1) You can make a list of all those which you want to treat better (the
whitelist)
2) You can make a list of all those which you want to treat worse (the
blacklist)
Generally, you will base your decision on whether you choose the
whitelist or blacklist approach on the size of the resulting list (you
especially don't want an infinitely long list) and on which side you
want to err for previously unknown entities: The whitelist approach errs
on the side of caution: Everybody who isn't on the good list is presumed
bad. The blacklist approach is optimistic: Everybody not on the bad list
ist presumed good.
Rather than the crude idea of a "whitelist" or a "blacklist", I prefer a more
nuanced concept I call a "permissions" list.
The idea is that one would typically by default accept a "safe"
lowest-common-denominator E-mail from unknown senders. I propose that this
typically be:
1) no HTML (i.e. no scripting, no activeX, etc etc)
2) no attachments
3) maximum size as specified (20K? 50K?) but enough for an
introductory/exploratory E-mail.
This way, a responsible initial contact E-mail in plain ASCII text could be
delivered, but E-mails that were more abusive (too large, too bulky, or
potentially hazardous) would be screened out.
You could specify preferential treatment for specified, known senders... you
might allow them to send you certain types of attachments (say, JPGs are okay,
but .SCR or .EXE or .COM are not...). You might allow them to send you some
types of HTML (colors and fonts and point sizes are okay, but scripting and
ActiveX etc are not), based upon the particular types of things you EXPECT to
receive from that specific sender, and that you TRUST them to send to you.
That
way, you would open a hole in the screen for mail from a particular sender
which
would be JUST large enough (and discriminating enough) to permit their stuff to
be delivered in the future.
Likewise, you could establish more restrictive rules for mail from other
senders... for example, to simply T-can mail from IP addresses or domains which
contains information that you simply don't want to receive anymore... (such as
mail from familiar folks who seem determined to not take you off their mailing
list, or who refuse to send plain text E-mails).
It's not as simple as a plain whitelist or a plain blacklist, but that also
means that it is a more useful filter... letting mail in that you want, and
keeping out content that you don't.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg