"Friends Only"

Matt Kettler mkettler at evi-inc.com
Mon Oct 2 18:06:00 IST 2006


Greg Borders wrote:
> Greetings list-mates,
> 
> The PHB's have discovered the ability of some mail systems that require
> you to "validate" your address before they will accept messages, thus
> avoiding SPAM.  Example, surgemail has a "Friends System"
> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a
> package that sits between the MTA and MUA and does the authentication.
> 
> Yippie yay, now they want it too. -_-
> 
> Without wanting to spark any further heated debates on autoresponders, 
> I wanted to query the group and see if there was any slick bolt-ons for
> sendmail / MailScanner / Mailwatch out there that might take advantage
> of some whitelisting mechanisms we already have.  I can see potential of
> a custom script within MailScanner that could send a subscribe/verify
> message, and then auto-add to a whitelist upon receiving a proper
> response from the human sender.
> 
> Any ideas folks?

TMDA is the bolt-on I can think of.

That said, systems like this are in effect trusting someone else to do your spam
filtering for you. I personally take the approach of doing whatever I want when
I get a TMDA-type challenge. After all, you're unwillingly foisting your spam
problems into my mailbox. So after pissing me off by spamming me, do you really
expect me to make a reasonable choice for your benefit?


- If I get a challenge for an email I'm pretty sure I did not send, I authorize
it. After all, what do i know, maybe you really did want that pharmacy spam. I'm
just trying to help you receive all the mail you deserve :)

- I also sometimes report the mis-directed TMDA messages to spamcop if I can
prove it wasn't actually sent from my domain. My domain has SPF records, so if
you can't even bother to do a SPF check to eliminate obvious forgeries before
sending me notices, I consider it abuse.

- If I get one for an email I did send, but the content is really only to the
recipients benefit, I refuse to authorize it.

- If I get one for an email that I did send, but is to my benefit, I might
authorize it, unless I can find a way to blame the sender that will cause them
more inconvenience than it does me.


And apparently I'm not the only one who takes to SpamCop'ing TMDA messages:

http://mla.libertine.org/tmda-users/2003-08/msg00171.html

http://www.mail-archive.com/tmda-users@tmda.net/msg07964.html




More information about the MailScanner mailing list