TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Subject:Faked messages posted to Techwr-L From:"CJMURRAY.US.ORACLE.COM" <CJMURRAY -at- US -dot- ORACLE -dot- COM> Date:Wed, 10 Apr 1996 09:47:30 -0700
In light of recent messages about faked postings and the
suggestion about requiring message confirmation, I'd like
to comment on the faking of messages and why we should
care (it's not a trivial matter).
Faking of Messages
One person asked (and others may wonder) how it's done.
An easy way is to use any Web browser that has the feature of
allowing you to send e-mail from within the browser. Just go
to the browser's "Preferences" or "Options" for Mail and change
the username and e-mail address to whomever you want to victimize,
then send a message. It appears to the recipient to have come
from whatever user and address you specified.
This occurred to me by chance as I was examining the various
options on a couple of Web browsers. (I haven't used this fake-mail
"feature," other than doing a simple test with a friend to see that
it could be done.) As you can see, it's not "rocket science"; and
this method has been discussed at least somewhat on the Internet, so
I'm not revealing any secrets. Kind of frightening the mischief
people can do, although I suppose it's not that much different from
being able to "fake" letters using the traditional postal service.
Why It Matters
With Web search engines, there's virtually "nowhere to hide" on the
Information Superhighway. Anything you -- or someone pretending
to be you -- post to Techwr-L can be found via several popular
search engines, at least for a week or two following the posting.
Moreover, one service (DejaNews, http://www.dejanews.com)
maintains a longer-lasting record of postings to many newsgroups
(Techwr-L is available as a newsgroup), and you can even retrieve
someone's "author profile." (The only current DejaNews hit for a
"Chuck Murray" search is a posting by someone [Not Me!] to a
"pen-pals" list. However, I'm sure the posting you're reading right
now will get indexed soon.)
So, for example, if you applied for a job and the employer checked
and found that you had [apparently!] posted "We got too many
women" or "Down with <ethnic/racial/sexual-orientation group>"
messages, this could severely limit your professional prospects
(to put it mildly). And the employer might not even check further
to read follow-up messages that say "Hey, it wasn't me!".
I don't know whether this list should start requiring confirmation
of postings, but we should all know and care about our personal
"visibility" on the Internet, because faked (or dumb or poorly
written, for that matter) messages with our names on them can
come back to haunt us.
- Chuck Murray
cjmurray -at- us -dot- oracle -dot- com
(Disclaimer: Speaking for myself and not for my employer.)