T M D A

  
TMDA Homepage TMDA @ SourceForge      
Overview
Introduction
History
Features
Results & Testimonials
TMDA In Use
Press Coverage
 
Usage
Requirements
Download
Installation
Configuration
HOWTOs
 
Support
Troubleshooting
FAQ
Bugs & Patches
Mailing Lists
List Archive
External Resources
 
Author
Jason R. Mastaler
 
© 2001-2002
  

Tagged Message Delivery Agent (TMDA)

TMDA is an OSI certified software application designed to significantly reduce the amount of SPAM/UCE (junk-mail) you receive. TMDA combines a "whitelist" (for known/trusted senders), a "blacklist" (for undesired senders), and a cryptographically enhanced confirmation system (for unknown, but legitimate senders). TMDA strives to be more effectual, yet less time-consuming than traditional filters.

TMDA also acts as a local mail delivery agent, with a flexible filtering language that allows fine-grained control over how incoming and outgoing mail is delivered and sent.

TMDA's Whitelist-centric Strategy   ``Deny everything that is not explicitly allowed''

    With TMDA, unrestricted access to your mailbox can no longer be assumed, a premise which spammers rely heavily upon.

    The way TMDA thwarts incoming junk-mail is simple yet extremely effective. You maintain a "whitelist" of trusted contacts which are allowed directly into your mailbox. Messages from unknown senders are held in a pending queue until they respond to a confirmation request sent by TMDA. Once they respond to the confirmation, their original message is deemed legitimate and is delivered to you. Updating your whitelist insures they won't have to confirm future messages. TMDA can even be configured to automatically whitelist confirmed senders. To see what the confirmation process looks like, try sending me a test message. (NOTE: Confirmed test messages are automatically discarded)

    This methodology has the advantage of being very selective about what it allows in, while at the same time permitting legitimate, but previously unknown senders to reach you. TMDA also has several techniques (See the Client Configuration section) that allow senders to circumvent the whitelist.

Traditional Blacklist-centric Strategy   ``Allow everything that is not explicitly denied''

    Traditional anti-spam technical countermeasures are based upon maintaining a "blacklist" containing e-mail addresses, domains, and/or network subnets of known junk-mailers. Or worse, a "profile" of message headers and message body text that fits the software's idea of what a piece of SPAM looks like.

    The problem with this approach is that spammer's intrusion techniques are evolving as fast as your prevention techniques are, so the battle is never ending. Maintaining the blacklist is often just as time-consuming as pressing the "Delete" key on the easily recognized junk messages. If wasted time is your biggest complaint with junk e-mail, you can see why this traditional methodology is flawed.

    The chance of accidental "false positives" is also significantly higher with this more complex approach. If you really want effective and reliable UCE control, you need something like TMDA that doesn't rely on heuristics that spammers can work around.

TMDA's functionality is based upon the following assumptions about the current Internet infrastructure:
  1. You cannot keep your email address secret from spammers.
  2. Content-based filters can't distinguish spam from legitimate mail with sufficient accuracy.
  3. To maintain economies of scale, bulk-mailing is generally:
    • An impersonal process where the recipient is not distinguished
    • A one-way communication channel (from spammer to victim)
  4. Spam will not cease until it becomes prohibitively expensive for spammers to operate.