Are Whitelists The Answer To Spam?
I had trouble recently sending e-mail to a relative of mine. At first I just assumed he was blowing me off, but eventually I found out he was using a whitelist: He defined a list of e-mail addresses from which he is willing to receive e-mail, and e-mail from all other senders is dropped.
People are trying everything to combat spam, and whitelists are one of the simplest and most effective. Theres an obvious problem with them, of course. As with my own example, you cant send mail to someone unless the recipient has put you on his or her list. How do you get them to put you on the list? Send an e-mail asking? Whoops, that wont work. Call them up? Well maybe, but the real point is that its an awkward situation.
On the other hand, whitelists are more reliable than many of the other techniques used by
You can use whitelists halfway, too. In other words, you can use whitelists as part of a multiple-technique approach to spam blocking. Typically, whitelists are evaluated first, and all mail from users on them is let through. In this context, you know at least that there will be no false positives against users on the whitelist. Only mail from presumably less-familiar people is then subjected to other scrutiny.
There are also programs and services that act as whitelist managers, such as Choice-mail by DigiPortal. It doesnt just block unapproved senders; it sends them a form to fill out which, subject to your approval, adds them to the approved list. Matador from MailFrontier has similar capabilities, in addition to using other spam-blocking techniques. There are some technical problems with this approach. Some commercial e-mails that you might want to receive, such as purchase confirmations from an e-commerce vendor, might come from an unpredictable address (my EZPass statements come from firstname.lastname@example.org), and the computer that sent it isnt going to fill out your form.
And beyond that, lets stop for a minute and think about this: Do you really want someone who sends you an e-mail to be presented with what is basically a guard at your door saying, "Show me your papers"? I think it could be very off-putting and will discourage a lot of people from bothering to contact you.
Maybe thats just me. I think its like never picking up your phone and using voicemail to filter your calls: Works for some people, I guess, but like everything else about spam fighting these days, it leaves me unimpressed.
Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.