So no matter what we do we will still send out UCE to the unsuspecting user who had their email address spoofed and we can't detect when that happens.
Until we get an irrate message from them or a spamcop report
At that price... maybe SA is enough... what does TMDA buy me?
Tom
----- Original Message ----- From: "David Grimberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[email protected]>
Sent: Thursday, February 17, 2005 4:41 PM
Subject: RE: TMDA
Both can be faked. As an easy example change the account info in your mail
reader to a different account, or add another account to your readers list
of accounts, then send yourself an email from the spoofed account.
The RFC822 headers are whatever the Mail User Agent (MUA) writes them as, and the SMTP envelope is whatever the MUA tells the SMTP server. Usually these are the same things though they don't have to be.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Moulton tmda Sent: Thursday, February 17, 2005 1:24 PM To: [email protected] Subject: RE: TMDA
> 1) Spammers rarely use the same address for long > 2) Spammers frequently spoof the address they are using so you would be > blacklisting an innocent 3rd party.
When they spoof isn't the RFC822 fake, not the SMTP envelope?
Well behaved TMDAs look at SMTP info not RFC822, right?
> 3) Unless they confirm, they aren't going to get past TMDA anyway.
I think the goal is to reduce the # of challenge messages sent out
tom
_____________________________________________ tmda-users mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-users
_____________________________________________ tmda-users mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-users
_____________________________________________ tmda-users mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-users
