[EMAIL PROTECTED] writes: > --> Monday, February 2, 2004, 1:48:18 PM, [EMAIL PROTECTED] wrote: > >> See TMDA FAQ 1.13 > > Yes I had read that before, but I thought there may be something > useful to receiving mail from "" <[EMAIL PROTECTED]> as opposed > to "[EMAIL PROTECTED]" <John Smith>. Maybe I inferred incorrectly.
TMDA doesn't care about the sender's name in the From: header field. It operates solely based on email addresses. > The FAQ mentions how rare this is, but it's happened to me after > only a few days using TMDA. The end result is, I received spam and > [EMAIL PROTECTED] is on my whitelist (confirmation list). > > I think the most likely scenario is as follows : > > * spammer hijacks server > * spammer sends spam > * spammer software auto-confirms tmda (and more) > * spam delivered successfully > * hijacked address whitelisted now > * realization of server takeover eventually noticed and fixed Based on personal experience and the reports of people on the list, spammers actually cracking systems in order to send spam is very unusual. Systems do get cracked, of course, but generally not by spammers. Usually a system is "hijacked" because it is an open relay, but in that case, no spammer software is running on the system. I think this whole theory is highly conjectural, especially the suggestion that this is a common working approach for spammers. > Since no one could immediately see what was happening, I think detailing > the most likely scenario could be beneficial for others in the future. I still don't think we really know what happened and probably we will never know, unless admins at spammer.com choose to share their configuration information. > I will have to do something about auto-confirms of course, but the FAQ > seems to lean toward scenarios which do not involve hijacked servers > and their consequences even after the hijacker has been removed. Some > problems and solutions easily dismissed in FAQ 1.13 might be concerns > in the future. At the very least they should perhaps be noted. Use TMDA for at least 6 months and then decide if this kind of thing is rare or not, given your particular email habits and the places your address tends to appear. Many of us have used TMDA for years and have seen very few auto-responses. Personally, I see an average of about 6 responses a year from spammers. Finally, two points: FAQ 1.13 also notes, importantly, that TMDA won't eliminate all spam. It just happens to eliminate more than anything else right now, which is the reason many of us use it. Second, FAQ 1.13 points to FAQ 1.1, where Jason notes that, if the balance shifts toward spammers actually responding, TMDA will address the problem. So far, we're nowhere near needing to do that. Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
