As other people have pointed out, most email software lets you
forge mail easily; you don't get strong untraceability,
but you often don't need it, especially with free network access
and disposable free email addresses being widely available.
Untraceable mail is important for publicizing human rights violations
by your government, or contacting your favorite marijuana supplier,
but minor offenses like harassing your fellow high school students or
subscribing your ex-boyfriend to spammer lists don't need it,
and it doesn't take a lot of creativity to do.
I ran a remailer about 5 years ago; I've commented on the issue in the
distant past, but no longer have copies of it.
Remailers generally have two uses:
- sending private mail to individuals, which needs to be encrypted in and out
to prevent eavesdropping (so forgery isn't really an issue), and
- sending broadcast messages such as Usenet groups and mailing lists,
where the output needs to be unencrypted, and forgery is possible.
The early software didn't prevent you from pasting in a From: line,
so it was possible to use for forgery, mailbombing, etc.
Occasionally it's convenient for legitimate uses,
such as forging your home email address on a posting to a
subscribers-only mailing list (when you're at work / cybercafe / etc.)
but for the most part there's very little you can't do just as well
by putting your name/address in the body of the message.
The classic abuses to do with it are posting flamebait to Usenet
or posting test messages to alt.test which get autoreplied to by thousands
of machines. I closed the remailer I ran when somebody posted
forged hate mail to the net - the headers weren't forged, but the
target's name and email address were in the message body.
My ISP asked me to close it unless I could find a way to prevent
similar abuses, and there weren't a lot of good options at the time.
Most remailer operators who are concerned about preventing abuse
are also concerned about preventing complaints that get them shut down,
so they're motivated to deal with the problem. A relatively common
approach is to add mail headers clearly indicating (to anybody who
reads mail headers) that the message came from a remailer,
may be forged, and where to find more policy information.
>>At 3:28 PM -0400 6/5/00, [EMAIL PROTECTED] wrote:
>>>I'm a columnist for the chicago tribune and someone has called my attention
>>>to the remailers on the net that allow you to construct the FROM:
field as
>>>well as the TO: (manicmail; zoubidoo are two I've found). What do you
know
>>>about these? Are they new? More common than I know? Do they pose any
>>>additional interesting problems legally, morally, ethically, whatever? Any
>>>sites on the web I ought to visit re. this?
>>>
>>>Eric Zorn
>>>Chicago Tribune
>>>http://www.chicagotribune.com/go/zorn/
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
