When I wrote,
T> Just a few more examples of why whitelisting is a shortsighted move and
T> a bad policy. It is one thing to give extra priority to mail from known
T> friends; it is quite another to assume that all unrecognized senders are
T> spammers.
W. Wesley Groleau responded,
G> Some may define whitelisting differently. To me, a whitelist is a list
G> of criteria for mail which will not be rejected by other filters. If the
G> "other filters" reject ANYONE not on the whitelist, that is indeed Bad.
I don't want to quibble about what the term "whitelist" implies about the
treatment of those not on the whitelist. Wesley, you and I agree that it
is wrong to deem all mail from senders who are not on a whitelist as neces-
sarily spam, and we agree that it is not wrong to give extra preference to
mail from senders who are on a whitelist. But I disagree here:
| But if they reject only packets from some bottelneck that passes mostly
| spam, then whitelisting your friends who are forced to go through that
| bottleneck is not Bad.
So what about mail that comes through that bottleneck, has no other indi-
cations of spam (or no more than there would be in legitimate mail, such
as an occasional dollar sign or the word "remove" somewhere), but isn't
from a whitelisted sender? Do you advocate treating it as spam?
You see, I can't fathom any kind of condition that could be passed by
legitimate mail from whitelisted senders, could be passed by spam, but
could not be passed by legitimate mail from non-whitelisted senders.
If some of your friends are forced to write through this gateway, doesn't
that imply that some people with whom you do not have established relation-
ships might also be forced to write through it as well if they have legiti-
mate mail to send you? Thus this "other filter" is not determinate! What
kind of criterion can be met only by legitimate mail from whitelisted senders
and by spam but never by anything in between?
Sorry, but if legitimate mail from whitelisted senders can come that way, so
can legitimate mail from non-whitelisted senders. To mark mail from white-
listed senders as non-spam without further testing is all right; but to mark
mail from non-whitelisted senders as spam with no further testing because it
met a non-determinate condition -- a condition that can also be met not just
by some legitimate mail but even by mail from people on your whitelist -- is
very much capital-B Bad.
For the case of such a gateway that passes some legitimate mail but also much
spam, procmailsc weights can be of use: give a message some demerits for com-
ing that way, but not enough to put it over the spam threshold nor too ex-
tremely close to it (the presence of a single dollar sign in the text, for
example, shouldn't put it over the top). If the sender is whitelisted,
exempt the message from the test, but don't add more demerits for not being
on the whitelist.
I stick by my positions that matching a whitelist is an acceptable test for
non-spam, but failure to match a whitelist is NOT a test for spam, much less
proof of spam.