I am not a TMDA user or developer, but it does allow for acking of mail that won't pass the challenge/responce (mailling lists, automated e-mails from amazon.com and such).
It keeps a queue of stuff that it didn't let through for a configurable time (24hr default). You have to manually add mailling lists and stuff like that, but you can check your queue if you know something should be hitting it that probably won't pass the challenge/responce. Personally, I think this is the direction e-mail needs to go in. The pitfalls with mailling lists and such need to be solved, which will require everyone to support these methods in their automated e-mail systems, making them much less automated. Spamassassin is used by individuals and server wide deployment, and it's currently not very feasable to implement something like TMDA server-wide to support multiple domains and such, so I'd rather the project stay very seperate from spamassassin. For individual users, I think a TMDA type system can work wonderfully. It does put a small amount of extra work on the users sending mail, but only the first time they want to send a message to a person. Very similar methods are used whenever you sign up for any mailling list by the mailling list software/admin to confirm that you're a real user, and you are who you said you are (so that you can't signup your friend to somepornlist.com without him confirming he wants to signup from his e-mail account). I don't see why it's too unreasonable to ask people that want to send me e-mail that they pass the a similar test: sending them an automated responce that they must reply to in order for me to accept their message. I might be wrong, but until a TMDA-like system is adopted by most users, spammers and viruses will continue to be able to send mail to anyone. Spammers would have to have legitimate mail servers that accept reply's on their spam, and would have to go through every reply and complete it's challenge/responce. A recent article by a spammer (http://online.wsj.com/article_email/0,,SB1037138679220447148,00.html) explained how they do business, and where their profitability points are at. They generally break even at a 0.001% responce rate, and it seems like they usually get somewhere from 0.002% - 0.01% responce rates. There's no way they'd remain anywhere near profitably if they had to work with challenge/responce systems. They'd also be able to be traced, since they'd require a valid return address capable of handling millions of replys. Unfortunately, it'll probably be a long time until wide adoption of systems like that. And until then, at least we've got spamassassin. -- Josh I. On Thu, 21 Nov 2002, Jason Qualkenbush wrote: > > I think you're missing the point of the concept. The user maintains a list > of people he/she want's email from. If that person subscribes to a list, he > puts that into the list and then can get email from that address. The reply > feature is just a way for people that are not on the list can "request" to > be on the accepted list. So it would be like an auto white list, but based > on more of a challenge/response instead of trying to learn patterns. > > I'd love to use a system like that, but I never know ahead of time what > email address a confirmation from amazon.com or whatever is going to come > from. > > I would assume that it would not be to hard to write up some code that would > just check to see if the incoming email was white listed. If not, put the > address into a temp file with a code and send a response to the user with a > code as well. If a response comes back with matching codes, move that > address into the white list. > > -Jason > > > -----Original Message----- > From: Tony Hoyle [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 21, 2002 6:46 AM > To: 'Ronald Wiplinger'; [EMAIL PROTECTED] > Subject: RE: [SAtalk] Is to identify yourself by return email necessary > in the future? > > > > -----Original Message----- > > From: Ronald Wiplinger [mailto:[EMAIL PROTECTED]] > > Sent: 21 November 2002 13:50 > > To: [EMAIL PROTECTED] > > Subject: [SAtalk] Is to identify yourself by return email necessary in > > the future? > > > > I just come accross the article at > > http://slate.msn.com/?id=2074042 which describes that each > > new sender must first himself identify by answering a return message. > > I love that idea! > > > > Is such a module available within SpamAssassin? > > I would like the picture methode, rather, than the just reply methode. > > > Won't work... what about receipts from online transactions? Mailing lists? > > The last thing I would want as a mailing list admin is to be bombarded with > these > things - I'd probably just blacklist the senders permanently. > > This isn't really anything I'd expect SA to have anything to do with - SA > just rates > emails for 'spamminess' it doesn't do anything about them... that's for your > MTA to > sort out. > > Tony > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
