On 10/1/2015 11:18 PM, corta...@gmail.com wrote:
Excuse my probable ignorance of such matters, but would it not then be
preferred to create a whitelist of proven Email servers/ip's , and
just drop the rest? Granted, one would have to create a process to
vet anyone creating a new email server, but would that not be easier
then trying to create and maintain new blacklists?
I have heard that mentioned before. Unfortunately, this wouldn't work:
(1) we already have extensive IPv4 whitelists, many of which are used by
prominent anti-spam blacklists (and ISPs) to prevent false positives.
However, if tomorrow, ALL IPv4 blacklists disappears, and all mail
servers only allowed in the traffic coming from the IPs listed on the
better IPv4 whitelists, then a massive percentage of VERY legit mail
would STILL be blocked. Therefore, if IPv4 whitelists can't keep up in
the IPv4 work, how are they going to do so in the IPv6 world?
(2) Then there is the chicken-N-egg problem. How do you get your mail
delivered if you are a new sender, but aren't on that list yet. How do
you prove your sending practices are valid if you can't get your first
e-mail delivered?
(3) Any solution to that "chicken-N-egg problem"... which tries to
provide some kind of verification of legit senders... is a hoop that the
spammers could jump through just as easily... and they will! (some of
them doing so convince that they are doing nothing wrong because they
were told that the list they bought isn't spam because the recipient
forgot to uncheck a button that said, "receive offers from third parties"!)
(4) and this idea oversimplifies the complexity of the spam problem. For
example, many of the better blacklists know just when it is appropriate
to blacklist that legit sender who sends 100 legit messages a day, but
had a compromised system that triggered 50 thousand spam to be sent out
that day... and the better blacklists are good about delisting that
sender soon after the problem is fixed. But in a whitelist-only world,
you're stuck receiving all that spam!
--
Rob McEwen
+1 478-475-9032
