On Tue, May 11, 2004 at 07:32:22PM +0100, Neil McGovern scribbled: > On Tue, May 11, 2004 at 07:33:06PM +0200, Marek Habersack wrote: > > On Tue, May 11, 2004 at 06:58:42PM +0200, Bas Zoetekouw scribbled: > > > > You send me a mail. My TMDA generates a response which is sent on _my_ > > > > behalf. I think if you write me, you're expecting a response - how is that > > > > unsolicited? > > > > > > You are missing the point. I was talking about forged from-headers as > > > are frequently used by spammers and virusses. > > > > I have addressed your point in my response, please read it again. > > > > I think what Bas is meaning here is hat you cannot rely on the From > field to work out who sent you a message. If some spammer decides to use > my e-mail address as the From: recepient (and they do), I have not sent > you a mail, but would receive a response from yourself. I know it was what he meant, yep. What I meant though, as far as the tmda challenges are concerned, the possibility of envelope forging doesn't matter - since you ('you' in the general sense) can be sure YOU are not sending spam, thus you will NOT need to answer any TMDA challenges. So, if any TMDA challenge comes to you generated by somebody's mailer because it _thought_ it was you who sent it, you can simply discard the challenge message automatically, causing no harm - since it is certain it wasn't you who sent the challenged message. Therefore the argument that the TMDA challenges may be annoying can be dealt with using filtering. And the filters necessary to discard TMDA challenges should be much simpler and much more reliable than those which deal with spam. I hope it's clear what I meant now :) regards, marek
Attachment:
signature.asc
Description: Digital signature