lotus



previous page: Anti-SPAM Techniques: Grey Listing
  
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
  
next page: Anti-SPAM Techniques: Sender Policy Framework (SPF)

Anti-SPAM Techniques: White Listing




Description

This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.

By Stas Bekman.

Published: May 15th 2006

Anti-SPAM Techniques: White Listing

White listing is really an anti-anti-spam solution. It is needed so that you can ensure that certain email is always delivered. Unfortunately at the moment none of the existing techniques to dealing with undesired mail is false-positive-proof, i.e. some legitimate mail will be categorised as undesired email and potentially lost. Therefore you want to be able to to always accept email from certain IP addresses (e.g. businesses you work with).

Normally a white listing process happens before any other filters or triggers are run, so if the outcome was successful no other filter will be run. If you receive a lot of email from the same legitimate recipients, then using a whitelist will also reduce the resources required by the MTA machine.

Sometimes you can accept email based on other metrics. For example you could white lists emails coming from a certain domain address or an email address - however be aware the spammers love faking sender addresses, so quite a lot of undesired email may get through if this technique is used.

As discussed in the article on Reputation Control, a good reputation can be used to whitelist certain hosts.

Vendors

Here are some vendors that provide whitelists (including open-source solutions). Of course every other vendor supports this or some private list, so only global list providers are listed here:

The Habeas Safelist (http://www.habeas.com/en-US/FAQ_Safelist.php)
is a DNS-based IP address listing of Habeas licensees, each of whom only sends email that meets stringent compliance requirements. The Habeas Safelist is the only whitelist where the senders are warranting the legitimacy of their emailing according to email industry best practices. If an IP address is on the Habeas Safelist, it is legitimate email that consumers want. The list is Free for receivers, but senders need to pay to Habeas so that it can monitor their compliance.

MailChannels, Corp's TrafficControl
Supports whitelisting (Commercial).

The Trusted Forwarder SPF Global Whitelist (http://trusted-forwarder.org/)
(Free) provides a global whitelist (the T-FWL) for users of the SPF system. It provides early adopters of SPF a way of allowing legitimate email that is sent through known, trusted email forwarders from being blocked by SPF checks simply because the forwarders do not use some sort of envelope-from rewriting system.

 

 

 

Please notify me if you know of others.

Related Links

And here are some pointers for additional information on the subject:

  • Sender Policy Framework is supposed to make email address-based whitelisting possible.
  • Whitelist-based spam filtering (http://impressive.net/people/gerald/2000/12/spam-filtering.html) an old but still relevant article about whitelisting by Gerald Oskoboiny
  • RDF for mail filtering: FOAF whitelists (http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html)

Continue reading about other Remedies or jump to the email-related Poisons section.















TOP
previous page: Anti-SPAM Techniques: Grey Listing
  
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
  
next page: Anti-SPAM Techniques: Sender Policy Framework (SPF)