>>> TMDA 
  
  
( TMDA is looking for a logo! )

Tagged Message Delivery Agent (TMDA)

TMDA is an OSI certified software application designed to significantly reduce the amount of SPAM/UCE (junk-mail) you receive. As a SPAM filter, TMDA combines a "whitelist" (for known/trusted senders), a "blacklist" (for undesired senders), and a cryptographically enhanced confirmation system (for unknown, but legitimate senders). TMDA strives to be more effective, yet less time-consuming than traditional filters.

TMDA also supports special-purpose addresses called "tagged addresses" which increases the transparency of the process for unknown senders by allowing them to safely circumvent the whitelist.

TMDA is also a local mail delivery agent, with a flexible filtering language that allows fine-grained control over how incoming and outgoing mail is delivered and sent.

TMDA's Whitelist-centric Strategy   ``Deny everything that is not explicitly allowed''

    With TMDA, unrestricted access to your mailbox can no longer be assumed, a premise which spammers rely heavily upon.

    The way TMDA thwarts incoming junk-mail is simple yet extremely effective. You maintain a "whitelist" of trusted contacts which are allowed directly into your mailbox. Messages from unknown senders are held in a pending queue until they respond to a one-time confirmation request sent by TMDA. Once they respond to the confirmation, their original message is deemed legitimate and is delivered to you. TMDA then adds their address to your whitelist so they won't have to confirm future messages. To see what the confirmation process looks like, send me a test message, and then reply to the confirmation request.

    This methodology has the advantage of being very selective about what it allows in, while at the same time permitting legitimate, but previously unknown senders to reach you.

    Optional use of TMDA's tagged addresses will greatly reduce the number of unknown senders who are actually sent a confirmation request (only ~6% in my case).

Traditional Blacklist-centric Strategy   ``Allow everything that is not explicitly denied''

    Traditional anti-spam technical countermeasures are based upon maintaining a "blacklist" containing e-mail addresses, domains, and/or network subnets of known junk-mailers. Or worse, a "profile" of message headers and message body text that fits the software's idea of what a piece of SPAM looks like.

    The problem with this approach is that spammer's intrusion techniques are evolving as fast as your prevention techniques are, so the battle is never ending. Maintaining the blacklist or spam "corpus" is often just as time-consuming as pressing the `Delete' key on the easily recognized junk messages. If wasted time is your biggest complaint with junk e-mail, you can see why these traditional methodologies are flawed.

    The chance of accidental "false positives" is also significantly higher with this more complex approach. If you really want effective and reliable UCE control, you need something like TMDA that doesn't rely on heuristics that spammers can work around.

TMDA's functionality is based upon the following assumptions about the current Internet infrastructure:
  1. You cannot keep your email address secret from spammers.
  2. Content-based filters can't distinguish spam from legitimate mail with sufficient accuracy.
  3. To maintain economies of scale, bulk-mailing is generally:
    • An impersonal process where the recipient is not distinguished
    • A one-way communication channel (from spammer to victim)
  4. Spam will not cease until it becomes prohibitively expensive for spammers to operate.