On Friday 18 December 2009, Derek Simkowiak wrote:
[snip]
> For those who responded against TMDA: if I set up a procmail bounce
> rule that simply required all email to come with a GPG signature, would
> you reject that for the same reasons you reject TMDA? Or would that be
> acceptable because it's all geeky and strong encryption and whatnot...?
>
Yes. While GPG signatures are a nice idea, it's not practicable to expect
everyone to be able to sign messages. Until it comes built-into MS Outlook
or other programs, it ain't gonna work.
>
> Do you also refuse to post to any forum using CAPTCHA? How dare
> they outsource their [web forum] spam problem onto you! Do you also
> refuse to visit HTTPS sites that don't use a trusted cert? (Accepting
> the cert takes a lot more effort than Reply->Send.) How dare they
> outsource their unwillingness to give Verisign $30 onto you!
>
I *detest* Captcha. I even spent my own money on MySpace to "authenticate"
my account (text message to my cell) so I wouldn't have to use Captcha, for
all the good it did. I still wind up having to use Captcha.
>
> The strongest argument I've seen against TMDA is that it can cause
> joe jobs against the sender's (forged) address. But that is also true
> of mailing list confirmations and vacation auto-responders. So, should
> those also be banned from the Internet?
>
Not everyone has control over their out-of-office/vacation auto-responders. I
know I can either turn it on or turn it off, and I'm the IT Manager at work.
I don't have the granular control to tell it to only reply to inter-company
communications. It replies to *every* message I get. Besides, that's not
the same as "joe-jobbing" someone's email address. Even if someone's sends
an email address to my email while I have a vacation message, you're not
getting blamed for anything. You get a reply to the message forged with
your email address and it notifies you that your email address is being mis-
used. That's actually *helpful* in a way.
