Hello Vladimir.

19 Jul 06 17:08, you wrote to me:

 MV>> So mail to your points coming in from an unsecure link is not
 MV>> automatically forwarded?

 VD> Now I have no points, but letters to my downlinks from unprotecting
 VD> inbound are holding before manual accepting.

Then I am glad I am not one of your points.

 VD>>> Sending netmail by unprotecting link your receiver can't sure
 VD>>> that this netmail sending from you and it have not a false.

 MV>> So what? FidoNet is a public network and an open system. You can
 MV>> never be sure that a routed netmail is authentic even if it comes
 MV>> in via a link that is secure on the last leg. To ensure that a
 MV>> netmail is authentic you need something above and beyond FidoNet.
 MV>> Such as a digital signature.

 VD> So any can send netmail through our node as this netmail "from
you"?

Of course. All someone who wants to pose as me has to do is drop the
message on any hub or host system that I do not have a session password
with and who forwards mail from unsecure inbound. There are *thousands* of
such systems since I only have a session password with 30 of the 8000
systems in Fisonet and exceot for mayby your little neck of the woods it
not common practise to not automatically forward raw *.PKT.

 VD> And echomail too?

That is a bit more complicated, but yes, it is not all that difficult to
pose as someone else in echomail.

If you think restricting automated processing to mail originating from a
secure link, you are lulling yourself into a false sense of security.

Cheers,

Michiel

--- GoldED+/W32-MSVC 1.1.5-b20060315