"David T. Ashley" <[EMAIL PROTECTED]> writes: > I have not seen this yet (TMDA dropped my SPAM to zero), but this is > a serious point of concern.
I don't feel it's that serious. I don't mind getting one or two spams every month from a spammer who actually did take the time to confirm the message. First, I wasted his time, next I can globally blacklist him, and lastly I can report him if I want since his origin is traceable. That said, 95% of these cases (for me at least) come from a hotmail, yahoo, lycos or mail.com address. Since they don't verify identities when you sign up for such an account, it's harder to trace. > The question is, is there any approach that gives a lot of bang without > inconveniencing real humans who must confirm? Indeed, that is the question. It's a fine line between making it hard for spammers and deterring legitimate contacts from confirming. I'm willing to accept a few spams here and there to keep the confirmation process dead easy for "real" people. I'd say the next step up the latter would be an embedded URL which someone would have to click on to confirm. This would eliminate spam being confirmed by robots (as in Jessica's case I believe) and other such tricks. I'd eventually like to make this configurable so the user had a choice of which authentication scheme to use instead of forcing the reply-to-confirm method. Also provide a "plug-in" sort of thing where users can easily drop in new TMDA authenticators. But, finding time to write all these neat things is always the biggest challenge. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
