FROM [email protected]
By JOSHUA QUITTNER
Until last week, Christine Hong, an assistant account executive at the Los Angeles ad agency Poppe Tyson, had never won anything. Then she received E-mail "signed" by Taco Bell president William C. Bell, informing her that from now until the end of October she could order one free lunch a week simply by stopping in at a participating restaurant and uttering this password: "I'd like a Grande Burrito and hold the McSour Cream."
But Hong, who used to work at Taco Bell, is no chump. "I know Taco Bell's president is not named Bell," she says. Hong was a victim of the latest hot prank on the Internet: "FakeMail," a free service that lets fun-loving correspondents send E-mail that looks as if it is from anyone they choose -- Bill Bell, Bill Clinton, Bill Gates or even God.
Hacking E-mail addresses is one of the oldest tricks in cyberspace. But until quite recently the practice required a deeper understanding of the inner workings of the Internet mail system than most users possess. Then last month a programmer in South Florida named Ryan Scott opened a site on the World Wide Web that makes posting a pseudonymous message as easy as filling out a bank's deposit slip. Simply indicate whom the message is directed to and whom it is supposed to be from, type a message in the space provided, hit a button marked send and off it goes-a message that even [email protected] couldn't distinguish from the real thing.
In the four weeks it has been operating, Scott's service has attracted thousands of cutups who have dispatched 18,000 bogus messages to unsuspecting users all over the world. On the same day Hong won her phony prize, other Internet users received celebrity E-mail from the chairman of Microsoft (a handsome job offer), the President of the U.S. (an admonishment to stop reading alt.sex and start studying), supermodel Cindy Crawford (a proposition), the Supreme Being (an invitation to the Second Coming) and Satan (an invitation to eternal damnation).
It's not the perfect prank. It works best if the FakeMail comes from a plausible source with a real, and well-known, E-mail address. And it's more satisfying if the sender can be there when the mail is received to relish his cybersucker punch. ("Gee, I'd love to meet you in your office to discuss that job offer tomorrow at 3 p.m., Mr. Gates .")
It's also easy to go too far. A victim of a not so funny episode at the University of North Carolina fell for a FakeMail message, ostensibly from her boss, announcing that she had been fired. The electronic mailbox of a University of Chicago student was flooded after someone used FakeMail to subscribe him to more than a hundred E-mail discussion groups. Still other victims complain of being set up for sexual harassment and threats. FakeMail incidents got so out of hand at the University of Michigan that a system administrator threatened to block student access to the site.
Scott decided late last week to pull the plug on his own service, at least for a while. What persuaded him was a call from a lawyer who pointed out that if someone committed suicide as a result of a FakeMail message, Scott could be held personally liable. "I never intended for people to hurt one another," he says.
None of this comes as a surprise to Internet veterans, who are all too familiar with the corrosive effect of pseudonymity. "It dilutes trust, and trust is of the essence in any communications regime," says Stewart Brand, co-founder of the Sausalito, California-based Whole Earth 'Lectronic Link, one of the first and best-known online gathering places. Having seen what havoc anonymity can create, the well's creators decided to make every poster accountable for his or her messages. Years later, some well users asked that a portion of the system be set aside for anonymous discussions, arguing that it would allow people to speak more freely about volatile topics. "It was shut down within a week by acclamation," says Brand. "The pathology was exactly what FakeMail encourages-people pretended to be other people and mocked each other viciously, free of any possible reprisal."
Scott says he just wanted to have a little fun and -- fingers crossed -- generate business for his company, NetCreations of Hollywood, Florida, which designs interactive home pages on the Web. He also had a secret agenda: he thought that an onslaught of phony messages would help people understand that nothing should be taken at face value on the Internet.
Scott is keeping a private copy of every message sent so that FakeMailers can be accountable if something terrible happens. Meanwhile, his project achieved at least one of his objectives: it brought him a dozen prospective clients for NetCreations. One of them was a lawyer looking for a way to gussy up his firm's Internet presence -- the very lawyer who broke the bad news about liability. Scott told him that he was convinced that it was time to shut down FakeMail. "Fine," the lawyer replied. "Just give me a minute to send one last message."