Spamhaus Debuts New Whitelist Service

The Spamhaus Project has debuted a new whitelisting service that is designed to be the inverse of the way that most approved-sender lists work. The Spamhaus Whitelist will exclude by default any IP address or domain that sends marketing or soliciting mail at all and will require domain owners to have an inviation in order to join the whitelist.

The Spamhaus Project has debuted a new whitelisting service that is designed to be the inverse of the way that most approved-sender lists work. The Spamhaus Whitelist will exclude by default any IP address or domain that sends marketing or soliciting mail at all and will require domain owners to have an inviation in order to join the whitelist.

The new whitelist service comprises two separate parts: an IP address whitelist and a domain whitelist. The services operate on the principle that mail senders must know the users to whom they are sending email.

Unlike traditional whitelists, the Spamhaus Whitelist is not a
service to help bulk mail senders improve delivery rates. You can not
whitelist an IP address or domain that is used for sending marketing or
soliciting bulk email, or used for sending any email on behalf of third
parties. This rule therefore automatically excludes (makes not eligible
for whitelisting) Email Service Providers, ISP customer mail relays and
mail servers used by third-parties, and all bulk mailing list servers
and services,” the company said in its explanation of the service.

The idea is that the whitelist will enable mail servers to separate incoming mail and identify messages from known good senders, known bad senders and unknown senders. The company recommends that users implement the whitelist in front of existing mail filters to make it most effective.

But getting onto the whitelist will be no mean feat. In order to apply for inclusion, a domain owner first must receive an invitation from someone already on the list. It’s the anti-spam version of the VIP list at Club Slice.

Of the existing whitelists (as at 2010) some exist to certify ‘good’
bulk email marketers to help improve email marketing delivery rates,
some list ISP customer relays and ESP outbounds from which an amount of
spam will always flow, some whitelist any sender that pays a
registration fee regardless of reputation, and one or two bad examples
exist simply as a means to monetize removals from the whitelist owner’s
blacklist,” Spamhaus said.

“Current whitelists suffer from a catch-22 usage problem; they are used
by only a very small fraction of internet mail servers meaning that the
benefit to senders of being on the whitelist is extremely slim, if not
non-existent. What is the point of being on a whitelist if hardly anyone
uses it? Spamhaus by contrast, with its DNSBLs already installed on
over three quarters of the internet’s mail servers, benefits from an
existing userbase that can immediately begin to use the Spamhaus
Whitelist.”

Spamhaus also is using the whitelist as a way to address the coming problem of mail filters being overwhelmed as they try to store several times the number of IP addresses they were designed to handle with the advent of IPv6.

Blocklists designed to store millions of bad IP
addresses suddenly need to cope with potentially many billions of bad IP
addresses. Yet legitimate mail servers in the world number only a few
hundred thousand. It thus becomes sensible to identify and single out
the few hundred thousand to let past unimpeded,” the company said.

Suggested articles

Discussion

  • John on

    As an ISP, we receive a fair amount of spam forwarded to our accounts from what would be whitelisted machines. They do this so that we can filter it for spam. FInding an IP in this list does not mean that the mail is good, but that the sender is known. We also, despite our best efforts, occasionally are used to send spam. We do something about it VERY quickly. The people who are invited to this list are not going to be the responsible types who monitor their queues, but the guys on DSL lines with user names and passwords like info, info. Good luck spamhaus. Your pricing is not so hot, and neither is this idea.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.