TMDA Re: [Gllug] New worm doing the rounds?

Bruce Richardson itsbruce at uklinux.net
Wed Feb 11 12:43:10 UTC 2004 

On Tue, Feb 10, 2004 at 04:41:48PM +0000, Rev wrote:
> This one time, at band camp, Bruce Richardson wrote:
> 
> > While we're at it, can we rant about morons who use challenge/response
> > systems like TMDA?  Who are these idiots, deliberately increasing the
> > spam problem for the rest of the world just so that their inboxes can
> > (temporarily) seem a little cleaner?
> 
> People with less faith in human nature than you...  Some might call
> them "realists".

Really?  Is it realistic to increase the spam problem for other people?

> 
> I happily predict that you, and everyone else, will have some form of
> challenge-response filter on your mail box in two years' time.

No chance.  I have no intention of adding to other people's spam
problems.  I've managed to lock down our mail systems so that we send
almost no spurious NDRs and I'm not about to install a system that
creats a whole bunch of spurious challenges.

> 
> I can't see any other way.  Soon as I get some decent infrastructure
> in place, I'll be going that way myself.

Why?  Used by themselves, c/r systems create spurious challenges for
every worm or spam they receive.  So in addition to all the "I couldn't
deliver this virus you never sent" messages, people start getting "Would
you like to confirm that you wanted to sell me a breast enlargement
ointment?" messages as well.  So all that has happened is that the spam
has been shifted from one mailbox to another with a lot of extra
bandwidth wasted.

Some c/r developers say that their systems are meant to be used in
conjunction with other systems that eliminate most of the bogus
messages, so that the c/r system is mostly dealing with genuine people.
But if the other systems can do that successfuly, you have no need of
the bloody stupid c/r system.  If they can't, then the bloody stupid
c/r system is sending out spam.

The TMDA developers are particularly dishonest about this.  Not only do
they not even discuss the potential problems with c/r on their site but
they have actively mocked and attacked people who raise these issues.

C/R systems are stupid, moronic, witless and pointless and do nothing to
resolve the spam problem (the best they can do is move it around a bit).
They are also quite unnecessary.  If spam is going to be tackled, it's
going to be at the system architecture level, with the implentation of
systemls like SPF (http://spf.pobox.com/).  Silly user-space solutions
will do nothing, though Bill Gates hopes to make a lot of money from
them if he can.

-- 
Bruce

Remember you're a Womble.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040211/6c4df581/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list