From: Andrew Gierth (andrew@erlenstar.demon.co.uk)
Date: Thu Jul 30 1998 - 17:22:30 CDT
>>>>> "Clive" == Clive D W Feather <clive@on-the-train.demon.co.uk> writes:
Clive> That's a possibility. How does that differ from what people
Clive> are doing right now ? How much problem has there been with
Clive> forgeries of spam cancels from the main cancellers ?
Some. At least one bot has been distributed (the Win95 port of cbcb)
with a built-in list of cancellers names to forge, though it's getting
a bit out of date now. I've seen it in action recently.
In the recent HipCrime attacks, I've been forged, as have Chris Lewis
and a few others, though too crudely to be really significant.
It's been enough of a concern to us that we've been implementing our
own private verification system (X-Cancel-ID headers) as a precaution
(mainly because we were expecting HipCrime to be more of a problem
than he turned out to be).
-- Andrew.