Re: Fwd: Please confirm your message
On Wed, Dec 04, 2002 at 09:22:35AM +0100, Andreas Fuchs wrote:
> On 2002-12-03, Adam McKenna <firstname.lastname@example.org> wrote:
> >> Please enlighten me, anyway: Why is bouncing the full body of the
> >> mail you received from a person who claims to be Adam back to Adam a
> >> good idea?
> > This is an implementation issue, not a philosophical issue.
> This is correct. The system still needs to have the sender acknowledge
> that the message she sent is the one she is replying to, which requires
> at sending at least a little of the message back; pieces of which can
> be spam sent from a malicious user. TMDA source says so, too, in the
> comment to AUTORESPONSE_INCLUDE_SENDER_COPY.
Yes, but this can be set to include only the headers, or none of the
sender's message, if the user desires. It still, at most, includes all
of the information that would be contained in a normal bounce message.
Have you read DJB's modest proposal regarding SMTP traffic?
> > Since I only use TMDA I can't speak for others but TMDA has a
> > CONFIRM_MAX_MESSAGE_SIZE configuration variable, which will exclude
> > the body of the message from the confirmation request if its size
> > exceeds the defined value. The default is 50k.
> Right, and in TMDA there is also MAX_AUTORESPONSES_PER_DAY, which only
> seems to consider messages per sender. I'm not quite convinced that such
> a setup can not be abused as a spam reflector, useless as it may be (it
> bounces the full headers), other than annoying a lot of people. (-:
Any autoresponder can be used as a spam "reflector", so that still doesn't
condemn this particular class of software. There is no amplification effect.
Adam McKenna <email@example.com> <firstname.lastname@example.org>