 
Wed, 31 Jul 2002 03:04:02 -0400
|
On Wed, 31 Jul 2002 00:09:56 CDT, Tracey McCartney <[log in to unmask]> said:
> I run a list whose subscribers are carefully screened. Because our
> conversation often involves sensitive issues, one of the main rules of the list
> is NO FORWARDING.
A nice idea, but hardly practical to enforce against intentional abuse.
> Unfortunately, people sometimes ignore this rule, as people are wont to do.
> I often find out about it only in the aftermath, and I usually am unable to
> discover who did it.
Careful perusal of the Received: headers of the forwarded note will often
prove enlightening. Occasionally, you'll find that they need to be
cross-correlated to a DCHP or WebMail server log to complete the chain.
In general, you *should* be able to tell who sent the mail. If not,
somebody isn't keeping good enoug logs...
> So, e-mail geeks - got any ideas? I'm wondering if headers can be tweaked in a
> way that causes forwarded posts or replies to them to be copied to me.
There's no requirement that replies actually *honor* a Reply-To: header,
and I'm willing to bet that most MUA's will do Very Bad Things if you
try to get them to understand Reply-To: and Resent-Reply-To: If you figure
out what an MUA should do when forwarding a mail that already contains
a Resent-Reply-To: please explain it to me. ;)
What *might* be interesting is using something like PGP, and creating
a shared key for all the subscribers - all postings would be encrypted to
the list's key, which could then be used to decrypt by subscribers. This
would at least stop blind "hey look at this" forwarding - non-subscribers
dont have the key, so they can't decrypt it. However, even this is
attackable with a number of variations on cut-n-paste unless the underlying
operating system provides a really good multi-level compartmentalized
security model.
Usually, a baseball bat is both cheaper and more effective long-haul.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
|
|
|
