On 7 Oct 2008 at 19:38, Harold Fuchs wrote: ... > > That's not strictly true. It's almost certainly illegal to forward > > mail /without/ permission of the recipient > > (tacit/implicit/otherwise). > Is it? > > > Certainly in the UK - unauthorized > > modification of computer data, unauthorized access to a computer > > system - and I'd bet on the USA being likewise. > > > Whose data is the attacker in this case modifying without authorisation?
The target of the redirected email. Computer Misuse Act 1990: "3 Unauthorised modification of computer material (1) A person is guilty of an offence if- (a) he does any act which causes an unauthorised modification of the contents of any computer; and (b) at the time when he does the act he has the requisite intent and the requisite knowledge. " > As far as I can see the victim's data are not being modified in any way. The contents of his computer are being altered - his mailbox - 3(1)(a) > Whose computer system is being accessed without authorisation? I think But you're probably right about the 'access' bit. > "access" in this context means that the accessor logs in to the accessed > computer or otherwise makes the accessed computer's files available for > viewing/manipulation. The victim's computer was not being accessed. I > think the worst the attacker could be charged with is spamming the victim. > > Google (& I've not checked) almost certainly have T&C's that say no > > misuse of their system is allowed - if this isn't misuse, I don't > > know what is! They could (should?) simply shut down the offending > > account completely. > > > Here I agree. But did anyone ask Google? As far as I know the attack was > stopped by the mediators of this list. The victim /should/ have asked Google to intervene. See for example (3) [yes, I know it's the GB terms] at http://mail.google.com/mail/help/intl/en_GB/terms_of_use.html .... > > Haven't we been round this? To summarise: /Provided/ the intermediate > > attacking email address is known, you simply send an unsub request > > for that address(*). Then /provided/ the unsub confirmation is > > forwarded like the unwanted clutter, you will receive it. You might > > have to search through tens of thousands of other items for it! Then > > you reply to it - and it doesn't matter what your sending address is > > at this point, as it has a magic cookie embedded. > > > Sorry to be pedantic but this is exactly where the confusion lay in my > mind. You have now clarified it by saying the victim can *either* > - masquerade as the attacker by setting up a "fake" (mimic?) e-mail > account using the attacker's e-mail address *or* > - use the "=" form of the ezmlm unsubscribe request. > > Do *both* of those work? Nobody before has clearly stated that; previous > commentators left that hanging which I why I asked. I'd rather not use the term 'email account' - it's open to confusion, because this is nothing to do with ISP-provided facilities. A mail client will typically allow you to specify any address to be your 'From:' address in outgoing mail. That's the easiest place (for a newbie) to set this up. Both forms should work, separately or together. -- Permission for this mail to be processed by any third party in connection with marketing or advertising purposes is hereby explicitly denied. http://www.scottsonline.org.uk lists incoming sites blocked because of spam [EMAIL PROTECTED] Mike Scott, Harlow, Essex, England --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
