> An email I got that was filtered out by tmda... > > Has this been a problem for anybody else? Perhaps one of the benefits > of a TMDA is that it requires an intelligent agent to occasionally > parse the filtered mail. (this person actually did, and the message > got through...)
TMDA can be configured in 1,000,000 different ways... some better than others, but if users tag their outgoing mail then this sort of loop shouldn't happen, right? I mean, if I send e-mail to someone who is not currently on any of my lists, then I send out a dated address. If the user I am sending to has TMDA, then they will autoreply to my dated address and I should allow the confirmation to arrive without sending a confirmation of my own (assuming the autoreply arrives within 5 days). One problem you can get into in an extended reply-reply-reply conversation between TMDA users is having to confirm each message (assuming they all arrive with a different dated address). > However I can see this being a problem in the long run as more and > more people move to automated message filtering. Can anybody see this > leading to a RFC on a tmda protocol spec modification to the SMTP > spec? I agree. I think that although this is a fairly minor problem now with so few (percentage-wise, at least) TMDA users out there, it is bound to get worse as more people switch to a solution like this. The correct way (IMHO) to attack this problem is in the creation of an open standard where not only TMDA developers, but users, and developers of other similar products can debate and come to agreement. I think that such a standard should develop: [1] A way to communicate which e-mail address should be added to your confirmed list and how these lists should be searched. [2] A way to insure that an autoreply to one of your own e-mails is sure to get through. > And can anybody see this leading to spam-bots figuring out how to > spoof the > email so it looks like the rule... > headers 'X-Delivery-Agent: TMDA' accept > ...should match, and the junk gets through? > > I don't know if it's possible to spoof that, but I wonder. Yes, I would think a header like that would be easy to spoof. Instead of looking for TMDA headers, we should check (again, IMHO) codes against our crypt_key's. That is something spammers can't spoof. Gre7g. ================================================================= Gre7g Luterman [EMAIL PROTECTED] http://www.templeofluna.com/ Stay informed: http://www.templeofluna.com/keeper/mailinglist.htm Please make sure all emotional baggage is stowed securely in the overhead compartment or underneath the seat in front of you. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
