Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Vincent Danen (vdanenmandrakesoft.com)
Date: Mon Feb 04 2002 - 14:25:41 CST
On Fri Feb 01, 2002 at 10:17:59PM -0600, Bryan Paxton wrote:
> > WDYT? I'm thinking of implementing this using a shared whitelist for
> > all mandrakesecure.net mailing lists. Ie. if you post to discuss and
> > confirm your message once, you can post to qmail or snf and never
> > have to see another confirmation message.
> > I'd like to know if you guys think this is a good or bad idea, or if
> > you couldn't care less either way. =) Thanks!
> IMHO it's a good idea, but should be tested a bit in a "contained"
> environment, spammers can find a way to circumvent any trap, if the the
> volition is there : )
Absolutely. They could confirm their own messages, and TMDA would be
defeated. At that point, I could blacklist the address, but they
could try from another account.
The premise is that TMDA sends a confirmation message to the
sender.. more often than not, spammers aren't using real addresses so
the confirmations get bounced or >/dev/null and are never responded
to, thus the spam never makes it to the list.
I've been using TMDA personally for a while now and it works great.
Yes, I have gotten one piece of spam, but the spammer had a valid
return address and confirmed it (dOh!).
-- MandrakeSoft Security, OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
Current Linux kernel 2.4.8-34.1mdk uptime: 12 days 18 hours 7 minutes.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE8Xu5FIEPQ5f5vKv0RAh8LAKC6Fdqwj51adIswlb8Pj7ZIwtIe+ACgybPQ JL0XB1kqPXute+dy5P9Jwv4= =HWkI -----END PGP SIGNATURE-----