From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/44074
Path: main.gmane.org!not-for-mail
From: Lloyd Zusman <ljz@asfast.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Spam spam spam spam spam
Date: Sat, 30 Mar 2002 11:56:05 -0500
Organization: FreeBSD/Linux Hippopotamus Preserve
Sender: owner-ding@hpc.uh.edu
Message-ID: <m21ye2ro4a.fsf@asfast.com>
References: <m3hemym5o4.fsf@quimbies.gnus.org>
	<deathsquad.87bsd6ca0t.fsf@blitzkrieg.socha.net>
	<m3zo0qkoe2.fsf@quimbies.gnus.org>
NNTP-Posting-Host: localhost.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1017507432 12779 127.0.0.1 (30 Mar 2002 16:57:12 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sat, 30 Mar 2002 16:57:12 +0000 (UTC)
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.33 #1 (Debian))
	id 16rMAB-0003K0-00
	for <ding-account@gmane.org>; Sat, 30 Mar 2002 17:57:12 +0100
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 16rM9c-0005By-00; Sat, 30 Mar 2002 10:56:36 -0600
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Sat, 30 Mar 2002 10:56:45 -0600 (CST)
Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id KAA19588
	for <ding@hpc.uh.edu>; Sat, 30 Mar 2002 10:56:33 -0600 (CST)
Original-Received: (qmail 1168 invoked by alias); 30 Mar 2002 16:56:20 -0000
Original-Received: (qmail 1163 invoked from network); 30 Mar 2002 16:56:20 -0000
Original-Received: from home.acholado.net (216.27.138.216)
  by gnus.org with SMTP; 30 Mar 2002 16:56:20 -0000
Original-Received: from localhost (localhost [127.0.0.1])
  (uid 501)
  by home.acholado.net with local; Sat, 30 Mar 2002 11:56:05 -0500
Original-To: ding@gnus.org
X-Face: "!ga1s|?LNLE3MeeeEYs(%LIl9q[xV9!<nimJxd1qyQRquvu5XTnZ:_5VE-G&4*EAuW"7oJLIXj'DWrJ0z@,FlwvD2PA@qhQ2R#zgsc14Klk;OSE'*;+l8p?0^nK7*X#0zg5wd^!M^2pg,M4Qd^{1viG;fa{}b.s[?g(x$45c]]=@'ZQ&]sPXl!u:hxBAv>j4#xf4!**BFW_ihlOb;:Slb>)vy>CJM<qjGM,/6C6\|{))YWm6}Q#?3om%n8
In-Reply-To: <m3zo0qkoe2.fsf@quimbies.gnus.org> (Lars Magne Ingebrigtsen's
 message of "Sat, 30 Mar 2002 17:32:05 +0100")
Original-Lines: 52
User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Common Lisp,
 i686-pc-linux)
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:44074
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:44074

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> [ ... ]
>
> My objection to TDMA is basically this -- it requires that the sender
> deals with the problem.  If somebody sends me a mail, I don't want
> them to have to respond to some automatic message before being allowed
> to actually communicate with me.  It seems unneighborly.  And spam
> hasn't annoyed me to that point.  Yet.

I sympathize with you ... I have felt the same way for quite a while.
However, the spam problem is getting ever worse, and so now, I've sadly
changed my mind ... and TMDA looks pretty good to me.  Given the nature
of the email conventions on the net (which were never originally
intended to provide security against unsolicited mass-mailings), I
believe that there is NO algorithm that exists that can examine headers
and content and do an even barely passable job of filtering spam.

One of the philosophies behind TMDA (blacklist by default, whitelist
only as a result of some sort of authentication) seems to be a good
basis for some usable spam protection.  Yes, it requires senders to
authenticate themselves, but as time goes on, I think that people can
get used to that as the normal convention with email.  And it's rather
painless in TMDA: a single reply to a single authentication message does
the trick for any given sender.

And you can pre-whitelist a group of already-trusted senders.  When I
started using TMDA, I ran it in a sort of log-only mode for a while,
causing it to deliver all email as if TMDA wasn't there, but also to log
its idea of the message sender.  After examining the logs that
accumulated, I was able to come up with a set of senders that I could
pre-whitelist.  This set consisted of 90+ percent of the people who
should be on my whitelist.

I then set up the initial whitelist, and re-configured TMDA to start
working the way it's supposed to.  So far, I haven't heard any
complaints from the validly-whitelistable people I had missed, and I
actually have gotten some authentication messages back from people, who
haven't complained in the least.

I'm not saying that TMDA itself is the "be all and the end all" ...  it
still could use some tweaking, and perhaps there is other software that
uses the same philosophy, and which might be more desirable to use.

But I really believe that this philosophy (blacklist all but
authenticated senders) is the way to go these days, if you want to
have any measure of success in blocking spam.


-- 
 Lloyd Zusman
 ljz@asfast.com