On Sun, 2005-04-10 at 20:49, David Hoffman wrote: > On Apr 10, 2005 5:11 PM, Scot L. Harris <webid@xxxxxxxxxx> wrote: > > I am just curious how a challenge message gets through to a TMDA user if > > that user has not whitelisted the sender yet. Seems like a difficult > > things to resolve without letting someone easily spoof such a message. > > That is all I am saying. > > Scot, > Sorry, for any misunderstanding. I think the key here is that the > system is only as good as the users who use it, and their > understanding of the system. For example, my TMDA account is set up so > that if I e-mail someone, the address I wrote to is automatically > added to my whitelist. And my reply-to address is encrypted by TMDA so > that even if someone replies to my message, the encrypted reply-to > will be deciphered as a valid address (using TMDA's dated address > function -- the address is valid for a predetermined period of time). > > So what it comes down to is that if Peter Whalley had knowledge of how > to PROPERLY use his system, then he probably would not be generating > flame threads about C/R in the first place. What he SHOULD have done > was to incorporate some type of whitelisting function so that messages > that were sent from users of the list would automatically be accepted. I understand the part you describe above. There does appear to be many options that a user can implement depending on how they want things handled. And I read the FAQ you pointed to. However the FAQ did not spell out how it really resolves the problem when two TMDA users send a message. It seems like it skirts the issue but does imply that there is some "common sense" solution. Reading the section pointed to and section 5.5 it is not clear how two TMDA users could initiate an exchange successfully without one of them whitelisting the other first. Kind of a chicken egg problem. But if it works for you that is fine. Just trying to understand some of the details as it could be a useful tool. But for now I will stick with spamassassin and greylisting. :) quoted from the site: If X uses his common sense, this won't happen. He should simply make sure his message is repliable using one of TMDA's client-side options (see FAQ 5.5). TMDA auto-replies to the envelope sender of the message as all standards-compliant auto-responders should, so even if you don't want to tag your "From:" or "Reply-To" address, you should tag your envelope sender address. FAQ 5.4 details how to do tag your messages using a 'dated' envelope sender address. Another common worry is that two TMDA installations will create a mail loop as they send confirmation requests back and forth. This will not happen, as TMDA is configured to not respond if the message contains identifying characteristics of a mailing list message, bounce message, or auto-response such as the vacation program (or another TMDA message!). Even if this fails, the mail-loop will be stopped by TMDA's auto-response rate-limiting feature that puts a ceiling on the number of messages it sends to a given address in a day. -- Scot L. Harris webid@xxxxxxxxxx Take your Senator to lunch this week.