On 1/16/05 10:00 PM, "Entourage:mac Talk" <[email protected]> wrote:
> [regarding TMDA and similar systems] > >> The problem with this system is it punishes the good: "Prove you did nothing >> wrong". It also makes others responsible, in a way, for your spam problem: "I >> don't want to deal with it so jump through a hoop for my convenience." > > The problem with this interpretation is that it fails to acknowledge that > spam is everybody's problem. It's hardly a chore to reply once to a message > saying "I don't recognize you" to be guaranteed that all your future > messages will be delivered, compared to the strong possibility that some > sort of statistical filter will simply throw your message away and it will > never reach the person. Which one of those is more onerous? In the aggregate, yes. But, managing MY spam is MY problem, just as managing YOUR spam is YOUR problem. As far as onerous, it occurs to me, since I have an evil streak, that a TMDA system is a great spammer ID tool. "Oh look a real email address." I also simply don't see the need to prove my identity when I'm sending a response to a mailing list. Maybe I don't want to directly reply to people. In fact, on lists, I *rarely* do. That's what the list is for. TMDA systems are absolutely stupid WRT mailing lists in my experience. As well, I do a quick review of my spam before I junk it. Takes maybe five minutes a day. That way, my spam is my problem, not anyone else's. > >> I know many mailing lists that will boot you off the list at the first sign >> of such a system, and not let you back on. And yes, it does happen, >> regularly, >> since mail from a mailing list, in non-digest mode, comes from the sender, >> not >> the list. > > If a TMDA-like system is correctly set up, it recognizes mailing list > traffic and lets the mail in. I think a list moderator who would ban > somebody for a single accidental challenge message to the list is an > irresponsible jerk. Do they do the same thing if somebody sets up an > out-of-office autoreply and forgets to unsubscribe to the list? On sysadmin lists? Hell yeah. If you're a sysadmin, it's your job to set your autoresponses correctly. There are regular outbreaks of autoresponders that start looping because the autorespond to the list, get that back, autorespond to that, etc. There's also the opinion that spamming hundreds or thousands of people with your TMDA spam is being just as much of a jerk as a listmom who kills a subscriber for the benefit of the rest of the list. I think that being forced to deal with TMDA messages from someone I don't know on a mailing list is spam, in and of itself. It's an unwanted message from an unknown source requiring me to prove I'm a legitimate user of email, (whatever that actually means), to someone/something I have no way to verify is not a spammer. So, it's not only spam, but an intrusion on my privacy. > >> There are ways, such as Postini, ( a great system), and client anti-spam >> methods that don't require other people to prove their innocence, as it were, >> and they're about as effective. > > Postini doesn't work worth a darn in my opinion. I get WAY too many false > positives, and it has (at least as implemented by my ISP) a ridiculously low > limit on the number of "approved" addresses you can have. That's an implementation issue. I use digital.forest for my ISP, and their postini setup is great. I deal with spam at my leisure, and rarely have a problem. > > FWIW, the system I use is a client-side system called SpamSlam. It doesn't > work flawlessly and it's not updated often -- it was written by a couple of > college students and I think their time is taken up by classes pretty often. > But, it does do the challenge/response thing and has rules and statistical > analysis. I find that the statistical part doesn't work well, so I shut it > off and rely upon the rules and the challenge system. The only stuff that > gets trapped by it on a regular basis are messages from companies (like an > order confirmation) where the reply-to address isn't read by anybody. I'm glad you like it. But challenge response, while acceptable for security from a trusted source, is not correct unless the person responding can verify the trustworthiness of the source, which, in every case I've seen, is impossible. john -- Nihil curo de ista tua stulta superstitione. (I'm not interested in your dopey religious cult.) Jeff La Grua -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
