-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Fri, 26 Sep 2003 21:13:14 -0500, Robi <r_buecheler@remove.yahoo.com> wrote:

Calm down Rob ;o) it was just to show that any address could be forged.

As a supernews user myself, I did send an abuse report to 'em, showing I 
posted here regularly, then this oddball post that didn't match up with 
my headers.  I'd be interested to hear if you hear anything from them.

FWIW, impersonating folks on usenet *is* a clear violation of most ISPs' 
terms of service.

And, I think you should know... forging a usenet post is quite a bit 
different from forging an email.  And, your forge wasn't the best I've 
ever seen, by a longshot.

There's a difference between forging the FROM headers and forging the 
path the email took - yes you can insert extra hops in the bottom, but 
the originating SMTP host will, without fail, include the IP address of 
the actual sender.

Also, FWIW, I was speaking primarily of this Swen virus - sure you can 
forge the Return-Path header, I was mearly stating I wasn't sure if the 
Return-Path header was forged or not with Swen.

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/dRwDhm6KEoOOAe0RAoogAKD5XC+NB3+QYdcPSmHZ1v+PKlvH0wCg9rQH
uK98GqhIaTgb53fE9QXCYac=
=wP8s
-----END PGP SIGNATURE-----