On Sun, Nov 30, 2003 at 11:50:49AM -0600, Tim Legant wrote: > Gerrit Pape <[EMAIL PROTECTED]> writes: > > To make this possible, I suggest that confirmation request messages are > > created with a special Message-ID. The Message-ID of the request > > message is created from the Message-ID of the message that causes the > > confirmation request, by prepending ``confirm-'', and appending the > > local host part[0].
> Maybe I'm missing something, but from what you describe, it sounds > like once TMDA implements this, Joe SpamKing can install qconfirm and > bypass every single TMDA installation. I'm not sure that I can see > why this is desirable.... Hmm, they don't need qconfirm to do this. They could install some simple auto-responder right now, but it costs them lots of resources, and makes it easier to identify them. > Right now, TMDA uses an empty envelope sender (standard bounce sender) > and a Reply-To with the correct address to reply to for confirmation. > This prevents most auto-responders from responding. We've discussed > the possibility of making this more restrictive should spammers begin > auto-responding to the Reply-To, but never less! This is fine; all I'm suggesting is that TMDA creates a special Message-ID for delivery confirmation request messages. I don't think it does any harm, but helps the sender to validate the request. Thanks, Gerrit. -- Open projects at http://smarden.org/pape/. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
