From spaf@cs.purdue.EDU Thu Apr  4 23:11:22 1991
Path: ai-lab!mintaka!mit-eddie!wuarchive!usc!apple!amdahl!walldrug!moscvax!perdue!spaf
From: spaf@cs.purdue.EDU (Gene Spafford)
Newsgroups: news.announce.important,news.admin
Subject: Warning: April Fools Time again (forged messages on the loose!)
Message-ID: <4-1-1991@medusa.cs.purdue.edu>
Date: 1 Apr 91 00:00:00 GMT
Expires: 1 May 91 00:00:00 GMT
Followup-To: news.admin
Organization: Dept. of Computer Sciences, Purdue Univ.
Lines: 25
Approved: spaf@cs.purdue.EDU
Xref: ai-lab news.announce.important:19 news.admin:8235

Warning: April 1 is rapidly approaching, and with it comes a USENET
tradition. On April Fools day comes a series of forged, tongue-in-cheek
messages, either from non-existent sites or using the name of a Well Known
USENET person. In general, these messages are harmless and meant as a joke,
and people who respond to these messages without thinking, either by flaming
or otherwise responding, generally end up looking rather silly when the
forgery is exposed. 

So, for the few weeks, if you see a message that seems completely out
of line or is otherwise unusual, think twice before posting a followup
or responding to it; it's very likely a forgery.

There are a few ways of checking to see if a message is a forgery. These
aren't foolproof, but since most forgery posters want people to figure it
out, they will allow you to track down the vast majority of forgeries:

	o Russian computers. For historic reasons most forged messages have
	  as part of their Path: a non-existent (we think!) russian
	  computer, either kremvax or moscvax. Other possibilities are
	  nsacyber or wobegon. Please note, however, that walldrug is a real
	  site and isn't a forgery.

	o Posted dates. Almost invariably, the date of the posting is forged
	  to be April 1. 

	o Funky Message-ID. Subtle hints are often lodged into the
	  Message-Id, as that field is more or less an unparsed text string
	  and can contain random information. Common values include pi,
	  the phone number of the red phone in the white house, and the 
	  name of the forger's parrot.

	o subtle mispellings. Look for subtle misspellings of the host names
	  in the Path: field when a message is forged in the name of a Big
	  Name USENET person. This is done so that the person being forged
	  actually gets a chance to see the message and wonder when he
	  actually posted it.

Forged messages, of course, are not to be condoned. But they happen, and
it's important for people on the net not to over-react. They happen at this
time every year, and the forger generally gets their kick from watching the
novice users take the posting seriously and try to flame their tails off. If
we can keep a level head and not react to these postings, they'll taper off
rather quickly and we can return to the normal state of affairs: chaos.

Thanks for your support.

Gene Spafford, Net.God (and probably tired of seeing this message)