Post by Wouter VerhelstPost by Marek HabersackPost by Bartosz Fenski aka fEnIoPost by John HaslerWhat you mention as a problem, the fake sender addresses, are really a
problem but, selfishly, I'd rather ignore that issue.
Selfish isn't the word for it. I get damn near as many bogus bounces as
spams.
Yeah. I would kill every administrator which sets notify for sender
about viruses to the address from From: header with a pleasure ;)
Well, that's a bit different story, isn't it?
I don't see how. They both involve automated mails. They both involve
waste of bandwidth. They both result in annoyed people and a worse S/N
ratio in mailboxes of people completely and fully unrelated to the mail
the autoreply was replying to.
How are they a different story?
It is fair to assume that a virus mail has a bogus sender address, it is not
as simple to assume that a mail scored higher than ham has a bogus sender
address. Quite a chunk of mails scored below 4 by SpamAssassin are
legitimate mails that have one or two traits that give them the score and
yet they are perfecly legitimate. That's where are they different - virus
notification has a high probablility of hitting an innocent person, unlike a
tmda challenge.
On our servers we silently trash the virus mails, without responding to
them or generating any automated notification mail, that's obvious, and tmda
is not used by default, that's obvious too. But for personal boxes I think
everybody has the right to use tdma to protect them. Also, ISPs who blindly
treat all bounces as spam should stop doing so, I think. Say, have you ever
mailed Wietse Venema, for instance? If you did, then you know he's got an
autoresponder that will write you back sometimes. Is that a spam? I don't
think so. A certain part of tmda replies will miss the target, of course,
but (again thinking selfishly) in total it will save me/you time we'd take
to read the spam and classify it as spam. It will eliminate quite a deal of
the mails which passed through the SpamAssassin (or other) filters. In the
past 8 days, SpamAssassin let through to my box 293 messages it didn't tag
as spam, 199 of them came to my debian address, all of the 199 through the
debian mailing lists. 20s to open, read, tag, forward to sa-learn for each
of those messages, I've wasted 66 minutes of my time. Is that a lot?
Probably not for a week, but it's 57 hours/year, hours which could be saved
for something better than reading stupid spam. And if you happen to send me
a mail that will be scored above 1.0, then you will have to respond to the
tmda challenge only once - your address will be whitelisted from that moment
on (which, of course, opens up a possibility for forging your address by a
spammer, that's given). One more thing to note - tmda challenges differ a
bit from the MTA bounces, it is very easy to classify the mails based on
that difference (again, another window for spammers, but you can't win it
all) and all that remains to have is a bit of good will and understanding
for people who use tmda and take that small effort to respond to the
challenge (not to mention the responses to challenges can be automated as
well).
So, as long as you are free to be annoyed by tmda responses, I can be as
annoyed by the spam I have to deal with. We both have our reasons, we both
have equal rights and we both are free to do what we do and think what we
think.
regards,
marek