[CQ-Contest] authentication for log submission
Katsuhiro Kondou
kondou at voyackey.net
Wed Jun 6 00:24:02 PDT 2012
In article <CANJxhWiPYCcbV1Z9YETdwCaKWZf+P42SEwkna9hwwA1ZUi-7vw at mail.gmail.com>,
Zack Widup <w9sz.zack at gmail.com> wrote,
on "Tue, 5 Jun 2012 11:21:48 -0500";
} And the e-mail of the log
} sent should have all the header info and could be checked with the person
} who supposedly sent the log to verify it came from him/her. An e-mail
} header contains much more information than the sender's supposed e-mail
} address. An e-mail stripped of the headers would be immediately suspicious.
Most of the case, email headers are helpful to understand where it
came from. But strictly speaking, it's not possible to find out who
really sent the message only from email headers. Imagine a case that
the cheater uses the same mail server by chance. 'From' header can
easily be modified for some mailers, so in that sense, no one can
ditinguish between actual station and the cheater only from email
headers. I know this is very unusual case, but there still exists
a possibility. So, I think at least sponsor should be aware of this
if they are going to refer to email headers to examine who sent.
And the situation is changed, if the log is submitted thru web page.
IP address is the only one information which can be trusted. Browser
and language information transferred on HTML can easily be modified.
Even if browser and language information can be found out, they're
not so useful to find out who (s)he is, though. As for IP address,
it may be changed if the submission is done thru dialup connection.
So it's impossible to find out who (s)he is by IP address in this
case.
--
Katsuhiro "Don" Kondou, JH5GHM
Tokyo, JAPAN
More information about the CQ-Contest
mailing list