Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Blogs

The Spamhaus Whitelist

John Levine

For several months I have been working with the Spamhaus project on a whitelist, which we announced to the public this week. While this is hardly the first mail whitelist, our goals are somewhat different from other whitelists. Think of e-mail as ranging from inky black to pearly white, like this:

Spamhaus' SBL and its other current lists identify mail from the inky black end, sources of mail so consistently unwanted that recipients can reject or discard it without even looking at it. The goal of the Spamhaus whitelist is to identify mail at the other end of the spectrum, sources of mail so consistently wanted that recipients can deliver it without looking at it. This leaves a large grey area in between of mail sources which are neither consistently wanted nor unwanted; this isn't a magic bullet, and recipients will still have have to use other techniques to filter that.

Two categories of mail qualify for the Whitelist:

  • What we call mail from staff, mail sent by individuals who have are employees of or otherwise have a relationship with the operator of the mail system beyond being customers.
  • Transactions, mail directly related to a specific action by the recipient, or reporting the status of an account set up by the recipient. Typical examples would be order acknowledgements, and bank account statements.

There's a lot of other wanted mail that doesn't qualify. Mail sent for third parties, such as mail from ISPs' customers doesn't qualify, nor does any sort of mailing list or bulk mail, no matter how wonderfully opt-in.

The reason for these limits is quite practical — the risk of unwanted mail of these other kinds is significantly greater than for staff mail or transactions, and as anyone familiar with the e-mail business can confirm, it is impossible to tell by looking at mailing list mail whether the recipient asked for the mail, and frequently difficult to tell even with access to logs and business records. So we're sticking to the kinds of mail that are highly wanted and easy to recognize.

For now, as we ramp up, anyone can use the whitelist (details here), but listings are by invitation only.

By John Levine, Author, Consultant & Speaker
Related topics: Email, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

No matter how wonderfully opt-in Alessandro Vesely  –  Oct 16, 2010 8:59 AM PST

Unfortunately, it seems not so straightforward to automatically determine whether a message is a transaction or from the staff.  Does a local part of postmaster or info in the "From" header indicate that?

On the other hand, opt-in procedures could be strengthened quite easily by engaging some third party, such as the subscriber's mailbox provider or a reputation tracker.  Given that DKIM can provide a workable definition of message stream, complaints about unsolicited mail could be solved in a breeze.  Whitelisting those who play correctly would reward and dignify their activity, consolidate the tools, and improve delivery.  Would such white shine less?

Does a local part of postmaster or John Levine  –  Oct 16, 2010 11:08 AM PST

Does a local part of postmaster or info in the "From" header indicate that?

No, of course not. If you could tell staff mail or transactions from spam with a mechanical test, you wouldn't need a whitelist, you could just do perfect filtering.

We're building a network of spamtraps and feedback loops to check compliance.

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

Mobile Internet

Sponsored byAfilias

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.