Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are People Using TMDA to Kill Spam?

Posted by Cliff on from the driving-down-the-noise-in-your-email-signal dept.

NewtonsLaw writes "With spam becoming an increasingly frustrating part of life in the Net, I have to ask why more ISPs aren't implementing systems such as the excellent Open Source Tagged Mail Delivery Agent (TMDA) strategy? Using this system would mean that only those spammers who used bonafide email addresses in their headers would get through -- and means virtually all the penis enlargement, weight-loss and other scams would be blocked. Even the those habbitual "brand name" spammers (like Real, PayPal, etc) could still be blocked by adding them to the blacklist. With TMDA, email to and from regular correspondents is passed transparently and there's no risk of genuine messages being accidentally discarded by over-active filters. If enough ISPs at least offered TMDA as an option to their users, the effectiveness of spamming could be shattered almost overnight -- oh, wouldn't that be lovely?"

6 of 87 comments (clear)

  1. No spam blocker is perfect... by Anonymous Coward · · Score: 5, Interesting

    Yes, there is a risk of a legitimate messages being blocked, if the sender does not understand the "confirmation request" mail sent by TDMA, is not willing to answer it (think mailing lists), or blocks it as spam.

    A second reason is false positives. Users have really quite different view on them. Some people hate spam so much that to avoid it, they are willing to block a real message every once in a while, and spend lot of time configuring and tuning their filters. For others, hitting "Delete" 30 times a day is less trouble than the nuisance in losing real legitimate messages.

  2. Discussed ad nauseum.... by kawika · · Score: 4, Interesting

    Every time /. does a story on spam we have the debate about address verification. There are plenty of existing "challenge-response" spam control services and the reason they're not widely used is because they still require a lot of manual work to control spam.

    Mailing lists are a simple example. For every mailing list you legitimately want to be on, you will need to manually set up the address on the whitelist because the mailing list software won't repond to the challenge message.

    Now lets say that the mailing list programs make some mods to automatically respond to the message, assuming it has a standard format. Now a spammer can use the mailing list's address as their return address and take advantage of its response to a challenge! Of course, the challenge could contain other validation data such as a reciept number and/or a digital signature but now we're talking about major mods to the Internet's mail infrastructure and mail clients.

  3. Didn't work for me by Anonymous Coward · · Score: 4, Interesting

    I tried TMDA, and I really like it. However, there are some drawbacks that make it impractical for me.

    First of all, I've had trouble white-listing my friends. I could just give them the address ac@mydomain.com and white-list them, but sometimes they will change email addresses or send me mail through a third-party source (like sending a news item from a web page or sending a greeting card). The alternative is to give each friend an tagged address that will go through, but it is hard for them to remember ac-friend-a751af@mydomain.com

    Second, some of my friends can't handle the concept of replying to a message to let their first message through. (Obviously this happens when they use an address that I haven't white-listed.) I've tried to customize the message to make it easy to understand, but I guess I have dumb or stubborn friends. In particular, if a relative sends a joke to me and a long list of other people, and one of those people replies to everyone ("ha, that was really funny!!"), the sender gets really confused about getting a confirmation request from someone they haven't heard of before.

    I've had one on-line store refuse to use my tagged email address because it was too hard to type. (Apparently their brain-dead system had them manually retype the address into another system.) They processed the order, but I didn't get any status from them.

    The killer was my ISP changed the rules on me and doesn't allow having a mail server on my local system. Further more, the provider I was using for out-going mail now blocks mail from my Linux box because they detect it going through exim and declare that it is relaying through their system. (It works for a simple mail client, just not for a MTA!)
    Another provider I could use has their MTA configured such that it doesn't work with the tagged addresses. Of course, many ISPs now block in and outgoing port 25. The anti-spam efforts of ISPs keep breaking my attempts to avoid spam and TMDA is the latest victim.

    Again, I like the concept of TMDA. Jason Mastaler and company did a lot of things right, but it just didn't work out for me. When the general public becomes educated on the concepts and it is easier to find an ISP that will work smoothly with TMDA, I'd be happy to use it again.

  4. Learning Spam Filters by tdemark · · Score: 3, Interesting

    I think many clients are heading in the right direction with spam filters that learn based upon a user saying "This is spam" and "This is not spam".

    Personally, I use SpamAssassin which was primed with 1200 spams and 6000 hams. Since that point, it has captured 200 spams with 0 false positives and 2 false negatives.

    The hard part is priming the databases. Maybe it would be worth it to have a database that can be downloaded and used as an initial point for new users - combined with "Spam", "Not Spam", "Whitelist" buttons in their client to automatically tweak the db to their usage patterns.

    - Tony

  5. I'd love to use a TMDA-like system, but.. by orthogonal · · Score: 2, Interesting
    My ISP doesn't.

    I'd install it myself, as a proxy MTA, but it's not a Mail Transfer Agent; instead it requires one to use one of a particular set of MTA.

    In short, there's not way to use it under Windows or even cygwin (as far as I can tell).

    I wrote much of a TMDA, but never completed it, as a plug-in for Microsoft Outlook -- I abandoned that project when I decided it should be wriiten as an extension of an SMTP/POP3 proxy. (And I wrote it first as a Visual Basic "macro" before I understood how to add plugins written in C++ to Outlook; that was the antithesis of fun.)

    I was unable to find an open source SMTP/POP3 proxy that runs under both Windows and linux -- I've looked, but what I've found has been either for Windows but not linux or vice versa, or SMTP but not POP3 or vice versa. The one thing I've found is Hamster, which is quality software, but written in Delphi, and it doesn't run under linux.

    Basically, I'll use a TMDA as soon as I can run it myself, under Windows -- or the OS of my choice.

    The TMDA softweare currently available seems to be aimed at ISPs, and this seems to be a political decision of the TMDA software authors.
    TMDA is designed to run on the server which receives your incoming mail, not on your desktop workstation.
    ASK [a TMDA-like system --orthogonal] is a Unix/Linux/OSX program. It will not run on Windows servers or workstations. You may however, switch to an Internet/Mail provider that offers ASK services.

    It probably makes some sense, in the long term battle against spam, to keep it off the desktop so as to put pressure on ISPs to install it, but it sure doesn't make it easy for me to use.
    --
    Opinions on the Twiddler2 hand-held keyboard?
  6. What if by satterth · · Score: 2, Interesting
    What would happen if two peole are using ISP's that have TMDA installed, and neither have been confirmed with each other?

    Joe e-mails Fred. Fred's TMDA sends a confirmation e-mail to Joe. And Joe's TMDA sends a confirmation e-mail to the confirmation e-mail, then the cycle continues.

    I don't like the looks of this.

    --
    Being called a dork on Slashdot must be like being called the retard in special ed.