From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/46025
Path: main.gmane.org!not-for-mail
From: David Masterson <dsm@rawbw.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: TMDA (was: new spam functionality added)
Date: 05 Aug 2002 20:28:20 -0700
Organization: Programmer At Large
Sender: owner-ding@hpc.uh.edu
Message-ID: <m2fzxsoecr.fsf@m198-149.dsl.rawbw.com>
References: <m3lm7rya31.fsf@onyx.nimbus.northernlight.com> <oydy9br1xnb.fsf@sam.cs.rice.edu> <ilu3ctz8xja.fsf@latte.josefsson.org> <87y9brejam.fsf@mail.paradoxical.net> <oydu1mf4oxi.fsf@sam.cs.rice.edu> <873ctztyth.fsf@mail.paradoxical.net> <oyd8z3r4nec.fsf@sam.cs.rice.edu> <hhlm7qf22b.fsf@nightshade.la.mastaler.com> <yly9bqexie.fsf@windlord.stanford.edu> <20020801222925.A10502@mastaler.com> <ylbs8lg9ou.fsf@windlord.stanford.edu> <m3vg6tqlo9.fsf_-_@multivac.cwru.edu> <rjit2pkxz4.fsf@zuse.dina.kvl.dk> <m3sn1tp54j.fsf@multivac.cwru.edu> <02Aug5.143835edt.119445@gateway.intersystems.com> <uit2puj8m.fsf@synopsys.com> <02Aug5.174118edt.119294@gateway.intersystems.com>
NNTP-Posting-Host: localhost.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1028604360 8070 127.0.0.1 (6 Aug 2002 03:26:00 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Tue, 6 Aug 2002 03:26:00 +0000 (UTC)
Return-path: <owner-ding@hpc.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 17buys-000263-00
	for <ding-account@gmane.org>; Tue, 06 Aug 2002 05:25:58 +0200
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 17buyU-0001xN-00; Mon, 05 Aug 2002 22:25:35 -0500
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Mon, 05 Aug 2002 22:26:02 -0500 (CDT)
Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id WAA21875
	for <ding@hpc.uh.edu>; Mon, 5 Aug 2002 22:25:47 -0500 (CDT)
Original-Received: (qmail 10293 invoked by alias); 6 Aug 2002 03:25:14 -0000
Original-Received: (qmail 10288 invoked from network); 6 Aug 2002 03:25:14 -0000
Original-Received: from main.gmane.org (80.91.224.249)
  by gnus.org with SMTP; 6 Aug 2002 03:25:14 -0000
Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 17buxS-00024C-00
	for <ding@gnus.org>; Tue, 06 Aug 2002 05:24:30 +0200
Original-To: ding@gnus.org
X-Injected-Via-Gmane: http://gmane.org/
Original-Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 17buxS-000244-00
	for <gmane-emacs-ding@m.gmane.org>; Tue, 06 Aug 2002 05:24:30 +0200
Original-Path: not-for-mail
Original-Newsgroups: gmane.emacs.ding
Original-Lines: 45
Original-NNTP-Posting-Host: m198-149.dsl.rawbw.com
Original-X-Trace: main.gmane.org 1028604270 7939 198.144.198.149 (6 Aug 2002 03:24:30 GMT)
Original-X-Complaints-To: usenet@main.gmane.org
Original-NNTP-Posting-Date: Tue, 6 Aug 2002 03:24:30 +0000 (UTC)
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:46025
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:46025

>>>>> Stainless Steel Rat writes:

> * David Masterson <dmaster@synopsys.com>  on Mon, 05 Aug 2002
> | Do Hotmail (or Yahoo) accounts allow autoconfirmers?

> Automatic confirmation does not yet exist with TMDA, to my
> knowledge.  This is all hypothetical stuff.

So?  If systems like Hotmail and Yahoo that allow anonymous account
generation do not provide a means to use auto-confirmers, then
spammers can't use those systems to combat TMDA.

> | But they have to work harder to do it.

> BS.  One guy needs to program around it for all spammers to benefit.

Talk about hypothetical...

> Putting "spammer@hotmail.com" into your blacklist.  will not stop
> anything from "iamnotaspammer@hotmail.com" from getting through.

In the current scenario, spammers have an advantage in that they are
completely anonymous.  Since all the headers in the spam can be
spoofed, the most you know is the last system to relay the spam to
you.  Basically, you can't trace who sent you the email.

In the TMDA scenario, spammers now have to put some sort of (TBD)
auto-confirmer into place to "get the spam through".  This means that
the "From" or "Reply-to" address on their email now has to be valid so
that TMDA can send confirmation email to their auto-confirmer.
They've now left a set of fingerprints on the email that could come
back to haunt them through legal proceedings.  Not everyone is likely
to "take them to court", but the possibility goes way up under TMDA
(it doesn't have to be an individual, it could be a class action
against the spammer *OR* his ISP).

TMDA might not be a complete *technical* defense against SPAM, but, in
concert with a legal defense, it changes the playing field on the
spammer such that they may not want to play anymore.  At worst, it
should force ISPs to look at holes in their security or face
blacklisting by a class of users.

-- 
David Masterson
dsm@rawbw.com