On Wed, 31 Jul 2002 00:09:56 CDT, Tracey McCartney <[log in to unmask]> said: > I run a list whose subscribers are carefully screened. Because our > conversation often involves sensitive issues, one of the main rules of the list > is NO FORWARDING. A nice idea, but hardly practical to enforce against intentional abuse. > Unfortunately, people sometimes ignore this rule, as people are wont to do. > I often find out about it only in the aftermath, and I usually am unable to > discover who did it. Careful perusal of the Received: headers of the forwarded note will often prove enlightening. Occasionally, you'll find that they need to be cross-correlated to a DCHP or WebMail server log to complete the chain. In general, you *should* be able to tell who sent the mail. If not, somebody isn't keeping good enoug logs... > So, e-mail geeks - got any ideas? I'm wondering if headers can be tweaked in a > way that causes forwarded posts or replies to them to be copied to me. There's no requirement that replies actually *honor* a Reply-To: header, and I'm willing to bet that most MUA's will do Very Bad Things if you try to get them to understand Reply-To: and Resent-Reply-To: If you figure out what an MUA should do when forwarding a mail that already contains a Resent-Reply-To: please explain it to me. ;) What *might* be interesting is using something like PGP, and creating a shared key for all the subscribers - all postings would be encrypted to the list's key, which could then be used to decrypt by subscribers. This would at least stop blind "hey look at this" forwarding - non-subscribers dont have the key, so they can't decrypt it. However, even this is attackable with a number of variations on cut-n-paste unless the underlying operating system provides a really good multi-level compartmentalized security model. Usually, a baseball bat is both cheaper and more effective long-haul. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech