By Stas Bekman.
Published: May 15th 2006
White listing is really an anti-anti-spam solution. It is needed so that you can ensure that certain email is always delivered. Unfortunately at the moment none of the existing techniques to dealing with undesired mail is false-positive-proof, i.e. some legitimate mail will be categorised as undesired email and potentially lost. Therefore you want to be able to to always accept email from certain IP addresses (e.g. businesses you work with).
Normally a white listing process happens before any other filters or triggers are run, so if the outcome was successful no other filter will be run. If you receive a lot of email from the same legitimate recipients, then using a whitelist will also reduce the resources required by the MTA machine.
Sometimes you can accept email based on other metrics. For example you could white lists emails coming from a certain domain address or an email address - however be aware the spammers love faking sender addresses, so quite a lot of undesired email may get through if this technique is used.
As discussed in the article on Reputation Control, a good reputation can be used to whitelist certain hosts.
Here are some vendors that provide whitelists (including open-source solutions). Of course every other vendor supports this or some private list, so only global list providers are listed here:
Forwarder SPF Global Whitelist (http://trusted-forwarder.org/)
Please notify me if you know of others.
And here are some pointers for additional information on the subject: