TMDA's Challenge/Response system

Challenge/Response is an old idea, and one which has been used by mailing list management software for years, but it's surprisingly effective against spam.

Traditional Blacklist-centric Strategy = Allow everything that is not explicitly denied

Traditional anti-spam technical countermeasures are based upon maintaining a "blacklist" containing e-mail addresses, domains, and/or network subnets of known junk-mailers. Or worse, a "profile" of message headers and message body text that fits the software's idea of what a piece of spam looks like.

The problem with this approach is that spammer's intrusion techniques are evolving as fast as your prevention techniques are, so the battle is never ending. Maintaining the blacklist or spam "corpus" is often just as time-consuming as pressing the `Delete' key on the easily recognized junk messages. If wasted time is your biggest complaint with junk e-mail, you can see why these traditional methodologies are flawed.

The chance of accidental "false positives" is also significantly higher with this more complex approach. If you really want effective and reliable UCE control, you need something like TMDA that doesn't rely on heuristics that spammers can work around.

TMDA's Whitelist-centric Strategy = Deny everything that is not explicitly allowed

With TMDA, unrestricted access to your mailbox can no longer be assumed, a premise which spammers rely heavily upon.

The way TMDA thwarts incoming junk-mail is simple yet extremely effective. You maintain a "whitelist" of trusted contacts which are allowed directly into your mailbox. Messages from unknown senders are held in a pending queue until they respond to a one-time confirmation request or "challenge" sent by TMDA. Once they respond to the confirmation, their original message is deemed legitimate and is delivered to you. TMDA then adds their address to your whitelist so they won't have to confirm future messages. To see what the confirmation process looks like, send me a test message, and then reply to the confirmation request.

This methodology has the advantage of being very selective about what it allows in, while at the same time permitting legitimate, but previously unknown senders to reach you.

Optional use of TMDA's tagged addresses will greatly reduce the number of unknown senders who are actually sent a confirmation request.

ChallengeResponse (last edited 2006-09-13 19:04:32 by JasonMastaler)

SourceForge.net Logo