[Greylist-users] Central whitelist database

Scott Nelson scott at spamwolf.com
Tue Jun 24 23:35:34 PDT 2003

At 10:12 AM 6/24/03 +0200, Eirik Oeverby wrote:
> ... I have been toying with the idea of setting up some
>kind of central whitelist, a database that can be queried and/or
>subscribed to by people running MTAs and who wishes to make the burden
>upon their users as small as possible.

It's unclear to me that there is a "burden" upon users, or that
if there is, that adding a fourth party to the email transaction
is any better.  

That said, most of the same issues that apply to a blacklist
would apply to a whitelist.  The ones I can think of off hand;

. What are the policies for being added?
. What are the policies for being removed?
. Is there an appeals process?
. Do I trust that those policies are being followed?
. Is the list operator in danger of being sued?
  (this is directly related to what the polices are.)
. How comprehensive is the list?
. Would a DoS attack be possible?

The major advantage I see with whitelisting vs. blacklisting
is that time to list, and time to report is far less critical.
For greylisting, updates and comprehensiveness are even less important.
If there was a "seed" list which I downloaded with the software, 
I probably wouldn't need (or want to bother with) any updates, ever.

If you don't like the idea of a central authority,
it would be pretty simple for any user to pull IPs that
have successfully retried from their database,
Or to add another's list to theirs.

Scott Nelson <scott at spamwolf.com>

More information about the Greylist-users mailing list