Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web.
|
2007-01-27 Why I think that DNS whitelists are going to failThere's been a recent fad for DNS whitelists, the rough inverse of DNS blacklists; instead of listing claimed bad sources of email, they list claimed good sources. I've been thinking about this for a while, and I believe that such DNS whitelists are going to fail. Why I believe DNS whitelists are doomed can be summed up in a simple question: do you whitelist Hotmail or not? If you whitelist Hotmail, you are whitelisting a known source of a not insignificant amount of spam. If you don't whitelist Hotmail, you are not whitelisting a place that sends a lot of legitimate email that's wanted by the people it's sent to. Either answer damages your DNS whitelist. The fundamental issue is that there is no nice binary spam/no spam dividing line for hosts; instead it is more like:
(Hotmail, Yahoo, Google Mail, and so on are #3s. Places that forward mail (whether directly for users or by running mailing lists) are sooner or later #2s.) Among other issues, where do you draw the line between #3 and #4 and decide to (not) list someone? I don't think there are any objective criteria, so it comes down to 'too big to not whitelist', and sooner or later you (the list operator) and I (the list user) are going to disagree about that. (You can take the intellectually pure path and only list #1, but then what's the point? Most of the interesting places we get email from are going to fall into #2 and #3.) (2 comments.)
spam/DNSWhitelistProblem written at 22:27:59; Add Comment
|
These are my WanderingThoughts GettingAround This is part of CSpace, and is written by ChrisSiebenmann. * * * Atom feeds are available; see the bottom of most pages. Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web |