IP: this is very interesting.....Tagged Message Delivery Agent (TMDA)

[David Farber <dave () farber net>]

See description at end. Sounds like a good idea indeed djf

> To: dave () farber net
> Subject: this is very interesting.....
> Date: Mon, 24 Dec 2001 17:03:41 -0500
> From: "Mike O'Dell" <mo () ccr org>
>
>
> it requires email from "strangers" to be confirmed.
> it isn't perfect, but it is interesting, and in fact
> the first novel idea i've seen in a while.
>
> ------- Forwarded Message
>
> MessageName: (Message 733)
> From:    "Mike Meyer" <mwm-dated-1009255340.fbc399 () mired org>
> Date:    Wed, 19 Dec 2001 22:42:20 -0600
> To:      "Mike O'Dell" <mo () ccr org>
>
> Subject: Re: TMDA yet again...
>
> The Tagged Message Delivery Agent. It's a spam filtering system that
> works using cryptographically signed addresses. See <URL:
> http://tmda.sourceforge.net/ > for details.
>
>         <mike
>
> ------- End of Forwarded Message


Tagged Message Delivery Agent (TMDA)
TMDA is an OSI certified software application designed to significantly 
reduce the amount of SPAM/UCE (junk-mail) you receive. TMDA combines a 
"whitelist" (for known/trusted senders), a "blacklist" (for undesired 
senders), and a cryptographically enhanced confirmation system (for 
unknown, but legitimate senders). TMDA strives to be more effectual, yet 
less time-consuming than traditional filters.

TMDA's Whitelist-centric Strategy ``Deny everything that is not explicitly 
allowed''

With TMDA, unrestricted access to your mailbox can no longer be assumed, a 
premise which spammers rely heavily upon.

The way TMDA thwarts incoming junk-mail is simple yet extremely effective. 
You maintain a "whitelist" of trusted contacts which are allowed directly 
into your mailbox. Messages from unknown senders are held in a pending 
queue until they respond to a confirmation request sent by TMDA. Once they 
respond to the confirmation, their original message is deemed legitimate 
and is delivered to you. Updating your whitelist insures they won't have to 
confirm future messages. TMDA can even be configured to automatically 
whitelist confirmed senders. To see what the confirmation process looks 
like, try sending me a test message. (NOTE: Confirmed test messages are 
automatically discarded)

This methodology has the advantage of being very selective about what it 
allows in, while at the same time permitting legitimate, but previously 
unknown senders to reach you. TMDA also has several techniques (See the 
Client Configuration section) that allow senders to circumvent the whitelist.

Traditional Blacklist-centric Strategy ``Allow everything that is not 
explicitly denied''

Traditional anti-spam technical countermeasures are based upon maintaining 
a "blacklist" containing e-mail addresses, domains, and/or network subnets 
of known junk-mailers. Or worse, a "profile" of message headers and message 
body text that fits the software's idea of what a piece of SPAM looks like.

The problem with this approach is that spammer's intrusion techniques are 
evolving as fast as your prevention techniques are, so the battle is never 
ending. Maintaining the blacklist is often just as time-consuming as 
pressing the "Delete" key on the easily recognized junk messages. If wasted 
time is your biggest complaint with junk e-mail, you can see why this 
traditional methodology is flawed.

The chance of accidental "false positives" is also significantly higher 
with this more complex approach. If you really want effective and reliable 
UCE control, you need something like TMDA that doesn't rely on heuristics 
that spammers can work around.

TMDA's functionality is based upon the following assumptions about the 
current Internet infrastructure:
You cannot keep your email address secret from spammers.
Content-based filters can't distinguish spam from legitimate mail with 
sufficient accuracy.
To maintain economies of scale, bulk-mailing is generally:
·       An impersonal process where the recipient is not distinguished
·       A one-way communication channel (from spammer to victim)
Spam will not cease until it becomes prohibitively expensive for spammers 
to operate.




For archives see:
http://www.interesting-people.org/archives/interesting-people/