At 12:07 AM 2/17/97 +0000, harley @
>> thus capturing the user's email address. It would be trivial to forge mail
>> back to the user with the user's own address in the From: field. I suspect
>> that this is what NaughtyRobot is doing (geocities is host to many web
>> sites), but I can't say for certain in light of their silence on my
>Geocities hosts some distinctly darkside websites. Or, if you prefer,
>seems to have a fairly liberal policy on content. However, I don't
>think you can assume that geocities is the original source.
You're absolutely right, and I was careless in the way I expressed
myself: I should have included the possibility that the mystery mail
earlier from the user/victim to a geocities address was a coincidence, and
that the forged "NaughtyRobot" mail was injected into the geocities SMTP
port and thereafter bore sendmail headers that appeared to show it
originated there. My apologies to geocities for any unintended slur.
>The reason I
>tend to de-lurk when these questions come up is the hope that
>(since my sources on these topics are usually pretty good) I can
>help forestall long, off-topic threads.
Yep. I'm shutting up now [:-].
Gordon T. Thompson gordy @
Manager, Internet Services 212 556 1386
The New York Times fax: 212 556 1636
This letter has been modified as follows from its original
version: It has been formatted to fit your screen.