[Greylist-users] Looking for updated list of bad (but good)senders

Ken Raeburn raeburn at raeburn.org
Wed Sep 15 04:34:44 PDT 2004

"Brian Michalk" <michalk at awpi.com> writes:
> A while ago, Evan and I discussed how to effectively implement a whitelist
> system that could be automatic, trusted, and not abused.

Would be nice...

> Have a centralized signup, that the user could register and receive some
> sort of public key(or maybe use their IP address)

The IP address may not be consistent; the user may be on a dialup or
cable modem connection.  A public key is probably better.  Rather than
inventing new infrastructure, I'd suggest using PGP keys.  I expect a
PGP key is much more likely to be shared across machines and programs
than a cookie in one's web browser.

>  to give him the ability to
> submit domains for whitelisting.  Allow that registered user to submit, say
> 1 whitelist per month to the system.  As time goes on, that user becomes
> more and more trusted.  If the user abuses the system, the account is
> yanked.

Nice approach.

> I think that removing illegitimate whitelisted domains could be automated.
> It's quite simple to examine the log file for originating IP's that hit
> multiple accounts on my domain.  Since it's not a blacklist, it's not as bad
> if the occasional mistake occurs.

I'm not so sure.  I suggest that we've got two different kinds of
domains we might want whitelisted.

First, there are hosts that people have found do retry, and aren't
sending lots of spam.  Gosh, wouldn't it be nice to not delay any more
mail from them?  Think of this as sort of a shared cache of approved
sender addresses.

Then there are the domains that behave poorly, such as not retrying
delivery, but are sending legitimate mail.  Currently most or all of
the whitelist entries Evan distributes with relaydelay appear to be in
this category.

In the first category, accidentally throwing away entries that are
valid isn't a big deal; in the second category, it can cause you to
lose mail.

I think the second kind is more important, but do we want this
whitelist to include the first kind as well?


More information about the Greylist-users mailing list