Re: tmda (was Re: Attach filter)
On Sun, Jul 11, 2004 at 05:51:54PM -0700, Karsten M. Self wrote:
> on Sat, Jul 10, 2004 at 10:00:47PM +0200, David Fokkema (dfokkema@ileos.nl) wrote:
> > On Thu, Jul 08, 2004 at 04:46:24AM -0700, Karsten M. Self wrote:
> > > on Fri, Jun 25, 2004 at 12:37:45PM -0600, Monique Y. Mudama (spam@bounceswoosh.org) wrote:
> > > > On 2004-06-25, Paul Johnson penned:
> > > > > --=-=-=
> > > > >
> > > > > "Monique Y. Mudama" <spam@bounceswoosh.org> writes:
> > > > >
> > > > >> You can use procmail, tmda, or any other filtering app for this.
> > > > >> Here's what I have in my tmda configuration:
> > > > >
> > > > > Don't use TMDA. Challenge-response considered harmful.
> > > > >
> > > > > http://kmself.home.netcom.com/Rants/challenge-response.html
> > > >
> > > > Challenge-response isn't the only thing tmda does.
> > >
> > > Granted.
> > >
> > > It's the primary selling point of the tool, however. And much of the
> > > information used to sell it is just plain wrong. This has been detailed
> > > many, many times.
> > >
> > > Jason Mastaler accepts criticism so graciously he's banned me from any
> > > mail access to his domain. Go figure. That's adult, open, honest, and
> > > principled.
> > >
> > > But we'll let the intelligent folks here do the math for themselves:
> > >
> > > http://zgp.org/pipermail/linux-elitists/2003-September/007390.html
> > > http://www.linux.ie/pipermail/ilug/2003-September/006931.html
> > > http://zgp.org/pipermail/linux-elitists/2003-September/007393.html
> > > http://mla.libertine.org/tmda-users/2003-09/msg00270.html
> > >
> > >
> > > There's really nothing to argue about.
> >
> > Karsten, what I really don't get is why a person like you who likes
> > doing research and pressing his points, can't be a little bit more
> > objective now and then. I agree with you (took some time, granted,
> > remember that thread many months ago started by that non-person?) that
> > C-R isn't a good solution to spam, but, if you look at it objectively,
> > there are some points stated in your C-R rant that don't apply to tmda.
> > You should grant them that, I think.
>
> If you'll be specific, I'll address them.
To be specific: C-R - C-R deadlock. BUT, I see that you now have on your
site: 'while some C-R systems might avoid this'. Have you changed this
over the past year? I think that's fair, indeed. Still, I like your
general remark: 'Unfortunately, there will be, and are, many
poorly-designed C-R systems.'
> However:
>
> - The premise of CR _is_ flawed.
>
> - There are problems are inherent and cannot be addressed by technical
> means.
>
> Namely, and these are global problems with C-R:
>
> - Filtering methods don't work. They do. Many TMDA proponents claim
> same (but use TMDA for C-R anyway).
agreed.
> - The premise that I'm responsible for mail claiming to come from me
> is false.
agreed.
> - The premise that responses to challenges can be reliably predicted
> is false. Legitimate senders will refuse to answer challenges.
> Spammers can and do respond to challenges.
not enough data available.
> - The math for C-R simply doesn't scale.
?
> - People's response to C-R is going to be colored by the method as a
> whole. The challenge recipient doesn't know if they've got a
> well-behaved system or not. They know they've received a challenge,
> and that most of same they get are spam. This will be reflected in
> behavior: people will stop responding to challenges. And a lot of
> mail will be lost by users of C-R systems.
agreed, I think.
> These are problems inherent in the system. There are other issues, and
> my initial rant could be revised. The basic truth hasn't changed: C-R
> sends unsolicited mail in bulk. It's spam.
I'm not sure if I agree about that. I think it is something like
subspam. But that is a very personal view.
David
--
Hi! I'm a .signature virus. Copy me into
your ~/.signature to help me spread!
Reply to: