>This represents a big fat hole in the hole damned email system. This was
>far too easy to break into pianotech list.
This has always been the case with email. The mail headers contain
whatever the sender sets them to and nothing checks them or authenticates
them in anyway. So when you read email, you must each decide for yourself
whether you believe the sender, recipient, carbon-copy list, date, etc.
are valid or not. Think of email as a giant wall where anyone can
write anything on a piece of paper and tack it up on the wall. Your
email reader is just a program that goes and gets pieces of paper addressed
to you, but nothing ensures the stuff written on the paper is valid.
The US mail, by the way, is very much the same way. How do you know
the return address contains anything close to the valid address? It
is just far more annoying when it happens in email, in my opinion!
The large variety of virus programs which send out mail with forged
To: and From: fields should have us all convinced by now that headers
can contain anything. If you get a virus post from someone, it is
almost certain these days that the someone named in the mail message
had nothing at all to do with it.
>I wonder what kinds of attachements I could send using somebody elses
>name and a non subscribed server. Heck.. you could be any where in the
>world... with a list of addresses and send out stuff to just about
>anyone on any list...
>
>Not good.
Yea, welcome to the Internet. But whether or not you forged a return address
does not allow you to post virus attachments to pianotech. We filter
based on the type of attachment, and not based in any way on the name of
the poster. We haven't had a virus post go out on pianotech in many years.
SPAM is much more likely to get through, but that hasn't become a problem
on the list just yet.
-andy
p.s. There are, of course, ways to send authenticated email, where you
can be sure who the sender was, and you can be sure the content
is private and unaltered. One of the most common ways is to
use a program called "Pretty Good Privacy" which is free. But
forcing all the subscribers of pianotech to use such a mechanism
doesn't provide enough of a benefit to justify the hassle.
This PTG archive page provided courtesy of Moy Piano Service, LLC