[plug] schoolbays

[John Breen]

With the ready availability of tools to 'spoof' IP addresses and to hide
your details, there is no real way of checking user information nor of
tracking an individual user.  Unfortunately, M$ got into the "that's a
good idea, but we can make it better if..." bit, and stopped after
"that's a good idea" (Much like with IE4 and Win98).  They didn't look
at potential problems, but like governments everywhere, simply did what
they wanted and bugger the consequences.

I frequently get "junk" e-mail from individuals all over the world who
have spoofed some information on hotmail or another server providing
free e-mail, and am told on a regular basis by the people at the servers
when I complain to them that there is just no way to track who the
actual people are.  All they can do is to remove the account in
question.  But the person (people) concerned just sign up and do the
same thing all over again.

The answer is not blocking all e-mail from hotmail (or whatever other
server), as there are actually legitimate users who (for whatever
reason) don't have e-mail access any other way, or just prefer to use
hotmail.  The problem is that anyone can get a hotmail account, and
there is no way to check the veracity of their details online.  The
answer is difficult to define.

In any case, the problem here was in individuals using hotmail to send
out e-mail.  There may be others who have a legitimate reason to use
hotmail.  Then again there may not.  If there are, then blocking hotmail
access at the gateway/firewall will disadvantage them because of the
actions of the few.  A fairer way is to monitor the traffic (I think
hotmail works on HTML forms, which are sent in "clear") and see what
machine is sending the mail, then backtrack to a logfile on the server
and find out who was logged on at the time.  Those people can be
subjected to disciplinary action of one form or another.

The problem was, I think, to catch them at the local site, which is what
I was suggesting.  Doing it at the remote site is all but impossible.

Cheers,


John

John Breen
Programmer
United Construction Pty Ltd

(08) 9499-0472
john.breen at unitedconstruction.com.au


	-----Original Message-----
	From:	John Summerfield [SMTP:summer at os2.ami.com.au]
	Sent:	Thursday, 3 June 1999 9:19
	To:	plug at linux.org.au
	Subject:	Re: [plug] schoolbays 

	> 
	> 
	> Hello John,
	> 
	> All noted, thank you.
	> 
	> I applied for a hotmail account as Ned Kelly and got knocked
back because
	> someone else had it.  I tried Ed Kelly and found 35 others in
front of me
	> with that name.
	> 
	> Once we settled on a name I logged in and was prompty told
that I had to
	> enable cookies before they would give me access.  Those pri*ks
are
	> unbelievable.

	There are sites that block all mail from hotmail because of the
number of 
	twits who misuse their accounts there for such activities as
spamming.

	Even without cookies, the can track you: your userid/password
identifies 
	you, and TCP/IP tells their software precisely where on the net
you are.

	If I were providing a free email service, I'd want to be sure I
could 
	resolve any complaints to an individual: no way would I want
millions of 
	letters each day complaining about all the misdeeds, criminal or

	otherwise, of my users.

	-- 
	Cheers
	John Summerfield
	http://os2.ami.com.au/os2/ for OS/2 support.
	Configuration, networking, combined IBM ftpsites index.