On Fri, 2009-12-04 at 11:08 -0500, Charles Gregory wrote: > All this debate about 'legitimate' mail services like 'returnpath' > being abused by 'sneaky' spammers. How is that possible? There should be > easy ways to prevent it. Here's a few ideas: > > As soon as any whitelist service like 'returnpath' accepts > a client, they perform the following: > > 1) Review the client's address list - look for honeypot addresses. > If any are found, clearly the client has not vetted their list. > > 2) Perform their OWN 'opt-in' mailout to that list. > "Hello, we at (company eg. Retunrpath) have contracted to operate a > mailng list on behalf of (client name). They have provided your > address as one that has *requested* advertising mailouts from their > company. We respectfully request that you verify this > subscription/request by replying to this e-mail. IF you do nothing, > this will be your last mailing from this company." > > I'm sure we would all live with the occasional true 'opt-in' request, if > we knew that the end result would be that it would stifle spam by giving > the legitimate mailers, the ones whose mail we *want* anyway, a better > chance to reach us. > > - Charles Sensible. I would suggest that 2) forms a footer that the sender cannot remove and that the ESP was fully responsible for deleting unsubscribes or anything giving a 5xx error.
That to one side, the default for a spam filter should not be to give any weight to a white list unless the user modifies the config themselves specifically. It can be seen to be suspicious and offering a pecuniary advantage to those involved and using it.
