Mark Horn <[EMAIL PROTECTED]> writes: > However, it seems relatively simple to spoof.
Though a whitelist is also easy to spoof in concept. TMDA is meant to thwart bulk-mail, which is an impersonal process where the recipient is not distinguished. > To: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > References: <[EMAIL PROTECTED]> The question is, will they do this? Even if they eventually do, it will have saved many unnecessary confirmation requests in the meantime. It's also an optional feature that can be discarded when (if) it breaks down. > If there were a way to verify that the reference was legitimately > created then I'd be more inclined to like this idea and actually use > it in my tmda setup. I guess I'm thinking, for example, if TMDA > rewrote the "Message-ID" with one that was verifiable by TMDA, then > I'd be more inclined to use it. I question whether this will be necessary. I guess if I see evidence of spammers sending messages with bogus MIDs in References/IRT headers, I'll reconsider. It's one of those "let's cross that bridge when we come to it" issues. You'd also lose some flexibility here as you'd need a tmda-sendmail/ofmipd interface again. > The other problem is that a number of MTA's seem to fail to include > "References" header. Yes, but they usually include 'In-Reply-To' if they don't include References. Outlook and mail.yahoo.com's webmail are examples of this. I haven't seen clients who don't use either. I'm referring to true replies of course, not cases where someone composes a new message containing the same Subject---that's not a reply. > This is another reason that I would not be inclined to use this > feature over dated addresses. dated addresses are more reliable, and I also don't see this as a replacement. However, many will never use tagged addresses from their client, either because it's inconvenient to use tmda-sendmail/ofmipd, or for aesthetic reasons. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
