Why I use TMDA

Why I use TMDA 16 July 2005 Mine is a sad and familiar story. I was drowning in a deluge of spam (a.k.a. junk email), and it had become such a problem that email was fast becoming useless for me. Having to sort through and delete hundreds of spam emails per day was bad enough. Worse was the increasing frequency with which I was accidentally deleting legitimate email along with the spam.

There are various ways to fight this deluge of spam. The most common is to use a filter that tries to recognise and delete the spam (or, more usually, move it to a spam box for later perusal). This is quite effective. A small amount of spam will not be recognised as such (false-negatives), and will end up in your inbox anyway. But the amount of spam will usually be cut down to a manageable amount, rendering email usable again.

The problem with the filtering approach is the false-positives: legitimate mail that gets mis-identified as spam. Even if it's moved to a spam box rather than deleted, when you're searching through hundreds of spam emails you're almost certain to miss the one or two legitimate mails hiding amongst them, and you'll delete them along with the spam. (At least, that's what I found myself doing.)

A second approach is to use techniques such as domain blocking, real-time blacklists, and other methods of blocking whole groups of addresses known to send spam. But this is really just a variation on filtering (filters usually take the sender's address into account when deciding whether an email is spam or not, as well as the body).

I didn't want to run the risk of someone sending me an email, me deleting it accidentally, and them never knowing that I didn't received it. So I chose to use a third approach: white-list plus challenge/response (plus a number of other features of the impressive TMDA system).

The first part of this system is a `white-list' of email addresses belonging to people I know, or have exchanged email with in the past. Any email from an address on the white-l

Emailing me

Email address

I can be reached by email at toby@dr-qubit.org, associated with this PGP key:

BB74 FB42 4C64 4CB7 3571  39AA A96F 4A67 4DC3 9B79

As of 2 August 2013, I transitioned from an old 1024-bit DSA key to this new 4096-bit RSA key. I will be signing all software releases with the new key. Please also use the new key for all correspondence. See the transition statement to certify the transition, and for more details.

Note that I use FLOSS spam-reduction software called TMDA to protect my addresses from junk-mail.

If you've never exchanged any email with me previously, you'll receive a message asking you to verify your email address. By simply replying to the message (literally just hit "Reply" then "Send"), your original message will be delivered. You'll only have to confirm your address once ever. All subsequent email from that address will be delivered directly.

Academic email

I don't generally use this email address for academic work. For academic-related email, you're better off using my university email address, which isn't protected by such stringent spam filters. It's easy enough to find my university email address online.

If you're an individual researcher, and you send academic-related email to this address, then as long you successfully navigate the anti-spam system your mail will still reach me and I'll read and respond to it. (Though I'll probably reply from my university email account.)

If you're an editor for a journal I've never previously published in, and you send a referee request to me at this address, then your request is very likely to get held in my anti-spam system and ignored. Even if it does get through, it will probably be silently ignored. I take a dim view of journals I have no previous association with sending referee requests to my personal email address, which they can only have found by googling my name, instead of having the common courtesy of looking up my pr