procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

I do indict whitelisting.

1997-09-29 13:39:52
from [David W. Tamkin] [Permanent Link] 
I wrote,

T> Just a few more examples of why whitelisting is a shortsighted move and a
T> bad policy.  It is one thing to give extra priority to mail from known
T> friends;  it is quite another to assume that all unrecognized senders are
T> spammers. 

Jack Lyons responded,

L> Well, I would not indict whitelisting in this case ...

I would.  Errors on a whitelist have worse consequences.

If you use a blacklist and you omit or mistype the entry for someone whose
mail you do not want or for a text marker that you consider proof of spam,
you receive another message from that sender or with that text, and you fix
your blacklist.  Very little harm done.

If you use a whitelist and then omit or mistype the entry for someone whose
mail you do want or for your bypass word, then (1) if you do not store mail
that fails to meet your whitelist you do not know whether the other person is
writing to you and you mistake lack of mail from him or her for his or her
not writing, so you don't know what's happening and you don't fix it (how can
the other person tell you?) and (2) if you autoreply to non-whitelisted mail
with nastygrams, you are insulting an innocent party (or in the case of to-
day's incident, several hundred innocent parties).

I have previously said that giving extra priority to a list of known senders
is fine, and I still feel that way, but I've decided no longer to use the
term "whitelist" for that.  Perhaps I'll call it a "goldlist".  A whitelist
is exclusive, and all others can go to hell; a goldlist is special, and all
others are welcome in the main lounge but just not in the back room.

L> By the way, my bozo remark was an attempt at humor. I don't
L> know Mr. Biow and would not actually presume to judge on his
L> bozo nature. 

As Mr. Biow has since apologized and sworn to have corrected the problem, it
no longer matters.  But it still baffles me how my attempt to write to him
got another rejection despite my using his bypass word, yet Catherine's made
it through.  I guess that he already had Catherine on his whitelist of known
senders but his subject line tests didn't work.

See, there it is again: the bypass word in his rejection message didn't match
the bypass word in his .procmailrc, so a mistake on a whitelist sent a nasty-
gram to a non-spammer.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using $MATCH as an RE, era eriksson
Next by Date:  Re: no longer Re: Spam: ...life style..., era eriksson
Previous by Thread:  Re: Lyons is right: Biow's a bozo, Jack Lyons
Next by Thread:  Re: Lyons is right: Biow's a bozo, Steve Emms
Indexes:  [Date] [Thread] [Top] [All Lists]