On Fri Feb 01, 2002 at 10:17:59PM -0600, Bryan Paxton wrote:

> > WDYT? I'm thinking of implementing this using a shared whitelist for
> > all mandrakesecure.net mailing lists. Ie. if you post to discuss and
> > confirm your message once, you can post to qmail or snf and never
> > have to see another confirmation message.
> >
> > I'd like to know if you guys think this is a good or bad idea, or if
> > you couldn't care less either way. =) Thanks!
>
> IMHO it's a good idea, but should be tested a bit in a "contained"
> environment, spammers can find a way to circumvent any trap, if the the
> volition is there : )

Absolutely. They could confirm their own messages, and TMDA would be
defeated. At that point, I could blacklist the address, but they
could try from another account.

The premise is that TMDA sends a confirmation message to the
sender.. more often than not, spammers aren't using real addresses so
the confirmations get bounced or >/dev/null and are never responded
to, thus the spam never makes it to the list.

I've been using TMDA personally for a while now and it works great.
Yes, I have gotten one piece of spam, but the spammer had a valid
return address and confirmed it (dOh!).

-- 
MandrakeSoft Security, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
Current Linux kernel 2.4.8-34.1mdk uptime: 12 days 18 hours 7 minutes.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE8Xu5FIEPQ5f5vKv0RAh8LAKC6Fdqwj51adIswlb8Pj7ZIwtIe+ACgybPQ JL0XB1kqPXute+dy5P9Jwv4= =HWkI -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]