Real mail addresses in list postings and resulting **SPAM**

[Allen Kistler]

not Allen Kistler wrote:
> Allen Kistler wrote:
>> So trying to keep this thread relevant to Fedora, is there one in
>> Fedora?  I use Thunderbird, so I'm pretty sure that won't do it.
>
> With apologies to Allen, I take this chance to show just how easy it
> is to forge email.
>
> For those interested in checking whether this is a forgery (or at last
> from a different source from the one I'm quoting), just check the
> headers.
>
> The key point is that it's trivial to set an alternative identity (I'm
> using seamonkey which might be another clue I'm not Allen), but
> Thunderbird can do it too.

Sorry.  I can't check your headers, since I get the digest.  The only
thing I get is your TZ is +8, while mine is -5.

I know that Thunderbird (or virtually any other client) can set
alternative identities.  Wholesale forgery is easy.  We're after
something subtler.

When you sent the message to the list, did you do it with an envelope
that identified you as you or did you do it with an envelope that
identified you as me?

The trick is to do it with an envelope that identifies you as you, but a
message header that identifies you as, say, invalid at invalid.invalid.
Thunderbird sets them to be the same, without an option to change that.
 (Hmm... Maybe an extension?)  Bruno mentioned mutt allows them to be
different.