Messaging & Collaboration - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Messaging & Collaboration


Are Whitelists The Answer To Spam?



 By: Larry Seltzer
2003-03-27
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Messaging & Collaboration story.


Rate This Article:
Poor Best
Maybe they're the only foolproof anti-spam technique, writes Security Supersite Editor Larry Seltzer. But maybe they're also an overreaction.

I had trouble recently sending e-mail to a relative of mine. At first I just assumed he was blowing me off, but eventually I found out he was using a whitelist: He defined a list of e-mail addresses from which he is willing to receive e-mail, and e-mail from all other senders is dropped.

People are trying everything to combat spam, and whitelists are one of the simplest and most effective. Theres an obvious problem with them, of course. As with my own example, you cant send mail to someone unless the recipient has put you on his or her list. How do you get them to put you on the list? Send an e-mail asking? Whoops, that wont work. Call them up? Well maybe, but the real point is that its an awkward situation.

On the other hand, whitelists are more reliable than many of the other techniques used by spam-blocking software. I know from testing these products myself that the heuristic analysis they perform is primitive; all of the products Ive ever looked at have allowed through perfectly obvious spam of the "ARE YOU BALD? GROW YOUR HAIR BACK!!" ilk. And I also know from personal, slightly embarrassing experience, that public blacklists make mistakes. One site I manage for a local community organization got on one of the blacklists because it shared a mail server with another site that had engaged in spamming. I contacted the blacklist organization and was told, although not in so many words, that they didnt care.

Resource Library:

You can use whitelists halfway, too. In other words, you can use whitelists as part of a multiple-technique approach to spam blocking. Typically, whitelists are evaluated first, and all mail from users on them is let through. In this context, you know at least that there will be no false positives against users on the whitelist. Only mail from presumably less-familiar people is then subjected to other scrutiny.

There are also programs and services that act as whitelist managers, such as Choice-mail by DigiPortal. It doesnt just block unapproved senders; it sends them a form to fill out which, subject to your approval, adds them to the approved list. Matador from MailFrontier has similar capabilities, in addition to using other spam-blocking techniques. There are some technical problems with this approach. Some commercial e-mails that you might want to receive, such as purchase confirmations from an e-commerce vendor, might come from an unpredictable address (my EZPass statements come from espmail@ebpp.chase.com), and the computer that sent it isnt going to fill out your form.

And beyond that, lets stop for a minute and think about this: Do you really want someone who sends you an e-mail to be presented with what is basically a guard at your door saying, "Show me your papers"? I think it could be very off-putting and will discourage a lot of people from bothering to contact you.

Maybe thats just me. I think its like never picking up your phone and using voicemail to filter your calls: Works for some people, I guess, but like everything else about spam fighting these days, it leaves me unimpressed.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.



  Reader Comments: Are Whitelists The Answer To Spam?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Messaging & Collaboration Articles          >>> More By Larry Seltzer
 


x}r۸j9km]mGm9ъmyYJ2uT IS$I̙/Oo<xDZ%;Iٖnt7F;vv IM˙s\ؔ]sPç v$wvM2Y*Jd&[%D jہ)}mkJuB;;#|6S%߽w ^{j# KfԚ–~cͧ$֮l) dSkfp,FcwRLr$ȁ_MM[%JD>֥ȏL׶CoIuB)~{ Cw.uj9 Q*Jt/"(?N&&c-rƁwF<3τPcw Ҵv*v_eߌm@x%B*#bF]߂CCI%۝_iؓ6thlMD`YRi 3 LǮmfCÑcsk%R͸>l[Gݑ[sIVHaS/*!)lpe#¼y yN =:tY֡_׽7X7npW0VXMDQwSf>Cɤ:ZdI}9e,f4öCCٰo5VךrXiTJuYT+Y,>[8^p?_gJ]4E?\]HQPw;7@qmkiu]h0:$ݳ7}@ΰ{A~$Fj}&j*D5^Ti& 0h!5fttzzXwt\3a7nJe_P(.C#-b|+0c&_8r O'sKbؽ d=~wt"|c)̠6PGfЪ5+52h^u\\?]s\.Nrڿ"'ݏYᓻ i fɗV`CK'^ϟ6~b M u ôWj6kZᇓeBuwLJ,_WedxBnx~F X-t[%RJ }Syx%FX*V0Ulf5 t @CX&%{c9" :uJP;|s֚NmҌ& 9B:ºm49*蟙$m4@r5YSl؅ ROǯ4'~^,-|EEU>hi"A[0 )J!bV3̤"ȅQ.%mĆ>Le1\aU<:zuwluմ;_ӪKwi~ꞐebO S%g 5F4 ,ieݴ%!g8WoꛛZVa**rkTQnl :2X jXR7D_aY?/(-tsϽC|>ƺ㤞F!|БdmxqZ.wV34!!&Ѐ 'p'rdx c 04Z%mLH#AтMtT:n]`2Z9ܹ L&zt` VGPC_!]7$(@+9=P9qmVl}l`1 >5%G@i0xzODħTI.B$(ZȻ"!Al} [$t XV0( aj <ڦBIgZd&U3,BV-KїPf%i2khƺń(VFN1b(0Vf) "x ӡE~چy#T#Sku  \Qee: Ȕmm15k59,Wfn ()r?\-j5 /SXS:hM>w!O\?CC[y<2 g[BSjj33-F  o _׆K ȁUzqsҝlea88 EGIXI1O] V!2DD+ه0`N,E}GR^!/0iXkJEUߧI?րH{A2,e,r'mwńAu،;$ Ex9E$p}r)S> < ĉσ\׃J]aT$j]~~^)2­qŝa&1 DR)Ö1swliNm*IjEQ)kMf9oi3ۊoiȈ0Aq_8Rd" @~<B+ SK@GYo``EBkǖYCǖbTۜІʋTR=OsP%0Gi}~هF9#*!_0XHH# ,c`sfW S#cq_ҔwDF(/9Ε TNjZ|jwVY=/YQSfca "+0jsq oƁhݤS&Ș-qVcYw7䦢#ÏnR U tT#CWt aX]Qi)Ey׿m?VN_5b:cqiy@8pZᄙ@FKS؇bm/[oVT^NZE[sV‡1wክ54f;UN;pLj' *9qv Ty9kY%f+eEyZiz|yjoC铨gy[ |l LNqFLk 30RSI,9^-(;3ZN6N)0L Ma}VF ϣ1W5% d,fqN'0cp&vN{% Ŝ|{*Z o#eIF:#ݸYxɿ,WE9&OB7 PU ōfπiΉdž m} L m_ۯ `EO7DF3ۭ~D}IufS΁MO0=@"TAұg.@C׳@.l̽QX#G_VUeD4iJY0k % =E:Ћı )&%jĮOm$oy*M8e3 +S`e3jT:~~h+JSad|?T\Q=@Q>M}ݤ1p I<Ä}$RU]}T'FJQi5%~萋IE#G"ZAY_Mkɒ89AKl!/`.P(c/ l`۴^ASV<^ے#tK7A(6=B3tMnio:9Yx\Xv ˽'jD@KY3#nƍj}UNkJZY$t`)۳2%1$tpL\'_ y1ag 3Ao_fC{nߛ5+Kxi/RR;$jyDwvh-6:%5ށ6 `i<~}H(&}́{It0lggahy- @4Qp?p;Wo{K?wHz])ް)o= rHp'B^$'d0 s|\E'7bs0fhRaQ1fF<$FD/h`I3 N/Ns>\zB_j,8Eψa6a.۵}gM w}uYLPH:>h!aPHR ~tIopy .gPd@Anpkz!NUHe*e4Д+%iA%tWx|rHEɉ?ҍB^,})Fy,}y<}_exB+GBə{pXXJqvI#R`~wSP7κr1dy!BΨÍ7E٦Wdf&ubNL5W"v=O?G0 cbwQ(TS1|$-zaeanKlx0g%R蔈'='C8 z>RB'4Iմg28I5F4A2 uID? Mt4DPWhl(lA 5=۴8 .靿ݺmD 0&@v\e(Ӑ` q0w΢@P)V-<(m1> QZ4ղo%ϫ؉Cޣlj9l01B>*]Y/W;GNĶs >#=(3qcvd\Q;yZ1?@8Z7𿲜\ta_9aG|;rsG5\;~OXnxqf='&s9o. cgm:;@FP&w2BZ("Ξk eԇ^Zkݮ2K"W Cӝ떃(>Ilؽ"OwQW$S }GW+u\=eNd?HАZS=ty9#-[O^z햲ܓ{*ǻc Ǯz'ۻ7}Zw[q*AtM<-L?Gfc: M"IYUoȪ̅S.Rډ~'g#3^q:-: `tH_ulF臵4 Z2fP:Y8G׍rǿfcV0ZvW}}e535!i 1N6;xt3_t` QAX倆01VJlϸGJs8<ON&euw#S''Sc3HF#|ky*6-mF@|Pg0\[%f>V*?'%IFܱSo-*_?1;lTŗ̈́P7p&/5;U)&5ŗ.%4y˭(L J қ/Vxe[bv[8׻| NK= 䇷fd2e̖Z5?DI+[bNO^NH -2*f.\sG}w&"L$OCߍa{CrRyJ8Zi^;6ZqD?n;Yp[uQ4d]XF>[*j]iqw{ Jg8fG6!; ɵ΢[( Ms AsCDw4F[laHL&v,?¼2VQj{Niΐ% >*d\5K,ts8= Nۤ&GL'1Ax/i!΋yYqS0]m!Ջh2PI vc"oP2jǡP?mũ=j WQ1f}=tJ7`lVkpP9ŻMzY͈O~ OxڊӪ *鍓nJ+Aל/jGi ԥaJ4^DJ43[ל!r'Y1@T>QSFSQ,$S ?hRp@vc@x;WKT(+w0#7R(7_mo{wۯP$U!ўi3ʨ5XP T!Q«uC>bNxJ:Rth+/2 mF3isWC>gHT|ÜOtVt>ܘY,{k3XvHaB@H H.!Qbmn4M fM۔ij4#nheR\l - 8&@ ֺ 1_6;Byc4ۛvH)ԟQ=ͧȽtD%]hsi<*({Nx=LuØFH>XWU6 ,1\}Rߡ̠Πs~G5Ta2aUC^JhJ؆hvo|9>3=XϾϾϾϾUkOw%h*Y؁C Wf+fw+ .jOr>}i-@]P=)VgN(Jܩr!¥JKw"a-`܊MgQSx 3R6w}彐!^:2h>  ,צt 0*@_X=M~{k)KP.n0(w9q6ŕҥk_m-o@F-[J%h9~(rb>BW:. WuFSȠ3aPPy9TO1 0_$5]R$َmkl:Ћ:auڶwI1 J<G:pF} ۡQsVT?q@apA B+ODشنmސO'd|?Ua_g~(Q`$ȴJt%wRȆ׊!;SblBC؆_߳  M.2DN*4t86?E3VL92 J6N0 j`pEDVStpM{ sZ+<#V K{~i ~G`[@毀Qֱ@{0IȏGP ъÑ@u}3TQ^2jc"<< e\5w͝~KeUL39cG6i=_S⯠œKjgmc%<{1;QYH鎹:-AҘZ?_#{$ @amI^Yx1˧=Mѕs.b m0Fy uM|t#o?n$3u(, @N|MwwkOaR--:'V{Ljc~ pSȯ[^c;I'Hr/TvS;"#ꮽt߹\4d&t"/z~E[pG2(kX5XÈ2C[Ɔc#kx|BEi.*eos"VzjbdFyAx!Fv;Kb+6Q;$IxNkԖ[AXŞ(bY"'"KIEЮ,>0;xX2!ImWʹ<8?ԣTdQ8gFSYh9-115\R;\.iU,VzUdIk2&ϯ cz;H鞐ք1vx*B '95S5RUBI \=`s|IM13[Oka`;Ӛ ]l 4/mLtiN8Ow| e37{urVFc[wnYŞܐ3qmQNa~c,bWo*I@!ijZM2Ӱp-|JY?NRuFwif0fQZEzЋP^Cs2_ +MMihͪ fOPVT8 m+@֔O;P}"Z{4ֱ:j浚V4̻oߓz!OC,L1:Q&\:<~Q-mEZ%!g\"9  r|{\כ9IH.,dȔ/ "ؕ"і ^S"7r&K2;/ 9sF;1CWIе6AVˠ{=YF-h>#Թ|A #167W3 l1V,-^`95Umd[h,K$¨FJ`莥avD ԰t|G*_ˣJ0'M7ZtBLm؜izJ'h#;(qq4ti5&.v1E\4ЍBȪͲ;IoP}sY?e=a ' 2u?|{~B*ZS}}FȚZGnt$"J mk0d!Ո}f˳#qxUE٫7T:u},՜F/|T2/b#ɤ#fg|$zN㘘̥/q!h5: joEֹIv# ,Őy?Z,DWc `xA$!v}靑;va/<~.P_[{oFu..4{,TGG;5fgzr`]Q s-xZC2aK{\v3f!,\oX|J7b7>BZp4pJoV@W*ƈ]aLGp=S1-/ȘhD MQ HxLir tn$%"&Lmahn.K#nNmDRQiM&ct߰^1;x^A L{q]21FaŷA$l;b21rLz=%v tQR*7tQ:.( oIYPXP؟Se4HM)Qw3os# x_"A4`ynʥҩɃ0>]w7qwf+ע1580 1YʮGW`C[Z EY|obL"`A~NRj@̐0~6IJ uXZFB(s WrOc 7ra],#Y#AaGP8Z  +z+MԢ'ITH9#O{ rKwy.f]3{8~ROSz%JuW0`A$i%2ag4t\A%b޻=`f:st./>ӫn > z^uxx Zӷhlԭs?tܿtڻ^^.6_3}m)|Q)XHGYFsevʂP6u\ _c\krxgYx>+ah,.6q΁Eaox+Q^e=DM@_zqwL&ىCUw0Њ?{ʼnt,oo /+{'v鸞+gz^AJOP) ٮ}^0>y>@9y^?wCyA9E^\EA OK@\\%Կ,sU?P?_P_ #,*>~P~]T{]uA$`Nu.qvjUsTP^+ V}QTTTKӂ}(/gu V~a{Y@zguߠ@@OIwy?I+ťfW*7׋K.^Nk8&6/6 h}1Ɨ*#ymo2I&AQFgG6.ȭ-'Hl]=g%x=0?Mu{1پWߕ\~Une+t6Oq22#s"qG\%ӚZn3'r=]b><&G0wͧ,O;H_e,xĿ-¹gݞރ}n#7v:n@x`: ~iMog.[Fpyk;O΋kwWuˈP{vdmoCdy^$ٝy͎|G]xxZLܸʲpoQQ"#25 -'`vYEı`˫B0H_luA;ǫmS<pb2 ?Lo(/ xn'7t0K|7𜙄׌̳*DMi3E am :ИYCɑ ( kDF(l#byCܞ0@PJmXvA-B. c@e7>cc1m=]wvl#vܙ%-H_? T| 5[\6$DRo }J0yNzmp&sˠSC@_ܹeUhJl[9i|sc,["@O2C:24a (fzc< zn> F}L޴ѥ#+nvT'7>5كb2xq}.!XscQ%` }ݿ F;_f%\"d@ƷC0!6WykKE&(Xp\GArl9ww1G-, Hxk͜K@0mҵ@X}qV0[ c/!k$~El=bҶ\)V/bʕ.SܟVgqC{%:n0>~0/rX9>Ŝe5rIȝoz`Z^}.