ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative)

2003-05-30 13:46:53
from [Kee Hinckley] [Permanent Link] 
At 8:02 PM -0400 5/29/03, Eric D. Williams wrote:

Just for the sake of performing some definition normalization, please (if you
haven't already - I'll check the archives on this thread) define 'whitelisting' 
as it is being used in this discussion.

What is a 'whitelist'?
What is it to be 'whitelisted'?
Does a 'whitelist' require certain attributes about the 'sender', if so, what
attributes?
Is a 'whitelist' the converse of a 'blacklist'?


Well, if no one else is going to pick up on this, I'll make a first pass.

Whitelist (v)
To add information to a whitelist (n).

Whitelist (n)
A list of attributes which is used to match against incoming email. Mail that matches a specified attribute or attributes is automatically passed through. Attributes are generally pulled from the headers. If it's information from the body it's more likely to be called "filtering". 

Attributes
Most commonly people when people talk about whitelisting, they mean to let something through that is from a given user. That typically means matching the address in the From: line. The next most common attribute is the domain name of the sender. However other attributes can be stored an used for whitelisting, including subject keywords, list identifiers, public key information, IP addresses and virtually anything else from the message headers. Attributes are usually associated with the sender, but you can whitelist based on destination. For instance some mail servers may have a whitelist address that always accepts email, even if it would normally be blocked. 

vs. Blacklist
In theory it's the converse, but I don't think the usage is exactly equivalent. For instance, it sounds odd to say that you blacklisted an address, although certainly people blacklist domains. Also the two things aren't weighted in quite the same way, since when they go wrong, the results are very different. Blacklisting leads to false positives. Whitelisting can lead to false negatives. Whitelisting can be abused by spammers, blacklisting cannot (other than by poisoning the blacklist). So the results of using one or the other can be very different. 
--
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] The level of discourse has degenerated... It ain't useful., Bob Wyman
Next by Date:  RE: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative), Jon Kyme
Previous by Thread:  RE: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative), Eric D. Williams
Next by Thread:  RE: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative), Jon Kyme
Indexes:  [Date] [Thread] [Top] [All Lists]