"Ken Hirsch" <[EMAIL PROTECTED]> writes: > If a given sender is well-identified and is known to have a good > anti-spam policy in force, should mail from that server be exempt > from challenge-response and delivered straight to the end-user? > Would you configure your system that way?
A ``good anti-spam policy'' is too vague for me to trust, primarily because it has no accountability. Many ISPs have good intentions and strict usage policies, but are abused by their users. The abusing account is promptly shut down, but that doesn't stop the spam that they already sent me. > So, what do you guys think? Would you consider exempting (e.g.) > BondedSenders? On the other hand, mechanisms which have more severe repercussions for spamming such as BondedSender are more likely to be trusted by me. An ISP for example would be more careful about who they let use the Bonded server. They wouldn't let their dial-up population use it because of the abuse factor. So, yes, I would consider exempting BondedSenders. In general, I'm in favour of any mechanism that allows senders to safely circumvent TMDA's challenge/response system. BondedSender is in principle very similar to Habeas[1], which I support in my own TMDA configuration. Any message containing the Habeas Warrant Mark will be allowed[2] through my TMDA. Should TMDA support these mechanisms out of the box? I don't think so. I've provided the ability to support them easily, but I feel uncomfortable turning them on by default. I think the individual or site should make that choice for themselves. So, it should be easy to exempt Bonded Senders in TMDA by using a 'pipe' rule. We could probably even use the script they provide for procmail[3] after reversing the exit return codes. Untested, but something like this should work: # Accept mail from Bonded Senders pipe '/path/to/procmail-bsp.sh' ok It would be nice if they provided a way to test such configurations through an autoresponder address which generated mail from a Bonded Sender. Perhaps I'll inquire about this. Footnotes: [1] http://www.habeas.com/ [2] http://tmda.net/faq.cgi?req=all#7.3 [3] http://www.bondedsender.org/productsupport/#procmail _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
