Tagged Message Delivery Agent (TMDA) is a challenge/response style anti-spam system which I've been using successfully for about six months. The system is based on a white list. When someone not on the list sends me a message, their message is held in a queue, and a challenge is emailed back to them. When they respond to the message, they're added to my white list, and their original message is delivered to me.
I've seen some resistance to systems like TMDA. This resistance comes in two basic objections: (1) it doesn't work, and (2) it's too rude. These objections are based on encounters with systems with various obvious faults, but condemning all challenge/response systems based on some bad implementations is like saying that cars are a bad idea because the Model A Ford has some problems. I intend to show that TMDA works well and that the real debate is over whether a system like it makes victims out of the people who aren't using it.
Whether challenge/response cuts down on spam is a closed question. I used SpamAssassin for a long time and was very happy with it, but as the flow of spam increased, the flow of false negatives reaching my inbox increased also. When I switched to TMDA, spam stopped dead. Last month I received over 10000 messages. TMDA challenged 1770, and I saw one or two spams.
With that out of the way, lets look at some other non-issues I see raised over and over.
You can't get notices from web sites! You can't do mailing lists! You can't track packages!
I'm on several mailing lists. I get notices from web sites too. With TMDA, when I sign up for these, I can use keyword addresses which pass through without confirmation. If one of them is ever discovered by a spammer, I can dump it. Alternately I can white list the web site's domain.
TMDA is also configured so that when I send a message to one of these lists, it appears to come from the address that I used to subscribe to the list (so I don't have to monkey with it manually in my mailer). For more info, see TMDA FAQ entry 4.8. How do I use TMDA with mailing lists?
Some have complained that challenge/response systems interfere with mailing lists by challenging the list mail that comes in. TMDA specifically tries to avoid that.
E-cards won't work.
I tried sending myself two Yahoo! Greeting cards as a test. In the first test, where Yahoo! asked for the "from" address, I entered an address that is in my white list, and it went through fine. In the second test, I entered a blocked address, and TMDA sent a challenge to Yahoo! (which was ignored). I'm not too concerned about not getting greetings from people I don't know, so this isn't a problem for me.
People using this system have sent me messages, and when I reply to them, I get challenged!
The simplest way to handle this is to automatically white list anyone to whom you send an email. The only problem that has is when you send to a role account (e.g., support@example.com) and get a reply from an individual (e.g., bob_the_tech@example.com). The better solution is to send outgoing mail from a dated address which will pass through TMDA unchallenged until an expiration date. For more detailed information, see the TMDA FAQ item 5.5. When someone replies to my messages, will they get challenged?
Two people using this can't email each other.
This is solved the same way as guaranteeing that when I send a message, the recipient can reply.
Spammers can just set up auto-repliers to get through.
This is covered best in the TMDA FAQ item 1.1. Can't spammers just setup an auto-responder to defeat TMDA? and a little more in 1.13. What do I do when a spammer does confirm their message?
Briefly, if spammers started doing this, there would be two results:
Note that some legislators have tried to force spammers to put valid return addresses on their messages with little effect. TMDA enforces that law in code better than any government.
What about the blind or visually impaired or those who simply fat finger the answer to the challenge?
TMDA uses ordinary email for its challenges, not a challenge image. It doesn't require any functionality outside normal email use. There has been talk of having challenges that require some intelligence to answer, but at the moment it's not necessary.
To fat finger the answer would require some unusual circumstances. The response that's required is to send any message to a unique address, and that address is in the Reply-To header of the challenge. To mess this up, you'd need a mail reader that doesn't honor Reply-To, and you'd have to incorrectly copy the unique address to the mail you try to send.
Spammers forge the address of an innocent victim when they spam, so that bystander will get a huge pile of challenges.
That is unfortunate, but it's no different than:
That last sounds the most like the challenges we're talking about. Should mailing lists stop doing that because of the innocents affected? (Incidentally, TMDA is designed not to try to confirm automated messages like the above.)
My point is that given you have to deal with bogus automatic responses generated by spammers already, this is not such a larger problem. The responses generated by TMDA are made to look automatic to existing software. In these terms, a TMDA user is no more a burden to the network than a user who abandoned an address (perhaps because it was being spammed as heavily as the user who switched to TMDA).
Spammers can hijack it to send to third parties.
They can also do that with the other types of automatic responses mentioned previously.
Spammers forge from legit addresses, hoping to hit your white list.
Since virtually every anti-spam system has a white list, this technique is not specific to TMDA. This technique will become more prevalent as all spam filters get better.
No really, the white list is its Achilles heel!
Spammers can already probe a domain (with a dictionary attack) to find legit email addresses. TMDA doesn't change that. Knowing that, they might try to send to those address with forged messages from other addresses in the domain, hoping that everyone in the company has everyone else white listed. A few points:
Answering a challenge is too great a burden for innocent senders.
This is covered in TMDA FAQ item 1.5. Won't senders just refuse to confirm their messages?
I think that responding to a challenge is no more of a burden than, say, postage. (Postage has a different purpose, but it is still a small barrier to unlimited communication.)
Some people may choose not to correspond with someone on the basis of their usage of a challenge/response system, and that's their prerogative. In a sense, that's collateral damage. I think it's superior to every other collateral damage I've heard of since the people hurt by it are selecting themselves. (Your message isn't important enough to take a minute to confirm? Fine. Your message is too important to be blocked by a RBL or content filter? Tough.) That being the case, I like losing mail that way a lot more than losing it the way I used to (where the victims don't even know it happened). Heck, if some stranger doesn't think their message is worth another minute of time to get it to me, how much can it be worth to me?
This is "guilty until proven innocent"
I can understand an objection to challenge/response if you think of it as an assertion of guilt. I think of it as an assertion of automation. I'm not trying to verify that you're legally allowed to talk to me; I'm trying to verify that you're a human. In this regard, challenge/response is the same as mangling your email address when you publish it so that it won't be found by spammers' harvesting robots. If I say, "my address is kyle@painted.toehold.com (apply nail polish remover to email me)", I'm not asserting guilt. Additionally, this method blocks email from users who are too dim or inexperienced to decipher these tiny intelligence tests.
But there has to be some down side.
In "Reflections on the 25th Anniversary of Spam," Brad Templeton compares various anti-spam systems. He describes content-based filters this way: "In terms of effectiveness, these are 2nd only to challenge/response tools." The TMDA FAQ lists other systems like TMDA.
The last word
Imagine you email someone you don't know. You get back a magic message, which requests politely two small actions: (1) hit "reply", and (2) hit "send". Performing these actions will allow you to communicate freely and reliably with this person (without being filtered for using the wrong words) and virtually eliminate spam from their mailbox. Do you do it?
Votes: 76