alternative pathalias

Mike Mitchell (mcm@rti.rti.org)
Fri, 12 Oct 90 11:51:57 -0400

for usenet.hist@weber.ucsd.edu
Date: Fri, 12 Oct 90 09:09:33 -0700
From: The Wandering Phew <chuq@apple.com>
To: usenet.hist@weber.ucsd.edu
Subject: The infamous spaf spoof

Here's my copy of the Spaf april fools message. Note that the Message-ID and
dates need to change on a yearly basis, but nothing's perfect. Also notice
that I tried VERY hard to include every trick I warned against in the body
of the message -- and a good chunk of people still didn't figure it out.

The question is, what am I going to do next year? (what did I do last year?
Nothing. Nothing was funny...)

Path: amdahl!walldrug!moscvax!perdue!spaf
From: spaf@cs.purdue.EDU (Gene Spafford)
Newsgroups: news.announce.important,news.admin
Followup-To: news.admin
Subject: Warning: April Fools Time again (forged messages on the loose!)
Date: 1 Apr 89 00:00:00 GMT
Expires: 1 May 89 00:00:00 GMT
Organization: Dept. of Computer Sciences, Purdue Univ.
Approved: spaf@cs.purdue.EDU

Warning: April 1 is rapidly approaching, and with it comes a USENET
tradition. On April Fools day comes a series of forged, tongue-in-cheek
messages, either from non-existent sites or using the name of a Well Known
USENET person. In general, these messages are harmless and meant as a joke,
and people who respond to these messages without thinking, either by flaming
or otherwise responding, generally end up looking rather silly when the
forgery is exposed.

So, for the few weeks, if you see a message that seems completely out
of line or is otherwise unusual, think twice before posting a followup
or responding to it; it's very likely a forgery.

There are a few ways of checking to see if a message is a forgery. These
aren't foolproof, but since most forgery posters want people to figure it
out, they will allow you to track down the vast majority of forgeries:

o Russian computers. For historic reasons most forged messages have
as part of their Path: a non-existent (we think!) russian
computer, either kremvax or moscvax. Other possibilities are
nsacyber or wobegon. Please note, however, that walldrug is a real
site and isn't a forgery.

o Posted dates. Almost invariably, the date of the posting is forged
to be April 1.

o Funky Message-ID. Subtle hints are often lodged into the
Message-Id, as that field is more or less an unparsed text string
and can contain random information. Common values include pi,
the phone number of the red phone in the white house, and the
name of the forger's parrot.

o subtle mispellings. Look for subtle misspellings of the host names
in the Path: field when a message is forged in the name of a Big
Name USENET person. This is done so that the person being forged
actually gets a chance to see the message and wonder when he
actually posted it.

Forged messages, of course, are not to be condoned. But they happen, and
it's important for people on the net not to over-react. They happen at this
time every year, and the forger generally gets their kick from watching the
novice users take the posting seriously and try to flame their tails off. If
we can keep a level head and not react to these postings, they'll taper off
rather quickly and we can return to the normal state of affairs: chaos.

Thanks for your support.

Gene Spafford, Spokeman, The Backbone Cabal.

This page last updated on: Jul 1 09:16