On Fri, Dec 18, 2009 at 01:18:30PM -0800, Derek Simkowiak wrote: > I still don't use TMDA, because I'm more on the admin side of the > fence, but in principle I don't see why TDMA couldn't solve the spam > problem
TMDA (a) violates the principle of least surprise *on both sides*. If I send you an email from my Blackberry saying "hey, I'm on the Oakland flight instead of SFO" and then turn off the Blackberry because *I'm on the flight*, I'll never get the TMDA challenge, and you'll never get the message.... and we'll both be Put Out... (b) Depends on humans to do something that can easily be implemented with technology. Greylisting, bouncing a message on a 450 Try Again message, is *already part of the RFC's*, is a mature technology, and will kill 90%++ of the spam out there on its own. Its downfall is when a machine gets zombied and you're getting spam from an otherwise legit address... but that's why you have Bayesian analysis software of some sort as a last line of defense. (c) Does what you want to try hardest never to do when killing spam: Cause a false positive. In a world where you scrap for every last cent, you never want an email to get snagged that could be questionable but could be worth six, seven, eight figures. With TMDA *every email* is a false positive unless somebody actively does something about it. Not what you want. (I'm also careful NOT to use not only rfc-ignorant, but *any* blocker who deliberately or otherwise commits collateral damage. Just. Don't.) Yes, I'm an intractable BOFH. I have my reasons. Hopefully they're clear. -- Glenn