Someone tell this dude...

Scot L. Harris webid at cfl.rr.com
Mon Apr 11 02:18:13 UTC 2005 

On Sun, 2005-04-10 at 20:49, David Hoffman wrote:
> On Apr 10, 2005 5:11 PM, Scot L. Harris <webid at cfl.rr.com> wrote:

> > I am just curious how a challenge message gets through to a TMDA user if
> > that user has not whitelisted the sender yet.  Seems like a difficult
> > things to resolve without letting someone easily spoof such a message.
> > That is all I am saying.
> 
> Scot, 
> Sorry, for any misunderstanding. I think the key here is that the
> system is only as good as the users who use it, and their
> understanding of the system. For example, my TMDA account is set up so
> that if I e-mail someone, the address I wrote to is automatically
> added to my whitelist. And my reply-to address is encrypted by TMDA so
> that even if someone replies to my message, the encrypted reply-to
> will be deciphered as a valid address (using TMDA's dated address
> function -- the address is valid for a predetermined period of time).
> 
> So what it comes down to is that if Peter Whalley had knowledge of how
> to PROPERLY use his system, then he probably would not be generating
> flame threads about C/R in the first place. What he SHOULD have done
> was to incorporate some type of whitelisting function so that messages
> that were sent from users of the list would automatically be accepted.

I understand the part you describe above.  There does appear to be many
options that a user can implement depending on how they want things
handled. And I read the FAQ you pointed to.  However the FAQ did not
spell out how it really resolves the problem when two TMDA users send a
message.  It seems like it skirts the issue but does imply that there is
some "common sense" solution.

Reading the section pointed to and section 5.5 it is not clear how two
TMDA users could initiate an exchange successfully without one of them
whitelisting the other first.  Kind of a chicken egg problem.  

But if it works for you that is fine.  Just trying to understand some of
the details as it could be a useful tool.  But for now I will stick with
spamassassin and greylisting.  :)





quoted from the site:

If X uses his common sense, this won't happen. He should simply make
sure his message is repliable using one of TMDA's client-side options
(see FAQ 5.5). TMDA auto-replies to the envelope sender of the message
as all standards-compliant auto-responders should, so even if you don't
want to tag your "From:" or "Reply-To" address, you should tag your
envelope sender address. FAQ 5.4 details how to do tag your messages
using a 'dated' envelope sender address.

Another common worry is that two TMDA installations will create a mail
loop as they send confirmation requests back and forth.

This will not happen, as TMDA is configured to not respond if the
message contains identifying characteristics of a mailing list message,
bounce message, or auto-response such as the vacation program (or
another TMDA message!). Even if this fails, the mail-loop will be
stopped by TMDA's auto-response rate-limiting feature that puts a
ceiling on the number of messages it sends to a given address in a day.

-- 
Scot L. Harris
webid at cfl.rr.com

Take your Senator to lunch this week.

More information about the users mailing list