On Wed, Mar 26, 2003 at 06:41:51PM -0700, Jason R. Mastaler wrote: >Another question is, even if they had incentive to do this, what >algorithm would the spammer use to generate a References header >that would slide past my TMDA?
They'd simply collect a valid "Message-ID" from one of the many public emails that I've sent (e.g. to mailing lists) and then stick it into a "References" header. They already harvest my email address, it's not much additional effort to harvest a message-id. The problem, as you point out, is effectively using it. In order to use this to send both you and me a spam, they'd need to include your message-id in the email to you and my message-id in the email to me. And that increases the expense of bulk email since each email has to be customized. So I agree that it's unlikely spammers will do this in the short term. However, in the longer term, I'm not so convinced. Especially as TMDA increases in popularity. The motivation to bypass it is proportionally increased for the spammers. If TMDA gets popular enough there's motivation for spammers to harvest message-ids since their old techniques are becoming less effective. It may be more expensive to send spam than it used to be, but still not cost prohibative to simply instruct a computer to automatically customize the spams so that they'll have a higher degree of deliverability. In any case, I don't plan to use it. Do you plan on implementing this feature to default to on or off? Cheers - Mark _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
