>This represents a big fat hole in the hole damned email system. This was >far too easy to break into pianotech list. This has always been the case with email. The mail headers contain whatever the sender sets them to and nothing checks them or authenticates them in anyway. So when you read email, you must each decide for yourself whether you believe the sender, recipient, carbon-copy list, date, etc. are valid or not. Think of email as a giant wall where anyone can write anything on a piece of paper and tack it up on the wall. Your email reader is just a program that goes and gets pieces of paper addressed to you, but nothing ensures the stuff written on the paper is valid. The US mail, by the way, is very much the same way. How do you know the return address contains anything close to the valid address? It is just far more annoying when it happens in email, in my opinion! The large variety of virus programs which send out mail with forged To: and From: fields should have us all convinced by now that headers can contain anything. If you get a virus post from someone, it is almost certain these days that the someone named in the mail message had nothing at all to do with it. >I wonder what kinds of attachements I could send using somebody elses >name and a non subscribed server. Heck.. you could be any where in the >world... with a list of addresses and send out stuff to just about >anyone on any list... > >Not good. Yea, welcome to the Internet. But whether or not you forged a return address does not allow you to post virus attachments to pianotech. We filter based on the type of attachment, and not based in any way on the name of the poster. We haven't had a virus post go out on pianotech in many years. SPAM is much more likely to get through, but that hasn't become a problem on the list just yet. -andy p.s. There are, of course, ways to send authenticated email, where you can be sure who the sender was, and you can be sure the content is private and unaltered. One of the most common ways is to use a program called "Pretty Good Privacy" which is free. But forcing all the subscribers of pianotech to use such a mechanism doesn't provide enough of a benefit to justify the hassle.
This PTG archive page provided courtesy of Moy Piano Service, LLC