Gerrit Pape <[EMAIL PROTECTED]> writes: > Hi, to be able to automatically send a reply to delivery confirmation > request messages, the program needs to reliably sort out confirmation > request messages from other delivery notifications (bounces). It also > needs to make sure that the confirmation request message is not forged. > > To make this possible, I suggest that confirmation request messages are > created with a special Message-ID. The Message-ID of the request > message is created from the Message-ID of the message that causes the > confirmation request, by prepending ``confirm-'', and appending the > local host part[0]. > > The latest qconfirm version does this, and it would be nice if tmda and > ask could do this also. Presuming that confirmation request messages > are sent to the envelope sender (should be self-evident), qconfirm then > would be able to auto-confirm delivery of messages to tmda and ask > users. See the documentation[1] for details if you are interested in > how qconfirm does this.
Maybe I'm missing something, but from what you describe, it sounds like once TMDA implements this, Joe SpamKing can install qconfirm and bypass every single TMDA installation. I'm not sure that I can see why this is desirable.... I don't think we're opposed to auto-responding to challenges in principle, but it needs to be implemented in a way that doesn't provide a general key to the user's inbox. We haven't figured out just how to do that, yet. Right now, TMDA uses an empty envelope sender (standard bounce sender) and a Reply-To with the correct address to reply to for confirmation. This prevents most auto-responders from responding. We've discussed the possibility of making this more restrictive should spammers begin auto-responding to the Reply-To, but never less! In fact, that's our very first FAQ: http://tmda.net/faq.cgi?req=show&file=faq01.001.htp Jason is gone for the holiday weekend, but my general feeling is that he's unlikely to add something to TMDA that we expect to have to rip out within a couple of years. However, the decision is his, not mine. These are just my thoughts... Tim _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
