[KLUG Members] Spam and Tagged Message Delivery Agent

members@kalamazoolinux.org members@kalamazoolinux.org
Mon, 11 Mar 2002 21:08:32 -0500 

>I recently came across a different approach to stopping spam called Tagged
>Message Delivery Agent (TMDA) http://software.libertine.org/tmda/
OK, I read this. IMO it's more of the same.... filtration and parsing of 
e-mail headers (and maybe some other things). 
>
>TMDA's Whitelist-centric Strategy   ``Deny everything that is not explicitly
>allowed''
Real-Life analogue to this: Crime's bad out there, but thicker doors and
bigger locks.

Not an effective strategy...oh, maybe so in the short term. The real answer
to "Crime's bad out there" is determining the root causes of crime, and 
solving it. This may vary from (maybe based on your political, ethical, 
moral, etc. outlook) removing some socio-economic deficiency to throwing
dem purps in the hooscow, and building more hooscows as needed. I'm sure
the denizens of this list can think up even more extreme examples.

What these methods have in common is that they carry the course of events
to the criminals. I propose to do the same thing with spammers, carry the
"battle" to them. Huddling behind "thicker doors", better filters and so
on isn't going to get spammers removed from the net.

>I would be interested to know if you or anyone else has had any success
>using this.
I wouldn't have succes with this, because it runs counter to the way I want
to use e-mail, and how I visualize the net at its best.

>It seems to make a lot of sense. Spammers are essentially sending one way
>mail from someone else's open relay or their sites would quickly be put on
>the rbl list and automatically blocked (everyone does real time black hole
>mapping don't they?)
By removing the spammer from the environment, there is no need to do these
checks, or run other things (like filters). 

However, I ran my mailerserver through the paces on the ORDB site you
offered the group, and that's a Good Thing. I'm not saying that just 
because my server passed (polishing fingernails on shirt, inspects
more EXCELLENT work, smirks modestly), but because it's an effective 
way of denying spammers of a resource. If all mail server admins (a
fairly well-qualifed target) simply ran the tests and modified their
configurations so that they passed, it would probably help somewhat.

>So, with TMDA you simply create a whitelist of trusted people from existing
>email addresses, then the first time someone not on the list sends you an
>email, they get an automatic reply from your SMTP server saying something
>like "Hi, if you were really trying to email me....
This might be OK for some business-to-business environments, but it is 
simply not acceptable in general. I really want anyone on the internet
to be able to reach me by e-mail. I think that having to send an extra 
e-mail message is going to have a chilling effect on that.

Also, where is this "list"? If it's on their server, what privacy issues 
are raised? is it secure enough? If it's hosted on one of the machines on
my LAN, how can it be connected to other methods of reading e-mail?

>I haven't tried it yet because I will have to make a compelling case to
>management for the "Deny everything" stance before I can put it in place.
I can see the applicability of this in some business environments, but 
many of us need to be a more open about our e-mail.

And, TMDA or not, the spammers are still going to be there, outside those
ever-thinkening doors, unless someone goes out and deals with the problem,
directly.
							Regards,
							---> RGB <---