> The Secretariat tells me that Spammers are responding to TDMA > queries so that their mail goes through. They have made the > suggestion that we clear the list of people once per year. Isn't there an engineering principle that if something is broken, you don't fix it by breaking it even worse? Naive challenge/response systems like TMDA never worked very well, and on today's Internet they've become actively dangerous. About 90% of all email is spam, and just about all spam has a forged return address at a real domain, often taken from the spam list. This means that most TMDA challenges go to innocent bystanders. Given the volume of spam, it also means that even though only a small fraction of addresses send autoresponses, that's enough to badly pollute any system that uses C/R for validation. If you look at the bogus addreses, I would be rather surprised if they weren't mostly random non-spammers that either auto-acked their way in, or else are people like me who ack all challenges because it's the easiest way to get other people's C/R crudware to shut up. There are plenty of workable ways to filter spam. I've found that, ironically, it is particularly difficult to get people to set up effective filters in environments full of grizzled old nerds. A lot opinions about the nature of spam and filters seem to have been formed in about 1999 or 2000 and haven't been re-examined since then, so when I suggest, e.g., that well chosen DNSBLs can knock out 80% of the spam with essentially no false positives, which is true, they don't believe it. Regards, John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf