Telix, CrossTalk, Qmodem, for online sessions,
- Offline Mail Read/Writers (your early MUAs), w/o Dialup Components,
- Host: Your Online Host software (BBS software, CompuServe, etc)
- Mailers: P2P Host Frontend Communications Systems (Frontend Mailers)
- Gateways: Host Mail/File Storage to Network Format Converters
This is a story of what happens when the integrity of the mail system fails:
The early host systems use to add a "tear line" to the bottom of the message
posted by a user. If the host software was a 30 day trial version, you
might see this automatically added to the user mail:
--- QuickBBS V1.0 [Unregistered. 25 days remaining]
This wasn't usually a problem for the operator if the mail stayed local.
But if this mail was going to be distributed on the network, he might be
embarrassed.
The Gateway software were responsible for taking the mail and wrapping it up
for network distribution via the Frontend software (akin to SMTP).
Soon Gateway software author offered the BBS operator a way to "strip" the
tear line so that the BBS operator was not embarrassed. However, he not
only stripped it, he replaced it with his own:
--- Exported by GateMail v2.0
The BBS software vendors screamed bloody murder!!
"Hey, You can't do that. That's Email Tampering!"
The debates started of where does the email start and end to be considered
tampering. But the Gateway Software vendors caved in and said:
"OK, no problem. I understand. Boy, this is a big market.
Maybe I'll get into the action"
So what did he do?
He left it in and added his own
--- QuickBBS V1.0 [Unregistered. 25 days remaining]
--- Exported by GateMail v2.0 [Unregistered. 29 days remaining]
Now the operators on the receiving end of the mail, starting screaming:
"Hey, what is all this junk? Stop that!"
So the HOST receiving end brought software from other gateway vendors to
clean up the incoming mail, but again, he added his own:
--- Imported/Cleaned by GateMail v3.0 [Unregistered. 15 days remaining]
Now the host and gateway software that created and exported the mail
screamed even louder!
"Hey, Not Fair! You can't alter mail on the receiving end!"
So now the host software, the gateways exporting mail and the gateways
importing mail started a world wide battle of software vendors and operators
called the:
"Tear Line Stripping Wars!"
It was a bloody mess!
But it doesn't end there. It gets even better!
By this point, the end-user software is getting smarter. Windows is growing,
the early internet is coming. The user software does everything for them,
included with features like "Tag Line Editors" so users can add fancy tag
lines at the bottom of the mail. So you might see this when he created the
mail:
... "To say or not to say -- I better stay quiet!"
--- Created by UserMail v2.0 [Unregistered 15 days remaining]
and then when the mail was uploaded and posted, the host adds the tear line:
... "To say or not to say -- I better stay quiet!"
--- Created by UserMail v2.0 [Unregistered 15 days remaining]
--- QuickBBS V1.0 [Unregistered. 25 days remaining]
and when the mail gets exported into the network:
... "To say or not to say -- I better stay quiet!"
--- Created by UserMail v2.0 [Unregistered 15 days remaining]
--- QuickBBS V1.0 [Unregistered. 25 days remaining]
--- Exported by GateMail v2.0 [Unregistered. 29 days remaining]
and finally the receiving gateway software cleans it up:
... "To say or not to say -- I better stay quiet!"
--- Imported/Cleaned by GateMail v3.0 [Unregistered. 15 days remaining]
Now the End-User mail software were PISSED!
"Hey! You can't do that!!! I created that mail, well the user did! so I
have first right!"
The gateways people said:
"The hell you do! The user created the mail, you added something to it.
I'm cleaning it up!"
So what did the End-User Mail Software do?
When the user downloaded mail from the network to read on his PC, the
software "HIDE" the tear line information and replaced it with its own:
[hidden/greyout -start]
... "To say or not to say -- I better stay quiet!"
--- Imported/Cleaned by GateMail v3.0 [Unregistered. 15 days remaining]
[hidden/greyout - end]
--- Reading Mail by UserMail v4.0 [You still haven't paid!]
So the Mail reader did not strip, but HIDE the "pieces of the display" on
the screen! Clever! huh?
Anyway, it was a bigger mess. The issues were never settled. There were
many threats but I never head of one going to court.
By this time, the internet was here and the new form of network mail
communications "SMTP email" was here. These early pioneers died with the
bigger commercial ones surviving and struggling to evolve with the internet.
It took us atleast 7 years between 1995 to 2001 to get back to profitability
and now we have one of the original "Social Network" Intranet Mail/File P2P
system now working with the internet! Its were everyone wants to go!
So my prediction?
With GMAIL, the same thing will happen by opening a "Pandora box" of
tampering with mail!
We all know history has a habit of repeating itself and this is one of them!
GMAIL modified mail will be stripped of the junk by people who simply do not
want to see the extra baloney in it. The rebirth of online mail hosting
systems (via the WEB now) will make claim to final destination mail, online
host software, gateway/routers software and Smart GUI User Software will
begin to tamper with mail in the name of cleaning up the junk.
This Councilman Ruling doesn't help allowing ISPs to screwing around with
mail.
Can GMAIL sue?
Well, they can't say much because it was them that tampered with original
mail to start with by adding 3rd party content to the user mail. So they
can't have a claim to the originality of the message.
So there is no doubt this will happen with GMAIL. GMAIL Stripping Wars
still start very soon!
Finally, the IETF effort called MARID attempts to address the Email Sender
Authentication (Spoofing problem). However, there is a troubling aspect to
it introduced by Microsoft called SENDER-ID. This will require the PAYLOAD
to be transferred. It means System Operators can now create new rules that
will allow to "manipulate" the payload content possibly based on the level
of authentication and authorization. If no authorization, the sysop will
have the belief he has power to change the content.
The problematic idea is akin to this:
If GMAIL can alter user mail with direct marketing advertisement, then the
ISP storing the email might feel he can do the same, or possibly removing
the GMAIL changes on behalf of the user.
I hope you enjoyed the story.
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office