On 2005-12-08 21:59:21 -0600, gep2(_at_)terabites(_dot_)com wrote:
1) You can make a list of all those which you want to treat better (the
whitelist)
2) You can make a list of all those which you want to treat worse (the
blacklist)
Generally, you will base your decision on whether you choose the
whitelist or blacklist approach on the size of the resulting list (you
especially don't want an infinitely long list) and on which side you
want to err for previously unknown entities: The whitelist approach errs
on the side of caution: Everybody who isn't on the good list is presumed
bad. The blacklist approach is optimistic: Everybody not on the bad list
ist presumed good.
Rather than the crude idea of a "whitelist" or a "blacklist", I prefer a more
nuanced concept I call a "permissions" list.
Yes, we know that already :-).
Conceptually, it's no different, though. Instead of one list, you have
several.
The idea is that one would typically by default accept a "safe"
lowest-common-denominator E-mail from unknown senders. I propose that this
typically be:
[...]
You could specify preferential treatment for specified, known senders... you
might allow them to send you certain types of attachments (say, JPGs are
okay,
but .SCR or .EXE or .COM are not...). You might allow them to send you some
types of HTML (colors and fonts and point sizes are okay, but scripting and
ActiveX etc are not), based upon the particular types of things you EXPECT to
receive from that specific sender, and that you TRUST them to send to you.
That's a whitelist for JPG, a whitelist for "safe HTML", etc.
Likewise, you could establish more restrictive rules for mail from other
senders... for example, to simply T-can mail from IP addresses or domains
which
contains information that you simply don't want to receive anymore... (such
as
mail from familiar folks who seem determined to not take you off their
mailing
list, or who refuse to send plain text E-mails).
And that's a blacklist (or possibly several).
hp
--
_ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken.
| | | hjp(_at_)hjp(_dot_)at |
__/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
pgpnaanafZkoL.pgp
Description: PGP signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg