At 09:37 AM 3/20/04 -0500, Jack Gostl wrote:
Darned if I understand how the X-Habeus headers work. It looks awfully ease to fake. A good percentage of my false negatives are from faked habeus marks.
Yes, it _is_ prone to abuse, and is easily forged..
The theory behind habeas is that the mark is copyrighted, and anyone abusing it can (theoretically) be tracked down and sued for copyright violation.. I tend to think of it as a bait-and-trap system.. tempt the spammers to do something which is blatantly illegal and then sue them into the ground.
SA 3.0 is going to use habeas in a slightly different way, making it harder to abuse. As far as I understand this is going to be based on a registered-users list and a DNS system of IPs associated with those registered users. It makes the tracking part easier, and forgery is easily dealt with by removing the IPs from the DNS system.
