Igor Chudov wrote: > I have to respectfully disagree with those who say that whitelisting > my friends is a bad idea. > I never said that whitelisting your friends is a bad idea. I said whitelisting based on email address ALONE is a bad idea in general.
It's a lot better to use tools that are more resistant to forgery, such as whitelist_from_rcvd which matches an email address, AND an email server, or if your friends have domains with SPF, and you've got the SPF plugin loaded, whitelist_from_spf is easy (takes just an email address) and forgery resistant (verifies sending server is in the SPF for the domain). Just keep it in mind that where practical, you should use the "better" tools. > I do realize that spammers use everyone's addresses -- as they are > using mine -- as fake return addresses, just as often as they would > use any other address. > > But the chances of them accidentally using an address of my friend > (even is, say, I add 5,000 emails to my whitelist) to send spam to me, > are approximately 5,000 out of 100,000,000 (hypothetical number of > email addresses available for the random return address pool). That > works out to 0.005% chance. > True, the probabilities are much higher for viruses than spam. At least, until spammers start using bot-miners to research email-acquaintance relationships, which I'm really surprised they haven't done yet. > My experience suggests that I never ever received a spam with my > acquaintaince's email in the From: field. Did not happen. > > The only possibility of me receiving spam from my friends would be if > they were infected by a virus that exploits their address book, but I > am already running a number of virus filters (clamav and my custom > perl scripts rejecting all EXEs, screensavers and other windows junk). > > So, if whitelist_from is scalable to a few thousand addresses, I would > like to use it. > It should be scalable that far. However, I would not take it up above 20,000 or so. Also be aware that the more you have, the more memory SA will take up. So if your server is really low on memory, you'll want to keep it as low as practical. As a reference sa-blacklist consists of 600,000+ blacklist_from commands, and will grind most machines to a halt. On my box it adds 295 megs to the size of a spamd instance, and on top of that it makes it slow as molasses due to the absurd number of rules to test. > I had a few emails from my friends rejected due to false positives. >
