Dennis Kavadas wrote: > i think we all need to read the TMDA FAQ ! :-) I have read the entire general section. None of it seems to address any of the concerns about TMDA posted by me or anyone else on this list. The only part that's even vaguely relevant to this discussion are sections 1.1 and 1.5. To the extent that these address any of the problems with TMDA, they merely deny they exist. However, both are minor problems, as they affect the person behind the TMDA, not everyone else, so I really don't care.
However, none of the FAQ seems to deal with the real issues with TMDA. Impact on the rest of the world. It all boils down to the basic problem that TMDA is a spam generating system that exacerbates and amplifies the power of joe-jobs. In the case of forged-from spam messages you're sending unsolicited email to an uninterested third party. The vast majority of spam runs do use real addresses. They try not to nonexistent junk addresses, because these are always caught in simple call-back filters. Spammers generally use addresses out of their email database for both To: and From: addresses. Many of these are undeliverable due to being old, but spammers do generally try to use real return addresses. Anyone telling you spammers only or mostly use bogus return addresses either hasn't studied spam extensively or is deluding themselves. Pulling the first spam off the top of NANAS: From: Poste Italiane <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> This is a real commercial site's info contact. http://www.poste.it/azienda/posterisponde/ Gee, I didn't have to try hard to find one that I could confirm as an innocent joe.. As for reading material, I think you need to read the SpamCop Listing criteria: http://www.spamcop.net/fom-serve/cache/14.html Note that any misdirected challenge/response can get you blacklisted in spamcop. ie: if a spammer sends you mail with my address in the return-path and you challenge, your server is now qualified to be spamcop blacklisted. There's a reason for this. You've just spammed someone. I also think you should consider reading: http://kmself.home.netcom.com/Rants/challenge-response.html While it is a rant, it does outline the problems involved in challenge-response systems quite well. TMDA is immune to a few of them, however, TMDA is: Definitely Subject to 0, 2, 6, and 11. Please address these. Subject to 1,4,5, and 9, but the merits here are debatable so they can be ignored as far as I'm concerned. Immune or largely immune to 7. Subject to 8, but the presented argument only applies to people who don't remember what they've sent. Can be made immune to 10, but involves manual whitelisting. Immune to 3 if you run your own, subject if you outsource but the same goes for outsourcing anything.