on Thu, Sep 22, 2003, Karsten M. Self" <[EMAIL PROTECTED]> wrote:
>> I really don't see how TMDA relies on spammers spoofing their >> addresses. > > Spammers typically list an address in the 'From:' header that they > don't respond to. In some cases, it's an invalid, undeliverable, > non-resolving address. In others, the domain resolves or the mailbox > actually exists and is deliverable. (Rest of this tedious and redundant explanation of spoofing snipped) > What makes your spam better than the original spammer's? Who said it was better? >> The latter is unfortunate, but TMDA hardly relies on it. It's more of >> a grudging acceptance of reality. Most challenges are sent to spoofed >> addresses, but there's not much anyone can do about that. > > Bollux. There are existing content/context based filters which > discriminate between spam and non spam with better than 98% accuracy, > and less than 0.02% false positive rates. Not bollux. Yes, there are other spam reduction tools, and it would be great if more C/R users put them to use before issuing challenges. I do, and thus very few "C/R spam" messages, as you like to call them, are issued at all. But even in this scenario, the number of challenges sent to spoofed addresses (that get past SpamAssassin) will exceed the number sent to legitimate correspondents. My original point stands: there's not much anyone can do about this. >> It's more important to make sure that (a) recipient in-boxes aren't >> inundated, > > How do you plan to coordinate the actions of your personal C-R node with > that of tens, hundreds, thousands, or millions of other C-R users? Last > I checked, this was technically infeasible. (yawn) >> and (b) valid correspondents are able to get through > > Of course. > >> (albeit after going through the challenge). > > If they're valid in the first place, and you can determine this, why > challenge them? Ego-stroking on your part? ROTFL. Take a chill pill, dude. If messages are flagged as spam, they don't get challenged. If they match the white list, they don't get challenged. Clearly I can't determine whether they are valid if (a) their message passes through SpamAssassin and (b) they aren't on my white list. That's why they get challenged. Your "ego-stroking" assertion is both laughable and sad at the same time. >>> He refuses to respond to them on principle. He claims he is not >>> alone. >> >> I'm sure he is not alone. But I personally have little desire to >> accommodate obstinate folks. That type of response sounds to me like: >> "Sorry, but my time is more important than your time." > > No, it sounds to me like a perfectly valid reaction. Your reason for > sending a challenge is that you can't determine that a given sender is > valid. What's your basis then for deciding that I am the person who has > to solve this problem for you? Because it's my in-box. Not yours. > I receive a fair amount of spam for spam mitigation systems. I'm sorry to hear that. > I suppose by your logic that these are acceptably legitimate mails, as they > are spam in the name of reducing spam. That's what C-R challenges to spoofed > addresses are, after all. As I said before, running SpamAssassin and other spam filtering tools before TMDA renders this point (and nearly all of your other points) quite moot. >> As has been said by others many times before, I refuse (on principle) >> to allow my in-box to become a hell-hole > > If you're swallowing the line that TMDA/C-R is the only way to keep your > inbox clean, you're sadly deluded. A rather silly assumption on your part. I never said TMDA/C-R is the only way. Better to think of it as a useful last line of defense. >> just because a few curmudgeons can't take five seconds out of their >> day to do a one-time confirmation that they're human. > > How many of those five second decisions are going to be based on spoofed > challenges? Given that I'm using other spam filtering tools before TMDA? Almost zero. > Again: what makes your spam more valid than the original spammer's? Again: moot. >> Nobody questions whether C/R is annoying. But to shun it on principle >> is to deny us the one truly useful weapon we have in this war. > > Again, wrong. What is your basis for determining that all other methods > fail? Where is your empirical proof? Not wrong. You're misinterpreting my use of "one truly useful weapon." Clearly tools like SpamAssassin are useful -- just not foolproof. C/R is the one tool that allows me to filter the very few messages that get through. Your stance is: "If very few messages get through, why not just delete them? Why bother with TMDA at all?" Answer: because I choose to. Because I don't like spam. Because very few of my challenges are sent to spoofed addresses. > Peace. I always love it when people make unnecessarily snide remarks and then finish up with a "can't we all just get along?" tagline. Highly comical. Justin _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
