on 8/15/2002 6:53 PM Eric A. Hall wrote:
have white-list people (people who are subscribers to the
mailing list, or people who work for our company, or people to whom we
have sent the appropriate goober in the past so they can now present
it) present a credential and in our own instance of a mailer process
treat peers that don't present the credential differently (such as
Couple of other points I wanted to make on the whitelist approach. First
is that whitelists only keep me from seeing the junk, they do NOT
alleviate the symptoms. For example, I still have to pay my 95th
percentile bandwidth costs for all that crap I'm not seeing, I still need
machines and disk space to hold and process that crap on my behalf, and I
still need personnel to manage the bandwidth, systems and software. Plus
the canonical problem, which is that my property rights are still being
trampled by miscreants who flunked kindergarten's basic lessons.
Secondarily, whitelists are sufficiently annoying that, if used on a large
enough scale, they would have to be standardized so that they could be
dealt with automatically. At that point, spammers can just automate the
whitelist responses and we would have gotten nowhere.
There are also social problems with whitelists which I will not get into.
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/