From
www.tmda.net ...
Messages from unknown senders are held in a pending queue until they respond to a one-time confirmation request sent by TMDA. Once they respond to the confirmation, their original message is deemed legitimate and is delivered to you.
This is a good feature, and it will prevent spam, but it requires intervention on the part of the sender. My ISP tried this out for a while and it was a rousing failure. Many legitimate senders were unable to respond to the message correctly, and got blacklisted because of it. It also has the disadvantage of needing to store all messages (including spam) on the receiving server.
My ISP has switched to a similar system which works on the same principle, but doesn't require user intervention and doesn't require storing the spam in a temporary file. It still tends to blacklist legitimate senders once in a while (a big pain in the butt) but not nearly as often as the response-required system described above. And it does work at preventing spam 100 percent. I never get spam at my oronet address.
Here's how it works without user intervention:
- Root premise: Most spammers fake their return addresses as one of the tricks to disguise where the message originated.
- When a mail comes into my ISP's server, its return address is checked against the existing whitelist and blacklist. If it's on the whitelist, it gets in. If it's on the blacklist, it's bounced.
- If it's not on either the whitelist or the blacklist (i.e., it's a new address), the mail server "soft rejects" the message. This is not a bounce, it's essentially a message to the sending mail server to "try again in a few minutes".
- My ISP sends a test message (within which it states that no reply is needed) to the return address. The only purpose of this test message is to see if the return address bounces.
- If the return address bounces, it goes on the blacklist.
- If the return address does not bounce (within a few minutes), it goes on the whitelist.
- When the sender's mail server re-sends the previously-soft-rejected message, assuming the test message hadn't bounced, since it's now on the whitelist, it gets in and now all messages from that address are whitelisted.
This is neat because it does the same thing that TDMA software does, but without the need for digital signatures, or for user intervention by the sender. And no server storage space is wasted holding spam messages in a queue (the sending server gets to do that).