<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_06_2155218</id>
	<title>Fake "Bill Gates" Message Dupes Top Tools</title>
	<author>timothy</author>
	<datestamp>1262772000000</datestamp>
	<htmltext>yahoi writes with this excerpt from Dark Reading that might raise sysadmins' eyebrows about email security, in particular given the big names involved: <i>"A researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from 'Bill Gates' is about to reveal the <a href="http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=222200326">email products and services that failed to filter the spoofed message</a> &mdash; and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort.  ... The <a href="http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=220900191">experiment</a> was aimed at measuring the effectiveness of email security controls in several major products and services. And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say."</i></htmltext>
<tokenext>yahoi writes with this excerpt from Dark Reading that might raise sysadmins ' eyebrows about email security , in particular given the big names involved : " A researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from 'Bill Gates ' is about to reveal the email products and services that failed to filter the spoofed message    and that list includes Microsoft Outlook 2007 , Microsoft Exchange , Outlook Express , and Cisco IronPort .
... The experiment was aimed at measuring the effectiveness of email security controls in several major products and services .
And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it , security experts say .
"</tokentext>
<sentencetext>yahoi writes with this excerpt from Dark Reading that might raise sysadmins' eyebrows about email security, in particular given the big names involved: "A researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from 'Bill Gates' is about to reveal the email products and services that failed to filter the spoofed message — and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort.
... The experiment was aimed at measuring the effectiveness of email security controls in several major products and services.
And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676132</id>
	<title>Re:so?</title>
	<author>QuantumRiff</author>
	<datestamp>1262778120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>Okay Michael Bolton.. Your right, why should you have to change, he's the one that sucks...</p></htmltext>
<tokenext>Okay Michael Bolton.. Your right , why should you have to change , he 's the one that sucks.. .</tokentext>
<sentencetext>Okay Michael Bolton.. Your right, why should you have to change, he's the one that sucks...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675788</id>
	<title>Checking Actual Email Address with Displayed?</title>
	<author>Phrogman</author>
	<datestamp>1262776380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So none of these products compared the actual email address being used with the displayed one in the message? That would seem to me to be about the most obvious security check one could think of with regards to email.</p></htmltext>
<tokenext>So none of these products compared the actual email address being used with the displayed one in the message ?
That would seem to me to be about the most obvious security check one could think of with regards to email .</tokentext>
<sentencetext>So none of these products compared the actual email address being used with the displayed one in the message?
That would seem to me to be about the most obvious security check one could think of with regards to email.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676268</id>
	<title>not really news, but not bad to refresh memories</title>
	<author>Anonymous</author>
	<datestamp>1262778720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm amazed the "researcher" didn't already know this, especially that "tools" such as Outlook would not catch them.  Outlook is an email CLIENT.</p><p>This "spoofing" has been going on for a long time now, and often for legitimate means like: Mass-email marketing companies, online retailers (email this item to a friend!) and even online news like yahoo/google.  Spoofing an email address isn't considered a no-no.</p><p>Proper email security software will see these though.  What you do with them is up to you (send them for junk, or tag them)..I'd be amazed if anyone quarantines or deletes.</p><p>Social Engineering will always (probably) work..If someone calls a user and tells them to open the doors, and said user does so, there's only so much admins can do, other then find out who opened the doors.</p><p>ps..Outlook express???  I mean, seriously?  LMAO</p></htmltext>
<tokenext>I 'm amazed the " researcher " did n't already know this , especially that " tools " such as Outlook would not catch them .
Outlook is an email CLIENT.This " spoofing " has been going on for a long time now , and often for legitimate means like : Mass-email marketing companies , online retailers ( email this item to a friend !
) and even online news like yahoo/google .
Spoofing an email address is n't considered a no-no.Proper email security software will see these though .
What you do with them is up to you ( send them for junk , or tag them ) ..I 'd be amazed if anyone quarantines or deletes.Social Engineering will always ( probably ) work..If someone calls a user and tells them to open the doors , and said user does so , there 's only so much admins can do , other then find out who opened the doors.ps..Outlook express ? ? ?
I mean , seriously ?
LMAO</tokentext>
<sentencetext>I'm amazed the "researcher" didn't already know this, especially that "tools" such as Outlook would not catch them.
Outlook is an email CLIENT.This "spoofing" has been going on for a long time now, and often for legitimate means like: Mass-email marketing companies, online retailers (email this item to a friend!
) and even online news like yahoo/google.
Spoofing an email address isn't considered a no-no.Proper email security software will see these though.
What you do with them is up to you (send them for junk, or tag them)..I'd be amazed if anyone quarantines or deletes.Social Engineering will always (probably) work..If someone calls a user and tells them to open the doors, and said user does so, there's only so much admins can do, other then find out who opened the doors.ps..Outlook express???
I mean, seriously?
LMAO</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675818</id>
	<title>Little technology</title>
	<author>Anonymous</author>
	<datestamp>1262776500000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>"...And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say."</p></div><p>Okay, I give up.  What <b>can</b> little technology actually do about it?  Is that like nanotechnology, but bigger?<br>Yes, I was bored.  Back to work!</p></div>
	</htmltext>
<tokenext>" ...And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it , security experts say .
" Okay , I give up .
What can little technology actually do about it ?
Is that like nanotechnology , but bigger ? Yes , I was bored .
Back to work !</tokentext>
<sentencetext>"...And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say.
"Okay, I give up.
What can little technology actually do about it?
Is that like nanotechnology, but bigger?Yes, I was bored.
Back to work!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30678480</id>
	<title>TrueDomain</title>
	<author>InsertCleverUsername</author>
	<datestamp>1262794080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I use Fastmail.fm (a fantastic service) for my e-mail and I noticed something new in my inbox yesterday.  Little icons now appear next to messages from LinkedIn, Facebook, etc. to indicate that the origin of the message has been verified through some new service called Truedomain.  Anybody know the technical details?</p></htmltext>
<tokenext>I use Fastmail.fm ( a fantastic service ) for my e-mail and I noticed something new in my inbox yesterday .
Little icons now appear next to messages from LinkedIn , Facebook , etc .
to indicate that the origin of the message has been verified through some new service called Truedomain .
Anybody know the technical details ?</tokentext>
<sentencetext>I use Fastmail.fm (a fantastic service) for my e-mail and I noticed something new in my inbox yesterday.
Little icons now appear next to messages from LinkedIn, Facebook, etc.
to indicate that the origin of the message has been verified through some new service called Truedomain.
Anybody know the technical details?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30681268</id>
	<title>Re:Checking Actual Email Address with Displayed?</title>
	<author>jonadab</author>
	<datestamp>1262873160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>&gt; DNS can be messed up and mail will still function.<br>&gt; Say you have a hosted domain but it lacks an mx<br>&gt; record. Mail will still go out. So the server on<br>&gt; the other end needs to make a choice. Throw it<br>&gt; away or pass it through.<br><br>It doesn't have to be a binary choice based on one criterion.  You can use a number of different checks (does the envelope sender match the From field, does either of them match the HELO domain, does the HELO domain match the sending IP address, is the message text or HTML, does the sending domain provide SPF records and if so do they match, is there a valid subject line and if so does it match one of these regular expressions, have any of our users sent mail to this domain in the last N days,<nobr> <wbr></nobr>...) to drive a variable which, if it passes a certain threshhold, can trigger other effects (greylist, check against IP blacklists, run a virus scan, whatever).  You can even have multiple threshholds:  if the message fails 40-60\% of the checks you might greylist it with a short delay, and if if fails 61-80\% you might greylist it with a longer delay, but if it fails more than 80\% of the checks you might reject it out of hand, or send a "please confirm" reply that requires user interaction, or even go into teargrube mode.  And you might weight some of the checks more heavily than others.  For example, I'd penalize HTML mail much more heavily than mail with mismatched From and envelope sender, and domains to which I've sent mail would get a pretty big break, and so on.<br><br>Spammers use multiple techniques.  If we want to keep up in the arms race, we're going to have to use multiple techniques to fight back.</htmltext>
<tokenext>&gt; DNS can be messed up and mail will still function. &gt; Say you have a hosted domain but it lacks an mx &gt; record .
Mail will still go out .
So the server on &gt; the other end needs to make a choice .
Throw it &gt; away or pass it through.It does n't have to be a binary choice based on one criterion .
You can use a number of different checks ( does the envelope sender match the From field , does either of them match the HELO domain , does the HELO domain match the sending IP address , is the message text or HTML , does the sending domain provide SPF records and if so do they match , is there a valid subject line and if so does it match one of these regular expressions , have any of our users sent mail to this domain in the last N days , ... ) to drive a variable which , if it passes a certain threshhold , can trigger other effects ( greylist , check against IP blacklists , run a virus scan , whatever ) .
You can even have multiple threshholds : if the message fails 40-60 \ % of the checks you might greylist it with a short delay , and if if fails 61-80 \ % you might greylist it with a longer delay , but if it fails more than 80 \ % of the checks you might reject it out of hand , or send a " please confirm " reply that requires user interaction , or even go into teargrube mode .
And you might weight some of the checks more heavily than others .
For example , I 'd penalize HTML mail much more heavily than mail with mismatched From and envelope sender , and domains to which I 've sent mail would get a pretty big break , and so on.Spammers use multiple techniques .
If we want to keep up in the arms race , we 're going to have to use multiple techniques to fight back .</tokentext>
<sentencetext>&gt; DNS can be messed up and mail will still function.&gt; Say you have a hosted domain but it lacks an mx&gt; record.
Mail will still go out.
So the server on&gt; the other end needs to make a choice.
Throw it&gt; away or pass it through.It doesn't have to be a binary choice based on one criterion.
You can use a number of different checks (does the envelope sender match the From field, does either of them match the HELO domain, does the HELO domain match the sending IP address, is the message text or HTML, does the sending domain provide SPF records and if so do they match, is there a valid subject line and if so does it match one of these regular expressions, have any of our users sent mail to this domain in the last N days, ...) to drive a variable which, if it passes a certain threshhold, can trigger other effects (greylist, check against IP blacklists, run a virus scan, whatever).
You can even have multiple threshholds:  if the message fails 40-60\% of the checks you might greylist it with a short delay, and if if fails 61-80\% you might greylist it with a longer delay, but if it fails more than 80\% of the checks you might reject it out of hand, or send a "please confirm" reply that requires user interaction, or even go into teargrube mode.
And you might weight some of the checks more heavily than others.
For example, I'd penalize HTML mail much more heavily than mail with mismatched From and envelope sender, and domains to which I've sent mail would get a pretty big break, and so on.Spammers use multiple techniques.
If we want to keep up in the arms race, we're going to have to use multiple techniques to fight back.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675948</id>
	<title>The Limits of Security</title>
	<author>Jonas Buyl</author>
	<datestamp>1262777040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Whoever thinks this is a big issue should evaluate how much security we can expect from computers. Scams like this can be pulled off by sending IRL mail as well and are equally hard to detect by humans. Why should we expect an automated algorithm to be able to detect it?
Scams like this are only going to stop when every move you make on the Internet can be tracked down straight back to you. We're getting closer and closer to a decision: Privacy or security.
What's Slashdot's pick?</htmltext>
<tokenext>Whoever thinks this is a big issue should evaluate how much security we can expect from computers .
Scams like this can be pulled off by sending IRL mail as well and are equally hard to detect by humans .
Why should we expect an automated algorithm to be able to detect it ?
Scams like this are only going to stop when every move you make on the Internet can be tracked down straight back to you .
We 're getting closer and closer to a decision : Privacy or security .
What 's Slashdot 's pick ?</tokentext>
<sentencetext>Whoever thinks this is a big issue should evaluate how much security we can expect from computers.
Scams like this can be pulled off by sending IRL mail as well and are equally hard to detect by humans.
Why should we expect an automated algorithm to be able to detect it?
Scams like this are only going to stop when every move you make on the Internet can be tracked down straight back to you.
We're getting closer and closer to a decision: Privacy or security.
What's Slashdot's pick?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128</id>
	<title>Re:Checking Actual Email Address with Displayed?</title>
	<author>Anonymous</author>
	<datestamp>1262778120000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Well here's why that's tough. You can't check the email address it comes from typically because that would mean using the VRFY command, which no modern email server has enabled because it would allow spammers to simply poll an SMTP server for addresses and see if they are legit. They simply disable it or send all true responses.</p><p>The next check is DNS, verifying a mail record exists for the domain in question. Here's the problem with that. DNS can be messed up and mail will still function. Say you have a hosted domain but it lacks an mx record. Mail will still go out. So the server on the other end needs to make a choice. Throw it away or pass it through.</p></htmltext>
<tokenext>Well here 's why that 's tough .
You ca n't check the email address it comes from typically because that would mean using the VRFY command , which no modern email server has enabled because it would allow spammers to simply poll an SMTP server for addresses and see if they are legit .
They simply disable it or send all true responses.The next check is DNS , verifying a mail record exists for the domain in question .
Here 's the problem with that .
DNS can be messed up and mail will still function .
Say you have a hosted domain but it lacks an mx record .
Mail will still go out .
So the server on the other end needs to make a choice .
Throw it away or pass it through .</tokentext>
<sentencetext>Well here's why that's tough.
You can't check the email address it comes from typically because that would mean using the VRFY command, which no modern email server has enabled because it would allow spammers to simply poll an SMTP server for addresses and see if they are legit.
They simply disable it or send all true responses.The next check is DNS, verifying a mail record exists for the domain in question.
Here's the problem with that.
DNS can be messed up and mail will still function.
Say you have a hosted domain but it lacks an mx record.
Mail will still go out.
So the server on the other end needs to make a choice.
Throw it away or pass it through.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675788</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676874</id>
	<title>Re:Research no, risky possibly?</title>
	<author>Anonymous</author>
	<datestamp>1262782020000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Actually I think this might just be against the law and the researcher may have painted a big bullseye on his wallet for any one of these people who think they've been 'harmed' by believing they were actually invited by Bill Gates.</p><p>There are a lot of stupid internet laws out there and I'm sure the prosecutors/"victims" like nothing more than someone who provides all the evidence in a nice research report ready for prosecution.</p></htmltext>
<tokenext>Actually I think this might just be against the law and the researcher may have painted a big bullseye on his wallet for any one of these people who think they 've been 'harmed ' by believing they were actually invited by Bill Gates.There are a lot of stupid internet laws out there and I 'm sure the prosecutors/ " victims " like nothing more than someone who provides all the evidence in a nice research report ready for prosecution .</tokentext>
<sentencetext>Actually I think this might just be against the law and the researcher may have painted a big bullseye on his wallet for any one of these people who think they've been 'harmed' by believing they were actually invited by Bill Gates.There are a lot of stupid internet laws out there and I'm sure the prosecutors/"victims" like nothing more than someone who provides all the evidence in a nice research report ready for prosecution.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675982</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676688</id>
	<title>dumb to dumber?</title>
	<author>Anonymous</author>
	<datestamp>1262780880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>despite the dumb concept of the initial "exploitz", i like the next step stated in tfa:<br>"The next part we're going to dive into is applying browser, Adobe, and JavaScript exploits..."<br>really?</p><p>so let me get this straight.<br>in order to make your security firm noticed, you're going to demonstrate existing security concerns and exploit them?<br>yes, this is who i'd want to go with for my company security. oh yes.</p><p>i have a good idea, i'm going to get a new IT job and show how vulnerable the systems are to being knocked offline by unplugging the wires from the back of each machine. yes. then i will make more money because i show a new exploitz and can write an article about it showing how unsecured the computers are. yes. i am the famous now! yes!</p></htmltext>
<tokenext>despite the dumb concept of the initial " exploitz " , i like the next step stated in tfa : " The next part we 're going to dive into is applying browser , Adobe , and JavaScript exploits... " really ? so let me get this straight.in order to make your security firm noticed , you 're going to demonstrate existing security concerns and exploit them ? yes , this is who i 'd want to go with for my company security .
oh yes.i have a good idea , i 'm going to get a new IT job and show how vulnerable the systems are to being knocked offline by unplugging the wires from the back of each machine .
yes. then i will make more money because i show a new exploitz and can write an article about it showing how unsecured the computers are .
yes. i am the famous now !
yes !</tokentext>
<sentencetext>despite the dumb concept of the initial "exploitz", i like the next step stated in tfa:"The next part we're going to dive into is applying browser, Adobe, and JavaScript exploits..."really?so let me get this straight.in order to make your security firm noticed, you're going to demonstrate existing security concerns and exploit them?yes, this is who i'd want to go with for my company security.
oh yes.i have a good idea, i'm going to get a new IT job and show how vulnerable the systems are to being knocked offline by unplugging the wires from the back of each machine.
yes. then i will make more money because i show a new exploitz and can write an article about it showing how unsecured the computers are.
yes. i am the famous now!
yes!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676828</id>
	<title>You guys are too cynical!</title>
	<author>Anonymous</author>
	<datestamp>1262781720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Bill G. really is my LinkedIn buddy.  In fact, he's going to send me a cashier's check for $1M as soon as I reimburse him for the bank fee.  So there.</p></htmltext>
<tokenext>Bill G. really is my LinkedIn buddy .
In fact , he 's going to send me a cashier 's check for $ 1M as soon as I reimburse him for the bank fee .
So there .</tokentext>
<sentencetext>Bill G. really is my LinkedIn buddy.
In fact, he's going to send me a cashier's check for $1M as soon as I reimburse him for the bank fee.
So there.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30684148</id>
	<title>Oh, come on.</title>
	<author>thePowerOfGrayskull</author>
	<datestamp>1262886780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
None of the products in question make any pretense of validating  "spoofed" addresses.  And by "spoofed" we mean only that the originating address does not match the server used to send the email.  Whcih is a commonplace and valid scenario for many people who outsource web site hosting and email.
</p><p>
What this "article" is really about: "Look at me, I can state the obvious! Come read my site!"
</p><p>
Looking a little closer at the about page, I see what: "The InformationWeek Business Technology Network is a network of market-leading Web sites that provide technology buyers with the information, perspective, and tools they need to make the right decisions for their businesses. "</p></htmltext>
<tokenext>None of the products in question make any pretense of validating " spoofed " addresses .
And by " spoofed " we mean only that the originating address does not match the server used to send the email .
Whcih is a commonplace and valid scenario for many people who outsource web site hosting and email .
What this " article " is really about : " Look at me , I can state the obvious !
Come read my site !
" Looking a little closer at the about page , I see what : " The InformationWeek Business Technology Network is a network of market-leading Web sites that provide technology buyers with the information , perspective , and tools they need to make the right decisions for their businesses .
"</tokentext>
<sentencetext>
None of the products in question make any pretense of validating  "spoofed" addresses.
And by "spoofed" we mean only that the originating address does not match the server used to send the email.
Whcih is a commonplace and valid scenario for many people who outsource web site hosting and email.
What this "article" is really about: "Look at me, I can state the obvious!
Come read my site!
"

Looking a little closer at the about page, I see what: "The InformationWeek Business Technology Network is a network of market-leading Web sites that provide technology buyers with the information, perspective, and tools they need to make the right decisions for their businesses.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676580</id>
	<title>More than just MS products</title>
	<author>Anonymous</author>
	<datestamp>1262780460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>Firstly why is MS singled out in the slashdot version of the story? 100\% of mail products failed this so called test. </i></p><p>I noticed this too. Although the summary chooses to mention a few Microsoft products and Cisco Ironport, here is the list from the article:</p><p><b><br>
&nbsp; Microsoft and Cisco products, including users with GoDaddy's hosted email, Voltage, RackSpace/MailTrust hosted email, Webroot SaaS Email Security, Verizon Email Cloud Filtering with MessageLabs, a Linux and SpamAssassin configuration, SonicWall's Email Security appliance, LinuxMail with greylisting, Opera Mail, and Mozilla Thunderbird,iPhone, BlackBerry, and Palm Pre<br></b></p><p>Not quite 100\%, but it looks like most.</p></htmltext>
<tokenext>Firstly why is MS singled out in the slashdot version of the story ?
100 \ % of mail products failed this so called test .
I noticed this too .
Although the summary chooses to mention a few Microsoft products and Cisco Ironport , here is the list from the article :   Microsoft and Cisco products , including users with GoDaddy 's hosted email , Voltage , RackSpace/MailTrust hosted email , Webroot SaaS Email Security , Verizon Email Cloud Filtering with MessageLabs , a Linux and SpamAssassin configuration , SonicWall 's Email Security appliance , LinuxMail with greylisting , Opera Mail , and Mozilla Thunderbird,iPhone , BlackBerry , and Palm PreNot quite 100 \ % , but it looks like most .</tokentext>
<sentencetext>Firstly why is MS singled out in the slashdot version of the story?
100\% of mail products failed this so called test.
I noticed this too.
Although the summary chooses to mention a few Microsoft products and Cisco Ironport, here is the list from the article:
  Microsoft and Cisco products, including users with GoDaddy's hosted email, Voltage, RackSpace/MailTrust hosted email, Webroot SaaS Email Security, Verizon Email Cloud Filtering with MessageLabs, a Linux and SpamAssassin configuration, SonicWall's Email Security appliance, LinuxMail with greylisting, Opera Mail, and Mozilla Thunderbird,iPhone, BlackBerry, and Palm PreNot quite 100\%, but it looks like most.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30678142</id>
	<title>Re:What a crap story</title>
	<author>GF678</author>
	<datestamp>1262791080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>Firstly why is MS singled out in the slashdot version of the story? 100\% of mail products failed this so called test.</p></div></blockquote><p>You know the reason - Slashdot is EXTREMELY biased against Microsoft to the point of irrationality at times. Gets rather tiring at times, but hey, every source of media has some bias (except perhaps Reuters).</p></div>
	</htmltext>
<tokenext>Firstly why is MS singled out in the slashdot version of the story ?
100 \ % of mail products failed this so called test.You know the reason - Slashdot is EXTREMELY biased against Microsoft to the point of irrationality at times .
Gets rather tiring at times , but hey , every source of media has some bias ( except perhaps Reuters ) .</tokentext>
<sentencetext>Firstly why is MS singled out in the slashdot version of the story?
100\% of mail products failed this so called test.You know the reason - Slashdot is EXTREMELY biased against Microsoft to the point of irrationality at times.
Gets rather tiring at times, but hey, every source of media has some bias (except perhaps Reuters).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676420</id>
	<title>The experiment is lame...</title>
	<author>Anonymous</author>
	<datestamp>1262779740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Something like policyd-weight would have blocked that mail without big issues. Spoofing a message is nothing new and nothing special. I block gazillions of them per day. What is the big deal?</p></htmltext>
<tokenext>Something like policyd-weight would have blocked that mail without big issues .
Spoofing a message is nothing new and nothing special .
I block gazillions of them per day .
What is the big deal ?</tokentext>
<sentencetext>Something like policyd-weight would have blocked that mail without big issues.
Spoofing a message is nothing new and nothing special.
I block gazillions of them per day.
What is the big deal?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676570</id>
	<title>Re:Pretty much anything from linkedin is spam.</title>
	<author>socz</author>
	<datestamp>1262780400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yep I've gotten the same exact thing several times before spamming them entirely. I started asking around if anyone had requested me to join and it turns out only 1 close friend is signed up on it! So no one I really care about (that I know of) is on it. And you're right, they're helping the spammers spam, that's the worst part!</htmltext>
<tokenext>Yep I 've gotten the same exact thing several times before spamming them entirely .
I started asking around if anyone had requested me to join and it turns out only 1 close friend is signed up on it !
So no one I really care about ( that I know of ) is on it .
And you 're right , they 're helping the spammers spam , that 's the worst part !</tokentext>
<sentencetext>Yep I've gotten the same exact thing several times before spamming them entirely.
I started asking around if anyone had requested me to join and it turns out only 1 close friend is signed up on it!
So no one I really care about (that I know of) is on it.
And you're right, they're helping the spammers spam, that's the worst part!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680328</id>
	<title>Eh?</title>
	<author>YankDownUnder</author>
	<datestamp>1262860680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What - we didn't already know this? Erf...c'mon, wake up...</htmltext>
<tokenext>What - we did n't already know this ?
Erf...c'mon , wake up.. .</tokentext>
<sentencetext>What - we didn't already know this?
Erf...c'mon, wake up...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676738</id>
	<title>This is no news.</title>
	<author>jobst</author>
	<datestamp>1262781120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This shouldn't have been on<nobr> <wbr></nobr>/.!<br>Scammers have been tricking people since 1000's of years always trying to "stay ahead" of what people have learned<nobr> <wbr></nobr>... the same applies to anything in this world including virus/worm/trojan checkers, any other spam/email/whatever.<br>There are many sales people who will sell you something you don't need and most of people who bought the stuff walk away "happy" not realizing the where scammed "legitimately"<nobr> <wbr></nobr>...<br>Any of us need to learn/see when we are getting scammed<nobr> <wbr></nobr>... always.</p></htmltext>
<tokenext>This should n't have been on / .
! Scammers have been tricking people since 1000 's of years always trying to " stay ahead " of what people have learned ... the same applies to anything in this world including virus/worm/trojan checkers , any other spam/email/whatever.There are many sales people who will sell you something you do n't need and most of people who bought the stuff walk away " happy " not realizing the where scammed " legitimately " ...Any of us need to learn/see when we are getting scammed ... always .</tokentext>
<sentencetext>This shouldn't have been on /.
!Scammers have been tricking people since 1000's of years always trying to "stay ahead" of what people have learned ... the same applies to anything in this world including virus/worm/trojan checkers, any other spam/email/whatever.There are many sales people who will sell you something you don't need and most of people who bought the stuff walk away "happy" not realizing the where scammed "legitimately" ...Any of us need to learn/see when we are getting scammed ... always.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676700</id>
	<title>Re:What a crap story</title>
	<author>FlyingBishop</author>
	<datestamp>1262780940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I don't see how they could've excluded Google. I use Outlook+Exchange, Gmail, and Yahoo mail on a regular basis (work, personal, shopping) and Gmail is the gold standard. Outlook and Yahoo are a joke.</p></htmltext>
<tokenext>I do n't see how they could 've excluded Google .
I use Outlook + Exchange , Gmail , and Yahoo mail on a regular basis ( work , personal , shopping ) and Gmail is the gold standard .
Outlook and Yahoo are a joke .</tokentext>
<sentencetext>I don't see how they could've excluded Google.
I use Outlook+Exchange, Gmail, and Yahoo mail on a regular basis (work, personal, shopping) and Gmail is the gold standard.
Outlook and Yahoo are a joke.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30681968</id>
	<title>This article simply states the obvious.</title>
	<author>Phil\_at\_EvilNET</author>
	<datestamp>1262877660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Not to mention, it was written back in October.</p><p>Regardless, anyone that deals with spam on any level knows that targeted attacks (spear phishing...who the hell coined that?) are *not* the primary focus of appliances like the Ironport. Being an Ironport admin I know from experience with both Ironport and Puremessage (PerlMX) that the priority of these devices is to focus on QUANTITY. The volume of messages coming into a firm or company is more important than the targeted individual, not to mention that the target should exercise a little discretion and common sense when opening an email message coming from *anyone*, especially someone (in)famous like Bill Gates.</p><p>Local mail reader programs (and spam admins with time on their hands) are the front lines for targeted email attacks. Just like a good suit of armor, any good firewall design uses multiple devices to prevent penetration. The same thing holds true with email, and the targeted attack that gets past the first layer of security (routing MTA or spam appliance) should be handled by the second layer (the Mail Server) or the third layer (the desktop client).</p><p>From my own personal experience, custom rulesets are created on the Ironport or the Outlook/Lotus Notes client and the targeted attack is usually dealt with "after the fact". Its unfortunate that it gets done that way, but coming from a firm that used to handle millions of messages a day, the frequency of targeted attacks based on volume were insignificant. Either way, this is nothing new. It's like discovering the moon.</p><p>-Phil</p></htmltext>
<tokenext>Not to mention , it was written back in October.Regardless , anyone that deals with spam on any level knows that targeted attacks ( spear phishing...who the hell coined that ?
) are * not * the primary focus of appliances like the Ironport .
Being an Ironport admin I know from experience with both Ironport and Puremessage ( PerlMX ) that the priority of these devices is to focus on QUANTITY .
The volume of messages coming into a firm or company is more important than the targeted individual , not to mention that the target should exercise a little discretion and common sense when opening an email message coming from * anyone * , especially someone ( in ) famous like Bill Gates.Local mail reader programs ( and spam admins with time on their hands ) are the front lines for targeted email attacks .
Just like a good suit of armor , any good firewall design uses multiple devices to prevent penetration .
The same thing holds true with email , and the targeted attack that gets past the first layer of security ( routing MTA or spam appliance ) should be handled by the second layer ( the Mail Server ) or the third layer ( the desktop client ) .From my own personal experience , custom rulesets are created on the Ironport or the Outlook/Lotus Notes client and the targeted attack is usually dealt with " after the fact " .
Its unfortunate that it gets done that way , but coming from a firm that used to handle millions of messages a day , the frequency of targeted attacks based on volume were insignificant .
Either way , this is nothing new .
It 's like discovering the moon.-Phil</tokentext>
<sentencetext>Not to mention, it was written back in October.Regardless, anyone that deals with spam on any level knows that targeted attacks (spear phishing...who the hell coined that?
) are *not* the primary focus of appliances like the Ironport.
Being an Ironport admin I know from experience with both Ironport and Puremessage (PerlMX) that the priority of these devices is to focus on QUANTITY.
The volume of messages coming into a firm or company is more important than the targeted individual, not to mention that the target should exercise a little discretion and common sense when opening an email message coming from *anyone*, especially someone (in)famous like Bill Gates.Local mail reader programs (and spam admins with time on their hands) are the front lines for targeted email attacks.
Just like a good suit of armor, any good firewall design uses multiple devices to prevent penetration.
The same thing holds true with email, and the targeted attack that gets past the first layer of security (routing MTA or spam appliance) should be handled by the second layer (the Mail Server) or the third layer (the desktop client).From my own personal experience, custom rulesets are created on the Ironport or the Outlook/Lotus Notes client and the targeted attack is usually dealt with "after the fact".
Its unfortunate that it gets done that way, but coming from a firm that used to handle millions of messages a day, the frequency of targeted attacks based on volume were insignificant.
Either way, this is nothing new.
It's like discovering the moon.-Phil</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675982</id>
	<title>This is  research?  Where's the beef?</title>
	<author>NeumannCons</author>
	<datestamp>1262777220000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>So the "researcher" sends an email pretending to be B. Gates and the message got through? OMG!  Seriously, where's the "phishing" part?  Did he have them click on a link?  What was the success rate of that?  Linkedin is fairly safe - there's not a whole lot of sensitive information there (unless past work history is "sensitive) - it doesn't ask you for your SSN, address, credit card no, etc.  Asking a victim to supply that info to join someones linkedin group would surely raise suspicion and alert people that it's a fake.  There's no real meat to the article here.  Either the reporter reporting on this story has missed an important part of the story (likely) or the researcher has just discovered that you can email anyone and pretend to be anyone.<br><br>All of the tools listed don't work by verifying the identity of the sender.  If you fail to look/behave like a spammer/cracker/phisher, your email will get through unless you use a white list at which point 99\% of people outside your list won't know how to get an email to you even though the rejection letter spells out the correct procedure.  I wonder how many people actually tried to join Bill's linkedin account and of those what percentage thought it may actually *be* Bill.  I'm gonna guess it's somewhere around zero.<br><br>Now excuse me, I have to get back to forwarding Bill's email I got to 20 people so have I have a chance at the million dollar prize.</htmltext>
<tokenext>So the " researcher " sends an email pretending to be B. Gates and the message got through ?
OMG ! Seriously , where 's the " phishing " part ?
Did he have them click on a link ?
What was the success rate of that ?
Linkedin is fairly safe - there 's not a whole lot of sensitive information there ( unless past work history is " sensitive ) - it does n't ask you for your SSN , address , credit card no , etc .
Asking a victim to supply that info to join someones linkedin group would surely raise suspicion and alert people that it 's a fake .
There 's no real meat to the article here .
Either the reporter reporting on this story has missed an important part of the story ( likely ) or the researcher has just discovered that you can email anyone and pretend to be anyone.All of the tools listed do n't work by verifying the identity of the sender .
If you fail to look/behave like a spammer/cracker/phisher , your email will get through unless you use a white list at which point 99 \ % of people outside your list wo n't know how to get an email to you even though the rejection letter spells out the correct procedure .
I wonder how many people actually tried to join Bill 's linkedin account and of those what percentage thought it may actually * be * Bill .
I 'm gon na guess it 's somewhere around zero.Now excuse me , I have to get back to forwarding Bill 's email I got to 20 people so have I have a chance at the million dollar prize .</tokentext>
<sentencetext>So the "researcher" sends an email pretending to be B. Gates and the message got through?
OMG!  Seriously, where's the "phishing" part?
Did he have them click on a link?
What was the success rate of that?
Linkedin is fairly safe - there's not a whole lot of sensitive information there (unless past work history is "sensitive) - it doesn't ask you for your SSN, address, credit card no, etc.
Asking a victim to supply that info to join someones linkedin group would surely raise suspicion and alert people that it's a fake.
There's no real meat to the article here.
Either the reporter reporting on this story has missed an important part of the story (likely) or the researcher has just discovered that you can email anyone and pretend to be anyone.All of the tools listed don't work by verifying the identity of the sender.
If you fail to look/behave like a spammer/cracker/phisher, your email will get through unless you use a white list at which point 99\% of people outside your list won't know how to get an email to you even though the rejection letter spells out the correct procedure.
I wonder how many people actually tried to join Bill's linkedin account and of those what percentage thought it may actually *be* Bill.
I'm gonna guess it's somewhere around zero.Now excuse me, I have to get back to forwarding Bill's email I got to 20 people so have I have a chance at the million dollar prize.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679510</id>
	<title>Re:Old news</title>
	<author>Sir\_Lewk</author>
	<datestamp>1262804700000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>SMTP is not broken.  SMTP was never supposed to provide authentication of identity, and nobody with the slightest of technical knowledge has ever expected it too.</p><p>That is why anyone who cares uses PGP/GPG.</p></htmltext>
<tokenext>SMTP is not broken .
SMTP was never supposed to provide authentication of identity , and nobody with the slightest of technical knowledge has ever expected it too.That is why anyone who cares uses PGP/GPG .</tokentext>
<sentencetext>SMTP is not broken.
SMTP was never supposed to provide authentication of identity, and nobody with the slightest of technical knowledge has ever expected it too.That is why anyone who cares uses PGP/GPG.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676686</id>
	<title>Re:Checking Actual Email Address with Displayed?</title>
	<author>Phrogman</author>
	<datestamp>1262780880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Okay thanks for the clarification. I know relatively little about email and how it is transmitted/received beyond how to use it<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Okay thanks for the clarification .
I know relatively little about email and how it is transmitted/received beyond how to use it : )</tokentext>
<sentencetext>Okay thanks for the clarification.
I know relatively little about email and how it is transmitted/received beyond how to use it :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726</id>
	<title>Old news</title>
	<author>Anonymous</author>
	<datestamp>1262776140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>SMTP is broken. Deal with it</p></htmltext>
<tokenext>SMTP is broken .
Deal with it</tokentext>
<sentencetext>SMTP is broken.
Deal with it</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676116</id>
	<title>I don't think that word means...</title>
	<author>Anonymous</author>
	<datestamp>1262778000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>what you think it means.

<p>Phishing attacks would presumably be trying to get some otherwise secured info from the victim. What would the victim of this attack provide in response to this email? Credit card info? Online banking credentials? Warcraft account info? sheesh. As someone above stated, the guy sent an email and it got through. No news there. This isn't phishing, it's spam. And not even good spam. I would bet more people would  be trying to buy cheap viagra than join Bill's Linkedin.</p></htmltext>
<tokenext>what you think it means .
Phishing attacks would presumably be trying to get some otherwise secured info from the victim .
What would the victim of this attack provide in response to this email ?
Credit card info ?
Online banking credentials ?
Warcraft account info ?
sheesh. As someone above stated , the guy sent an email and it got through .
No news there .
This is n't phishing , it 's spam .
And not even good spam .
I would bet more people would be trying to buy cheap viagra than join Bill 's Linkedin .</tokentext>
<sentencetext>what you think it means.
Phishing attacks would presumably be trying to get some otherwise secured info from the victim.
What would the victim of this attack provide in response to this email?
Credit card info?
Online banking credentials?
Warcraft account info?
sheesh. As someone above stated, the guy sent an email and it got through.
No news there.
This isn't phishing, it's spam.
And not even good spam.
I would bet more people would  be trying to buy cheap viagra than join Bill's Linkedin.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882</id>
	<title>This is nothing new</title>
	<author>Anonymous</author>
	<datestamp>1262776740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>SMTP works like real mail. Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates". Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not. We've known this since around 2400BC (because wikipedia says so).</p></htmltext>
<tokenext>SMTP works like real mail .
Anyone can walk up to your mailbox and leave an envelope addressed to you from " Bill Gates " .
Unless you know how to look for signs that it was properly handled by the post service , you have no idea if it 's real or not .
We 've known this since around 2400BC ( because wikipedia says so ) .</tokentext>
<sentencetext>SMTP works like real mail.
Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates".
Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not.
We've known this since around 2400BC (because wikipedia says so).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30685808</id>
	<title>Re:This is nothing new</title>
	<author>ThunderThor53</author>
	<datestamp>1262893680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>SMTP works like real mail. Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates". Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not. We've known this since around 2400BC (because wikipedia says so).</p></div><p>Technically, putting anything into a mailbox (not for them to pick up, but as a delivery), is illegal, with a fine of up to $300 per item plus postage. It seems this is only illegal if you don't put postage on the letter though.</p><p><div class="quote"><p>Crimes and Criminal Procedure - 18 USC Section 1725</p><p>Legal Research Home &gt; US Lawyer &gt; Crimes and Criminal Procedure &gt; Crimes and Criminal Procedure -</p><p>18 USC Section 1725</p><p>01/19/04</p><p><div class="quote"><p>Sec. 1725. Postage unpaid on deposited mail matter</p><p>Whoever knowingly and willfully deposits any mailable matter such as statements of accounts, circulars, sale bills, or other like matter, on which no postage has been paid, in any letter box established, approved, or accepted by the Postal Service for the receipt or delivery of mail matter on any mail route with intent to avoid payment of lawful postage thereon, shall for each such offense be fined under this title. AMENDMENTS 1994 - Pub. L. 103-322 substituted "fined under this title" for "fined not more than $300". 1970 - Pub. L. 91-375 substituted "Postal Service" for "Postmaster General". EFFECTIVE DATE OF 1970 AMENDMENT Amendment by Pub. L. 91-375 effective within 1 year after Aug. 12, 1970, on date established therefor by Board of Governors of United States Postal Service and published by it in Federal Register, see section 15(a) of Pub. L. 91-375, set out as an Effective Date note preceding section 101 of Title 39, Postal Service.</p></div></div></div>
	</htmltext>
<tokenext>SMTP works like real mail .
Anyone can walk up to your mailbox and leave an envelope addressed to you from " Bill Gates " .
Unless you know how to look for signs that it was properly handled by the post service , you have no idea if it 's real or not .
We 've known this since around 2400BC ( because wikipedia says so ) .Technically , putting anything into a mailbox ( not for them to pick up , but as a delivery ) , is illegal , with a fine of up to $ 300 per item plus postage .
It seems this is only illegal if you do n't put postage on the letter though.Crimes and Criminal Procedure - 18 USC Section 1725Legal Research Home &gt; US Lawyer &gt; Crimes and Criminal Procedure &gt; Crimes and Criminal Procedure -18 USC Section 172501/19/04Sec .
1725. Postage unpaid on deposited mail matterWhoever knowingly and willfully deposits any mailable matter such as statements of accounts , circulars , sale bills , or other like matter , on which no postage has been paid , in any letter box established , approved , or accepted by the Postal Service for the receipt or delivery of mail matter on any mail route with intent to avoid payment of lawful postage thereon , shall for each such offense be fined under this title .
AMENDMENTS 1994 - Pub .
L. 103-322 substituted " fined under this title " for " fined not more than $ 300 " .
1970 - Pub .
L. 91-375 substituted " Postal Service " for " Postmaster General " .
EFFECTIVE DATE OF 1970 AMENDMENT Amendment by Pub .
L. 91-375 effective within 1 year after Aug. 12 , 1970 , on date established therefor by Board of Governors of United States Postal Service and published by it in Federal Register , see section 15 ( a ) of Pub .
L. 91-375 , set out as an Effective Date note preceding section 101 of Title 39 , Postal Service .</tokentext>
<sentencetext>SMTP works like real mail.
Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates".
Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not.
We've known this since around 2400BC (because wikipedia says so).Technically, putting anything into a mailbox (not for them to pick up, but as a delivery), is illegal, with a fine of up to $300 per item plus postage.
It seems this is only illegal if you don't put postage on the letter though.Crimes and Criminal Procedure - 18 USC Section 1725Legal Research Home &gt; US Lawyer &gt; Crimes and Criminal Procedure &gt; Crimes and Criminal Procedure -18 USC Section 172501/19/04Sec.
1725. Postage unpaid on deposited mail matterWhoever knowingly and willfully deposits any mailable matter such as statements of accounts, circulars, sale bills, or other like matter, on which no postage has been paid, in any letter box established, approved, or accepted by the Postal Service for the receipt or delivery of mail matter on any mail route with intent to avoid payment of lawful postage thereon, shall for each such offense be fined under this title.
AMENDMENTS 1994 - Pub.
L. 103-322 substituted "fined under this title" for "fined not more than $300".
1970 - Pub.
L. 91-375 substituted "Postal Service" for "Postmaster General".
EFFECTIVE DATE OF 1970 AMENDMENT Amendment by Pub.
L. 91-375 effective within 1 year after Aug. 12, 1970, on date established therefor by Board of Governors of United States Postal Service and published by it in Federal Register, see section 15(a) of Pub.
L. 91-375, set out as an Effective Date note preceding section 101 of Title 39, Postal Service.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675916</id>
	<title>Re:so?</title>
	<author>corbettw</author>
	<datestamp>1262776920000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>You know the famous one doesn't have a monopoly on that name, right?</p></div><p>Well, it would be rather fitting if he did.</p></div>
	</htmltext>
<tokenext>You know the famous one does n't have a monopoly on that name , right ? Well , it would be rather fitting if he did .</tokentext>
<sentencetext>You know the famous one doesn't have a monopoly on that name, right?Well, it would be rather fitting if he did.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679984</id>
	<title>Re:Little technology</title>
	<author>RAMMS+EIN</author>
	<datestamp>1262897700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I realize you're picking linguistic nits here, but there is actually a serious answer to your question, and it's been known for a long time. If you want some sort of assurance that an email really comes from who it purports to come from, the email infrastructure as commonly deployed won't give you that. However, there are technologies that will.</p><p>PGP is one of them. With PGP, you can sign your message with public key cryptography. If you sign with your private key and upload your public key to a keyserver, the receiver can verify that the private key corresponding to that public key was used to sign the message. In other words, only a person who knows the private key could have signed the message.</p><p>By itself, this isn't enough to verify the sender's identity. I could create a key pair and use it with the name "Bill Gates", even though I am not, in fact, Bill Gates. To solve this, PGP has introduced the web of trust (S/MIME, which is similar, uses a trust hierarchy instead, like SSL). Roughly speaking, the web of trust allows you to say "I trust this person so much I'll also trust any keys he trusts". And then, if that person says a key belongs to Bill Gates, you'll believe it does.</p><p>The end result is that, if you get a message signed by a key you trust to belong to Bill Gates, then you can trust that the message was signed by Bill Gates. Anything else means it could as well be an impostor. And since the vast majority of email doesn't use PGP or any other mechanism to verify senders, the vast majority of email could as well be from impostors. In fact, I would go as far as to say this really is the case: the bulk of email is SPAM, and SPAM is usually not from the sender it claims to be from.</p></htmltext>
<tokenext>I realize you 're picking linguistic nits here , but there is actually a serious answer to your question , and it 's been known for a long time .
If you want some sort of assurance that an email really comes from who it purports to come from , the email infrastructure as commonly deployed wo n't give you that .
However , there are technologies that will.PGP is one of them .
With PGP , you can sign your message with public key cryptography .
If you sign with your private key and upload your public key to a keyserver , the receiver can verify that the private key corresponding to that public key was used to sign the message .
In other words , only a person who knows the private key could have signed the message.By itself , this is n't enough to verify the sender 's identity .
I could create a key pair and use it with the name " Bill Gates " , even though I am not , in fact , Bill Gates .
To solve this , PGP has introduced the web of trust ( S/MIME , which is similar , uses a trust hierarchy instead , like SSL ) .
Roughly speaking , the web of trust allows you to say " I trust this person so much I 'll also trust any keys he trusts " .
And then , if that person says a key belongs to Bill Gates , you 'll believe it does.The end result is that , if you get a message signed by a key you trust to belong to Bill Gates , then you can trust that the message was signed by Bill Gates .
Anything else means it could as well be an impostor .
And since the vast majority of email does n't use PGP or any other mechanism to verify senders , the vast majority of email could as well be from impostors .
In fact , I would go as far as to say this really is the case : the bulk of email is SPAM , and SPAM is usually not from the sender it claims to be from .</tokentext>
<sentencetext>I realize you're picking linguistic nits here, but there is actually a serious answer to your question, and it's been known for a long time.
If you want some sort of assurance that an email really comes from who it purports to come from, the email infrastructure as commonly deployed won't give you that.
However, there are technologies that will.PGP is one of them.
With PGP, you can sign your message with public key cryptography.
If you sign with your private key and upload your public key to a keyserver, the receiver can verify that the private key corresponding to that public key was used to sign the message.
In other words, only a person who knows the private key could have signed the message.By itself, this isn't enough to verify the sender's identity.
I could create a key pair and use it with the name "Bill Gates", even though I am not, in fact, Bill Gates.
To solve this, PGP has introduced the web of trust (S/MIME, which is similar, uses a trust hierarchy instead, like SSL).
Roughly speaking, the web of trust allows you to say "I trust this person so much I'll also trust any keys he trusts".
And then, if that person says a key belongs to Bill Gates, you'll believe it does.The end result is that, if you get a message signed by a key you trust to belong to Bill Gates, then you can trust that the message was signed by Bill Gates.
Anything else means it could as well be an impostor.
And since the vast majority of email doesn't use PGP or any other mechanism to verify senders, the vast majority of email could as well be from impostors.
In fact, I would go as far as to say this really is the case: the bulk of email is SPAM, and SPAM is usually not from the sender it claims to be from.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675818</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675734</id>
	<title>Now, now!</title>
	<author>The Wild Norseman</author>
	<datestamp>1262776140000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>You know, Steve Jobs may not be the most likeable fellow around, but that hardly makes it okay to call him a 'tool.'</htmltext>
<tokenext>You know , Steve Jobs may not be the most likeable fellow around , but that hardly makes it okay to call him a 'tool .
'</tokentext>
<sentencetext>You know, Steve Jobs may not be the most likeable fellow around, but that hardly makes it okay to call him a 'tool.
'</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680984</id>
	<title>Re:This is nothing new</title>
	<author>grizdog</author>
	<datestamp>1262870100000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>SMTP works like real mail. Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates". Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not. We've known this since around 2400BC (because wikipedia says so).</p></div><p>Actually, in the US, this is illegal, and it does get enforced.  No one but the US Government is allowed to put something inside your mailbox, and you will probably find out if you try distributing leaflets for a commercial enterprise or political campaign. It may be illegal to forge an email, but that's different from delivering it.</p></div>
	</htmltext>
<tokenext>SMTP works like real mail .
Anyone can walk up to your mailbox and leave an envelope addressed to you from " Bill Gates " .
Unless you know how to look for signs that it was properly handled by the post service , you have no idea if it 's real or not .
We 've known this since around 2400BC ( because wikipedia says so ) .Actually , in the US , this is illegal , and it does get enforced .
No one but the US Government is allowed to put something inside your mailbox , and you will probably find out if you try distributing leaflets for a commercial enterprise or political campaign .
It may be illegal to forge an email , but that 's different from delivering it .</tokentext>
<sentencetext>SMTP works like real mail.
Anyone can walk up to your mailbox and leave an envelope addressed to you from "Bill Gates".
Unless you know how to look for signs that it was properly handled by the post service, you have no idea if it's real or not.
We've known this since around 2400BC (because wikipedia says so).Actually, in the US, this is illegal, and it does get enforced.
No one but the US Government is allowed to put something inside your mailbox, and you will probably find out if you try distributing leaflets for a commercial enterprise or political campaign.
It may be illegal to forge an email, but that's different from delivering it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676884</id>
	<title>Re:I don't think that word means...</title>
	<author>Anonymous</author>
	<datestamp>1262782140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The only point that the "security tester" might have with all of this is that Linkedin doesn't use an X-Originating-IP: or similar header in these invites -- this means that low-volume spam such as this gets through as legitimate, because the receiving systems have no way of knowing it isn't legit Linkedin messages.  Yahoo and Google are also guilty of this.  If the sender's IP was revealed, you could rest assured that any offending IPs would be blocked by all the major vendors in short order.  Of course, this also means that there is no layer of anonymity between the sender and the recipient, which the sender might not like, even if they are on the up and up.</p></htmltext>
<tokenext>The only point that the " security tester " might have with all of this is that Linkedin does n't use an X-Originating-IP : or similar header in these invites -- this means that low-volume spam such as this gets through as legitimate , because the receiving systems have no way of knowing it is n't legit Linkedin messages .
Yahoo and Google are also guilty of this .
If the sender 's IP was revealed , you could rest assured that any offending IPs would be blocked by all the major vendors in short order .
Of course , this also means that there is no layer of anonymity between the sender and the recipient , which the sender might not like , even if they are on the up and up .</tokentext>
<sentencetext>The only point that the "security tester" might have with all of this is that Linkedin doesn't use an X-Originating-IP: or similar header in these invites -- this means that low-volume spam such as this gets through as legitimate, because the receiving systems have no way of knowing it isn't legit Linkedin messages.
Yahoo and Google are also guilty of this.
If the sender's IP was revealed, you could rest assured that any offending IPs would be blocked by all the major vendors in short order.
Of course, this also means that there is no layer of anonymity between the sender and the recipient, which the sender might not like, even if they are on the up and up.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676116</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006</id>
	<title>What a crap story</title>
	<author>bloodhawk</author>
	<datestamp>1262777340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Firstly why is MS singled out in the slashdot version of the story? 100\% of mail products failed this so called test.<br> <br>

secondly what a piece of garbage, the mail products ALL did what they were supposed to, looking at how the email was constructed there was no piece of information in it that would allow any of the products to automatically detect it as an attack, sadly this is the nature of how SMTP mail is built, there is no easy way to determine a real email from fake one as is easily demonstrated by the 100\% failure of every product, or more to the point the 100\% failure of the researchers in understanding what they are doing, claiming they were trying to measure the levels of security is just complete crap, all they are after is publicity on a well known and understood technology and its many flawes.</htmltext>
<tokenext>Firstly why is MS singled out in the slashdot version of the story ?
100 \ % of mail products failed this so called test .
secondly what a piece of garbage , the mail products ALL did what they were supposed to , looking at how the email was constructed there was no piece of information in it that would allow any of the products to automatically detect it as an attack , sadly this is the nature of how SMTP mail is built , there is no easy way to determine a real email from fake one as is easily demonstrated by the 100 \ % failure of every product , or more to the point the 100 \ % failure of the researchers in understanding what they are doing , claiming they were trying to measure the levels of security is just complete crap , all they are after is publicity on a well known and understood technology and its many flawes .</tokentext>
<sentencetext>Firstly why is MS singled out in the slashdot version of the story?
100\% of mail products failed this so called test.
secondly what a piece of garbage, the mail products ALL did what they were supposed to, looking at how the email was constructed there was no piece of information in it that would allow any of the products to automatically detect it as an attack, sadly this is the nature of how SMTP mail is built, there is no easy way to determine a real email from fake one as is easily demonstrated by the 100\% failure of every product, or more to the point the 100\% failure of the researchers in understanding what they are doing, claiming they were trying to measure the levels of security is just complete crap, all they are after is publicity on a well known and understood technology and its many flawes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676066</id>
	<title>LOLWUT?</title>
	<author>argent</author>
	<datestamp>1262777700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>What's the point of this? If you send someone an email, they'll get it? God, I hope so! That used to be the norm before spammers poisoned the well.</p></htmltext>
<tokenext>What 's the point of this ?
If you send someone an email , they 'll get it ?
God , I hope so !
That used to be the norm before spammers poisoned the well .</tokentext>
<sentencetext>What's the point of this?
If you send someone an email, they'll get it?
God, I hope so!
That used to be the norm before spammers poisoned the well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30677576</id>
	<title>Not too obvious..</title>
	<author>cmacb</author>
	<datestamp>1262786760000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>     Bill Gates has indicated you are a fellow group member of Microsoft Security. I'd like to add you to my professional network on LinkedIn. - B. Gates.</p></div></blockquote><p>Oh, that would have fooled me.  It would have been more tricky if they'd added something like:</p><blockquote><div><p>Oh, and I'm also inviting you to the other special interests groups I follow:  "Committee for Prevention of Bloat in Operating Systems", and "Six Forty K.  It's Enough for Anyone".  I look forward to seeing you on LinkedIN and if you are ever in the Seattle area, stop by for a brew.</p></div></blockquote></div>
	</htmltext>
<tokenext>Bill Gates has indicated you are a fellow group member of Microsoft Security .
I 'd like to add you to my professional network on LinkedIn .
- B. Gates.Oh , that would have fooled me .
It would have been more tricky if they 'd added something like : Oh , and I 'm also inviting you to the other special interests groups I follow : " Committee for Prevention of Bloat in Operating Systems " , and " Six Forty K. It 's Enough for Anyone " .
I look forward to seeing you on LinkedIN and if you are ever in the Seattle area , stop by for a brew .</tokentext>
<sentencetext>     Bill Gates has indicated you are a fellow group member of Microsoft Security.
I'd like to add you to my professional network on LinkedIn.
- B. Gates.Oh, that would have fooled me.
It would have been more tricky if they'd added something like:Oh, and I'm also inviting you to the other special interests groups I follow:  "Committee for Prevention of Bloat in Operating Systems", and "Six Forty K.  It's Enough for Anyone".
I look forward to seeing you on LinkedIN and if you are ever in the Seattle area, stop by for a brew.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675904</id>
	<title>Re:so?</title>
	<author>John Hasler</author>
	<datestamp>1262776860000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Right.  Much better to delete a message just because it came from LinkedIn.</p></htmltext>
<tokenext>Right .
Much better to delete a message just because it came from LinkedIn .</tokentext>
<sentencetext>Right.
Much better to delete a message just because it came from LinkedIn.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676336</id>
	<title>ado7l</title>
	<author>Anonymous</author>
	<datestamp>1262779080000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext>Create, manufacture bUWLA, or BSD Trying to Dissect And sold in the Lay down paper another troubled 200 running NT under the GPL.</htmltext>
<tokenext>Create , manufacture bUWLA , or BSD Trying to Dissect And sold in the Lay down paper another troubled 200 running NT under the GPL .</tokentext>
<sentencetext>Create, manufacture bUWLA, or BSD Trying to Dissect And sold in the Lay down paper another troubled 200 running NT under the GPL.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676004</id>
	<title>What's even worse...</title>
	<author>Locke2005</author>
	<datestamp>1262777340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It not only duped the top tools, it also duped the software that those big tools were running as well!</htmltext>
<tokenext>It not only duped the top tools , it also duped the software that those big tools were running as well !</tokentext>
<sentencetext>It not only duped the top tools, it also duped the software that those big tools were running as well!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676786</id>
	<title>E-mail messages get delivered!</title>
	<author>HenryKoren</author>
	<datestamp>1262781480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Be afraid!</p></htmltext>
<tokenext>Be afraid !</tokentext>
<sentencetext>Be afraid!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858</id>
	<title>Pretty much anything from linkedin is spam.</title>
	<author>Anonymous</author>
	<datestamp>1262776680000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>A couple of months ago, I got a "someone who knows you wants you to join" email from Linkedin.  Someone had submitted my email address and wanted to "friend" me, and the entire contents of the "this person knows you because..." part was a spam website in China.</p><p>Any casual glance would show that it was spam.</p><p>Linkedin had "kindly" put a link at the bottom of the email saying "if this is spam, report it here".  So I did, and the web page thanked me for reporting the spam.</p><p>Two weeks later, I got *ANOTHER* email from Linkedin, "helpfully" reminding me that <i>I hadn't accepted the spammer's invitation</i></p><p>WTF?!?!  I told them is was spam, and not only hadn't they banned the spammer, <b>they were spamming for him</b>!</p><p>Linkedin instantly went into my mailservers blacklist.  They're just fucking spammers.</p></htmltext>
<tokenext>A couple of months ago , I got a " someone who knows you wants you to join " email from Linkedin .
Someone had submitted my email address and wanted to " friend " me , and the entire contents of the " this person knows you because... " part was a spam website in China.Any casual glance would show that it was spam.Linkedin had " kindly " put a link at the bottom of the email saying " if this is spam , report it here " .
So I did , and the web page thanked me for reporting the spam.Two weeks later , I got * ANOTHER * email from Linkedin , " helpfully " reminding me that I had n't accepted the spammer 's invitationWTF ? ! ? !
I told them is was spam , and not only had n't they banned the spammer , they were spamming for him ! Linkedin instantly went into my mailservers blacklist .
They 're just fucking spammers .</tokentext>
<sentencetext>A couple of months ago, I got a "someone who knows you wants you to join" email from Linkedin.
Someone had submitted my email address and wanted to "friend" me, and the entire contents of the "this person knows you because..." part was a spam website in China.Any casual glance would show that it was spam.Linkedin had "kindly" put a link at the bottom of the email saying "if this is spam, report it here".
So I did, and the web page thanked me for reporting the spam.Two weeks later, I got *ANOTHER* email from Linkedin, "helpfully" reminding me that I hadn't accepted the spammer's invitationWTF?!?!
I told them is was spam, and not only hadn't they banned the spammer, they were spamming for him!Linkedin instantly went into my mailservers blacklist.
They're just fucking spammers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676224</id>
	<title>Re:Old news</title>
	<author>Anonymous</author>
	<datestamp>1262778480000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I wouldn't say it is broken; it serves its original purpose quite well.  I think it is more a problem of our expectation of privacy and security, neither of which SMTP is capable of providing (at least not without various extensions and hacks bolted on top of it).</p></htmltext>
<tokenext>I would n't say it is broken ; it serves its original purpose quite well .
I think it is more a problem of our expectation of privacy and security , neither of which SMTP is capable of providing ( at least not without various extensions and hacks bolted on top of it ) .</tokentext>
<sentencetext>I wouldn't say it is broken; it serves its original purpose quite well.
I think it is more a problem of our expectation of privacy and security, neither of which SMTP is capable of providing (at least not without various extensions and hacks bolted on top of it).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30677664</id>
	<title>The article is a wank / PR press release, but ....</title>
	<author>dhammabum</author>
	<datestamp>1262787480000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Dark Reading (ooh, spooky) as is their wont, lists no actual details so we don't know what the guy actually did. But mail clients in general are pretty hopeless at interpreting "who" a message is from. There are several fields that can be used - the actual sending address (the "mail from: " in the SMTP exchange), Reply-to:, From: Sender:. There is no agreed prioritisation that I know of as to what actually goes in the "From" that we see in the client...</p><p>I once had a weird circumstance where messages from a mail script I wrote using the MIME::Entity perl module were being received as from "nobody". I hadn't specified the sender field in the entity mail object and the module thoughtfully provided one for me, using the owner of the process running the script. So even though the reply-to and from fields were correctly set, I got a number of calls about who this nobody was....</p><p>One can prevent spoofed email using filters, etc, at least with Unix/Linux-based mail transfer agents, presumably this can also be done with MS Exchange. So the breathless report that 100\% of the spoofed messages got through just indicates the low priority spoofing has in those administrators' minds.</p></htmltext>
<tokenext>Dark Reading ( ooh , spooky ) as is their wont , lists no actual details so we do n't know what the guy actually did .
But mail clients in general are pretty hopeless at interpreting " who " a message is from .
There are several fields that can be used - the actual sending address ( the " mail from : " in the SMTP exchange ) , Reply-to : , From : Sender : .
There is no agreed prioritisation that I know of as to what actually goes in the " From " that we see in the client...I once had a weird circumstance where messages from a mail script I wrote using the MIME : : Entity perl module were being received as from " nobody " .
I had n't specified the sender field in the entity mail object and the module thoughtfully provided one for me , using the owner of the process running the script .
So even though the reply-to and from fields were correctly set , I got a number of calls about who this nobody was....One can prevent spoofed email using filters , etc , at least with Unix/Linux-based mail transfer agents , presumably this can also be done with MS Exchange .
So the breathless report that 100 \ % of the spoofed messages got through just indicates the low priority spoofing has in those administrators ' minds .</tokentext>
<sentencetext>Dark Reading (ooh, spooky) as is their wont, lists no actual details so we don't know what the guy actually did.
But mail clients in general are pretty hopeless at interpreting "who" a message is from.
There are several fields that can be used - the actual sending address (the "mail from: " in the SMTP exchange), Reply-to:, From: Sender:.
There is no agreed prioritisation that I know of as to what actually goes in the "From" that we see in the client...I once had a weird circumstance where messages from a mail script I wrote using the MIME::Entity perl module were being received as from "nobody".
I hadn't specified the sender field in the entity mail object and the module thoughtfully provided one for me, using the owner of the process running the script.
So even though the reply-to and from fields were correctly set, I got a number of calls about who this nobody was....One can prevent spoofed email using filters, etc, at least with Unix/Linux-based mail transfer agents, presumably this can also be done with MS Exchange.
So the breathless report that 100\% of the spoofed messages got through just indicates the low priority spoofing has in those administrators' minds.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</id>
	<title>so?</title>
	<author>spiffmastercow</author>
	<datestamp>1262775900000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext>I didn't RTFA, but I'd be pissed if my email server filtered out someone's email just because they had the name "Bill Gates".  You know the famous one doesn't have a monopoly on that name, right?</htmltext>
<tokenext>I did n't RTFA , but I 'd be pissed if my email server filtered out someone 's email just because they had the name " Bill Gates " .
You know the famous one does n't have a monopoly on that name , right ?</tokentext>
<sentencetext>I didn't RTFA, but I'd be pissed if my email server filtered out someone's email just because they had the name "Bill Gates".
You know the famous one doesn't have a monopoly on that name, right?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676732</id>
	<title>Re:What a crap story</title>
	<author>Chapter80</author>
	<datestamp>1262781120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Firstly why is MS singled out in the slashdot version of the story? 100\% of mail products failed this so called test.</p></div><p>New here?  Best way to get to the front page of Slashdot is to bash Microsoft.</p></div>
	</htmltext>
<tokenext>Firstly why is MS singled out in the slashdot version of the story ?
100 \ % of mail products failed this so called test.New here ?
Best way to get to the front page of Slashdot is to bash Microsoft .</tokentext>
<sentencetext>Firstly why is MS singled out in the slashdot version of the story?
100\% of mail products failed this so called test.New here?
Best way to get to the front page of Slashdot is to bash Microsoft.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676434</id>
	<title>No surprise - SMTP is unauthenticated by design</title>
	<author>Anonymous</author>
	<datestamp>1262779800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Email is broken; bootstrapping garbage like SPF, DomainKeys, SenderID, or whatever you want to it is not going to fix it.   The entire thing needs to be scrapped and rebuilt.</p></htmltext>
<tokenext>Email is broken ; bootstrapping garbage like SPF , DomainKeys , SenderID , or whatever you want to it is not going to fix it .
The entire thing needs to be scrapped and rebuilt .</tokentext>
<sentencetext>Email is broken; bootstrapping garbage like SPF, DomainKeys, SenderID, or whatever you want to it is not going to fix it.
The entire thing needs to be scrapped and rebuilt.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676256</id>
	<title>Re:Pretty much anything from linkedin is spam.</title>
	<author>Thelasko</author>
	<datestamp>1262778660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think you are being a bit harsh on Linkedin.  Yeah, there is some spam.  Spam is everywhere.  However, in this economy, corporations are turning to LinkedIn as a recruiting tool.<br> <br>
When a company posts a position on Monster and Careerbuilder (I get spam from both by the way), they are flooded with resumes.  The situation is so bad that their human resources departments don't have the resources to sort through them all.  They therefore use LinkedIn as a search tool for candidates without opening themselves up to a deluge of resumes.<br> <br>
Yeah there is some spam on LinkedIn.  There is spam on other sites as well, but it doesn't mean those sites are worthless.</htmltext>
<tokenext>I think you are being a bit harsh on Linkedin .
Yeah , there is some spam .
Spam is everywhere .
However , in this economy , corporations are turning to LinkedIn as a recruiting tool .
When a company posts a position on Monster and Careerbuilder ( I get spam from both by the way ) , they are flooded with resumes .
The situation is so bad that their human resources departments do n't have the resources to sort through them all .
They therefore use LinkedIn as a search tool for candidates without opening themselves up to a deluge of resumes .
Yeah there is some spam on LinkedIn .
There is spam on other sites as well , but it does n't mean those sites are worthless .</tokentext>
<sentencetext>I think you are being a bit harsh on Linkedin.
Yeah, there is some spam.
Spam is everywhere.
However, in this economy, corporations are turning to LinkedIn as a recruiting tool.
When a company posts a position on Monster and Careerbuilder (I get spam from both by the way), they are flooded with resumes.
The situation is so bad that their human resources departments don't have the resources to sort through them all.
They therefore use LinkedIn as a search tool for candidates without opening themselves up to a deluge of resumes.
Yeah there is some spam on LinkedIn.
There is spam on other sites as well, but it doesn't mean those sites are worthless.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680216</id>
	<title>SPF</title>
	<author>oglueck</author>
	<datestamp>1262858700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>linkedin.com    text = "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"</p></div><p>That is ~all and not -all. So linkedin is happy with any IP sending mail in their name. It will only cause a soft fail and no MTA should reject the message as fake. It's hardly the fault of mail clients here.</p></div>
	</htmltext>
<tokenext>linkedin.com text = " v = spf1 ip4 : 70.42.142.0/24 ip4 : 208.111.172.0/24 ip4 : 64.74.220.0/24 ip4 : 64.74.221.0/26 ip4 : 64.71.153.211 ip4 : 64.74.221.30 ip4 : 69.28.149.0/24 ip4 : 208.111.169.128/26 ip4 : 64.74.98.128/26 ip4 : 64.74.98.16/29 mx ~ all " That is ~ all and not -all .
So linkedin is happy with any IP sending mail in their name .
It will only cause a soft fail and no MTA should reject the message as fake .
It 's hardly the fault of mail clients here .</tokentext>
<sentencetext>linkedin.com    text = "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"That is ~all and not -all.
So linkedin is happy with any IP sending mail in their name.
It will only cause a soft fail and no MTA should reject the message as fake.
It's hardly the fault of mail clients here.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675856</id>
	<title>Re:so?</title>
	<author>earnest murderer</author>
	<datestamp>1262776620000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>The issue isn't who (near as I can tell) as much as it is the commonality of e-mail originating from servers not identified in the e-mail.</p><p>Blocking mail like that was a topic of discussion in the 90's but by that time the number of mail servers that no longer resolved to the domains they serviced were large enough that it was useless anymore.</p><p>I may not have all my facts straight, but that's my understanding.</p></htmltext>
<tokenext>The issue is n't who ( near as I can tell ) as much as it is the commonality of e-mail originating from servers not identified in the e-mail.Blocking mail like that was a topic of discussion in the 90 's but by that time the number of mail servers that no longer resolved to the domains they serviced were large enough that it was useless anymore.I may not have all my facts straight , but that 's my understanding .</tokentext>
<sentencetext>The issue isn't who (near as I can tell) as much as it is the commonality of e-mail originating from servers not identified in the e-mail.Blocking mail like that was a topic of discussion in the 90's but by that time the number of mail servers that no longer resolved to the domains they serviced were large enough that it was useless anymore.I may not have all my facts straight, but that's my understanding.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676624</id>
	<title>Re:so?</title>
	<author>ozmanjusri</author>
	<datestamp>1262780640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>You know the famous one doesn't have a monopoly on that name, right?</i>
<p>
They probably add the term "Microsoft" to the filter.
</p><p>
That one definitely has a monopoly, and was one of the costliest scams of the 20th century,</p></htmltext>
<tokenext>You know the famous one does n't have a monopoly on that name , right ?
They probably add the term " Microsoft " to the filter .
That one definitely has a monopoly , and was one of the costliest scams of the 20th century,</tokentext>
<sentencetext>You know the famous one doesn't have a monopoly on that name, right?
They probably add the term "Microsoft" to the filter.
That one definitely has a monopoly, and was one of the costliest scams of the 20th century,</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680318</id>
	<title>Re:Pretty much anything from linkedin is spam.</title>
	<author>DonCarlos</author>
	<datestamp>1262860560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Linkedin instantly went into my mailservers blacklist.  They're just fucking spammers.</p></div><p>Don't be silly. It's looks a sort of bug in LinkedIn - they aparently do not remove pending requests from user's queue even the request sender was reported by that user as a spammer. Simple as that.</p></div>
	</htmltext>
<tokenext>Linkedin instantly went into my mailservers blacklist .
They 're just fucking spammers.Do n't be silly .
It 's looks a sort of bug in LinkedIn - they aparently do not remove pending requests from user 's queue even the request sender was reported by that user as a spammer .
Simple as that .</tokentext>
<sentencetext>Linkedin instantly went into my mailservers blacklist.
They're just fucking spammers.Don't be silly.
It's looks a sort of bug in LinkedIn - they aparently do not remove pending requests from user's queue even the request sender was reported by that user as a spammer.
Simple as that.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675926</id>
	<title>Re:so?</title>
	<author>kbielefe</author>
	<datestamp>1262776980000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>It wasn't the name he expected to be filtered, but the fact that the email was spoofed, i.e. it appeared to come from a different server than it actually came from.</p></htmltext>
<tokenext>It was n't the name he expected to be filtered , but the fact that the email was spoofed , i.e .
it appeared to come from a different server than it actually came from .</tokentext>
<sentencetext>It wasn't the name he expected to be filtered, but the fact that the email was spoofed, i.e.
it appeared to come from a different server than it actually came from.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30682238</id>
	<title>Re:The Limits of Security</title>
	<author>Anonymous</author>
	<datestamp>1262878980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Privacy.  End of story.</p></htmltext>
<tokenext>Privacy .
End of story .</tokentext>
<sentencetext>Privacy.
End of story.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675948</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675962</id>
	<title>Outlook Express?</title>
	<author>Evro</author>
	<datestamp>1262777100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why would anyone expect the client to be able to filter out phishing attacks, unless it's looking up against some centralized DB?</p></htmltext>
<tokenext>Why would anyone expect the client to be able to filter out phishing attacks , unless it 's looking up against some centralized DB ?</tokentext>
<sentencetext>Why would anyone expect the client to be able to filter out phishing attacks, unless it's looking up against some centralized DB?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30677882</id>
	<title>Re:This is nothing new</title>
	<author>Anonymous</author>
	<datestamp>1262789040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Not sure what country you are writing from, but in the US that would be mail fraud and a felony, I don't think the same applies to spam.</p></htmltext>
<tokenext>Not sure what country you are writing from , but in the US that would be mail fraud and a felony , I do n't think the same applies to spam .</tokentext>
<sentencetext>Not sure what country you are writing from, but in the US that would be mail fraud and a felony, I don't think the same applies to spam.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675856
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676874
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675982
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679510
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676732
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680984
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30685808
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676580
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30677882
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676570
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30681268
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675788
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30682238
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675948
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676884
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676116
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676256
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676700
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30678142
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679984
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675818
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675916
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675904
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675926
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676686
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675788
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676132
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_06_2155218_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676224
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680216
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675858
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680318
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676570
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676256
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676786
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30678480
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676006
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30678142
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676700
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676580
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676732
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675788
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676128
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30681268
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676686
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675682
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675856
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675904
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675926
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676132
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675916
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675818
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679984
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676116
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676884
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675882
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30677882
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30680984
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30685808
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675962
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675982
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676874
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675948
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30682238
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_06_2155218.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30675726
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30679510
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_06_2155218.30676224
</commentlist>
</conversation>
