On Fri, Jan 11, 2002 at 12:19:39AM -0800, Bob Miller wrote: >Has anybody here tried TMDA, the Tagged Message Delivery Agent? It's >a mail filter that reduces spam by requiring unknown people to send a >confirmation that they really really want to send you mail.
You'd be suprised at the number of people who get torqued off at having to send a second message to make their first message go through. An associate of mine ran such a setup for several years and received numerous complaints about the requirement that new senders ACK the messages. If I were setting up a purely personal mail address, I'd definitely use something like this these days. However, it's not without it's problems... The first being how you prevent bounces or automated replies from being picked up as an ACK to let a message through. At least an automated reply requires that a spammer be using a valid account, particularly one capable of handling similar volume levels to the number of messages sent out. That's the biggest reason this works, because most spamming relies on sending out huge volumes of mail using a number of other people's servers... When you start trippling the traffic required, it makes it harder for them. You'd probably also need to look into wether some of the consumer protection laws would apply as well. For example, there are fairly heavy penalties for telemarketers who say that they aren't. This is how some of the phone spam prevention measures work, doing something very similar to TMDA. When you call, a device picks up right away and presents a message along the lines of "if you are a telemarketer, put this number on your do not call list. If you are not, push 1". In this case, I think the fine for telemarketers circumventing these systems is fairly high, probably on the order of $500. Something similar may be true for e-mail, but I don't believe it's been tested yet. Laws also have limited impact. Here in Colorado, there is a pretty serious anti-spam law, which specifies $10 per e-mail received for both the recipient and the ISP handling it. It also specifies similar remidies on a per message sent basis for spammers who use somone else's domain as a return address (which happens to us a lot). Unfortunately, this doesn't really help for a number of reasons... First of all, most people sending spam aren't likely to have the money to pay to make it worthwhile. People I've contacted who have been the worst offenders sound like they're little "ma and pa shops". Even if I were to go out to, for example, New Jersey and file the suit, it's unlikely that I'd be able to get $100,000 to $200,000 out of a one-man travel agency. That's the other problem -- you have to file the suit in the defendant's jurisdiction... That's what I know about spam. Sean -- [...] who asked "Why do we do it, this science?" No one had an answer until I stood up and said "Isn't there money in a Nobel?" -- Steve Martin Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
