--> Monday, February 2, 2004, 1:48:18 PM, [EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] writes:
>> What is the recommended method to deal with this? > See TMDA FAQ 1.13 Yes I had read that before, but I thought there may be something useful to receiving mail from "" <[EMAIL PROTECTED]> as opposed to "[EMAIL PROTECTED]" <John Smith>. Maybe I inferred incorrectly. The FAQ mentions how rare this is, but it's happened to me after only a few days using TMDA. The end result is, I received spam and [EMAIL PROTECTED] is on my whitelist (confirmation list). I think the most likely scenario is as follows : * spammer hijacks server * spammer sends spam * spammer software auto-confirms tmda (and more) * spam delivered successfully * hijacked address whitelisted now * realization of server takeover eventually noticed and fixed The spammer continues this pattern, sending spam from hijacked servers while additionally auto-authenticating originating addresses from which he can forge sending spam from in the future. At the same time, the victim of this hacking spammer is blacklisted by some and still whitelisted by some. When tagged messaging is more popular and used by more than just power users, I think the spammer's hijacked address will stay on many of the whitelists it infiltrated. I am noting all of this for reference, not for complaint. Since no one could immediately see what was happening, I think detailing the most likely scenario could be beneficial for others in the future. I will have to do something about auto-confirms of course, but the FAQ seems to lean toward scenarios which do not involve hijacked servers and their consequences even after the hijacker has been removed. Some problems and solutions easily dismissed in FAQ 1.13 might be concerns in the future. At the very least they should perhaps be noted. In an online world where fraudulent credit card use results in outright theft you can do absolutely nothing about except contact local authorities, I imagine receiving spam will result in even less chance of justice. Eye-candy confirmation as mentioned in the FAQ could fix all of this I suppose, but that's already annoyance due to overuse by bored developers. Perhaps there is something else... any ideas not covered in the FAQ? _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
