usenet: The Official sigmond FAQ

Facts
Who is sigmond?

sigmond was a poster that appeared in csma for a brief period of time in January of 2004. He posted with the email . sigmond appeared in a debate between Michael and a number of other posters. As far as can be verified, he didn't participate in a thread where Michael didn't also participate. sigmond had no earlier posting history to usenet prior to that and disappeared quickly when it was claimed he was a sock puppet of Michael. sigmond also posted a specifically poor taste post about another poster in csma, Elizabot. sigmond has since then removed his posts from Google in what appears as an attempt to hide his origin. This means that no references to his actual posts can be made, only to replies to them. (post link) is a reply to the poor taste post from sigmond.
Last updated 2020-12-29 11:57:00
Who is Michael (Snit)?

Michael is an Mac advocate and a frequent poster to csma and has been since 2003-10-07 when he posted his first csma post (post link). Since then he has been deemed a troll by the majority of the people he has been engaged in argument with, including but not limited to, the general group of people that usually are found arguing with the trolls in the group.
Last updated 2020-12-29 11:58:00
What is this about a IP?

Michael posts via SuperNews, which doesn't append a NNTP-Posting-Host header to posts posted through their service, making the posters anonymous, hence the IP of Michael isn't shown in posts he has made through SuperNews. sigmond posted through Google, which does include the NNTP-Posting-Host header and sigmonds IP was 24.117.214.4 and 24.117.214.36. Other IP's that sigmond posted from were:

24.117.41.8
24.117.43.83
24.119.230.189
24.117.214.36
24.116.66.89

Michael has posted, to csma, with these similar IPs:

24.117.43.128
24.117.49.48
Last updated 2008-11-10 11:58:00
Is 24.117.214.4 and 24.117.214.36 Michaels IP?

Yes, it is. He has posted to usenet with this very IP (Google) and sent an email to Steve Mackay (Google) which was verified by Sandman (who was given the password to Steves mail account) (Google). There is no doubt that this is Michaels IP. So, the connection is as follows:

24.117.214.36 - sigmond (post link)
24.117.214.36 - Michaels mail to Mackay (post link)
24.117.214.4 - sigmond (post link)
24.117.214.4 - Michaels post to another group. (post link)

There is no doubt what so ever that this is Michaels IP. These are facts, not opinions.
Last updated 2020-12-29 12:01:00
Is Michael lying?

Yes, he is. Given the actual proof found above, he stills deny that he created sigmond as a sock puppet, which means he is a liar.
Last updated
But you can fake IP addresses, right?

Yes, you can. Plus, you can compromise the security of the servers related to these messages, such as hotmail, google, cableone mailservers and such. But what would the point be for a malicious user to fake an IP address of a user whose IP address is unknown? At the time, no one knew what IP address Michael had, since he used SuperNews, so there wouldn't be a point to post with any IP to try to "frame" Michael. Not until he mailed Mackay (post link) was his IP known. And while one could create a conspiracy theory involving Mackay spoofing this IP, it would be in vain since it was later found that Michael himself had posted to usenet with that very IP, long before all of this ever took place.
Last updated 2020-12-29 12:01:00
What does "unverified" in the mail means?

When looking at the headers of the mail to Steve Mackay from Michael the "Recieved" header contains the word "unverified" close to the IP in question, doesn't that mean it is a fake?

This is the header:

Received: from [192.168.0.2] (unverified [24.117.214.36]) by smail1.cableone.net [...]

No, that's not what it means at all, actually. Most major SMTP (the server that the sending client connects to to send the email to the recipient) have a function called Reverse DNS Lookup they use to verify the path of the email. In the case of this particular mail, the "unverified" part is in reference to the ip preceeding it, and the actual ip is appended after in brackets. If the SMTP (SurgeMail in this case) wouldn't have had this check, the header would have looked like this:

Received: from [192.168.0.2] by smail1.cableone.net

As mentioned, the SMTP is SurgeMail for this particular message, and here is a link to the support mailinglist for SurgeMail and a message from someone who asks about this very feature, and here is a link to the reply, where this process is explained: "unverified is not an error, it means that the server that received the message has not verified the name matches the ip address, which is normal since verifying it takes a lot of time and proves little".

The "name" in this case, is the name given by the sending client, which in this case is 192.168.0.2. The first links display a message from a client claiming to be "host2.clickndrop.com" which has the IP 209.61.131.206, but this hosts DNS isn't set up to reverse the IP either. It's worth noting that the majority of machines with domain names doesn't have Reverse DNS. Normal DNS checks the ip of a host name, while Reverse DNS checks the host of a IP.

Here is a link to the SMTP server for Windows where their version of the same feature is outlined. "If the reverse DNS lookup is successful, the RECEIVED header will remain intact. If the verification is unsuccessful, "unverified" appears after the IP address in the RECEIVED header of the message."

Note the "after" part.
Last updated
Speculations
What's this about a PDF?

Michael has lately trying to forge a PDF to look as if it was forged by Steve Mackay. I have written an exhaustive Digest on the matter that can be found here: Snit Digest, email.pdf edition. Note that this forgery only implies that Michael is guilty, not that he actually is, which is why this question is in the speculation part of the FAQ.
Last updated
Facts
Has Michael countered any of this proof?

In short, no he hasn't. He has commented on the facts, but has never offered any evidence to counter any of them.

He has constructed some far fetched conspiracy theories about sigmond which can be found in (post link) where the only point that tries to counter these facts is that he is pointing to the fact that there has been a poster by the name "Steve Sigmond" and implied that that means Steve Carroll is sigmond, even though that this "Steve Sigmond" hasn't posted since 1993 and never to csma, and never used the IP in question.

One of his latest comments were: "As far as the "evidence" against me, I can not say I can explain it all or even care to... I have made guesses, and if my guess has been shown to not be 100% correct the mere fact that I have guessed has been held against me. All I need to know is my own actions." (post link)

In 2004-08-09 he did, on request by the FAQ author, compile a complete reply to the FAQ, claiming it was now refuted. Unfortunately, he didn't substantiate any of his claims with any facts (apart from a few links regarding the timeline of when sigmond was exposed). See the post at (post link). Ha since then referenced that post as a refutation of the substantiated facts in this FAQ when that clearly isn't the case.
Last updated 2020-12-29 12:02:00
What does Michael say to all of this?

Usually, he will ignore posts containing these facts as much as he can. He will either snip all of the facts away or try to counter it with something irrelevant, like trying to deem this collection of facts as trolling. He fails to realize that this FAQ is a collection of substantiated facts, not speculations.

He has also, during the course of these events, changed his story about the IP address in question.

When first confronted with it, he jokingly said that this sigmond person must have broken into his house (post link), but verified that the IP belonged to the same network he uses.

He then changed his story and claimed that Steve had access to the IP in question (post link), this is the ludicrous and totally illogical conspiracy theory Michael constructed from thin air.

Recently he did however verify that the IP (24.117.214.4) belongs to a "lab" he has used to post to usenet from (post link) - presumably at his school. He claims that all machines there shares this IP, but doesn't mention if it is dynamic or not. This latest admission ties the IP to him more than anyone else in csma, so any made up conspiracy theory is noow out the window.
Last updated 2020-12-29 12:04:00

The Official sigmond FAQ

This is a FAQ created with the sole intention to gather the actual facts surrounding a specific poster on the group comp.sys.mac.advocacy who has been lying about his actions.