Whitelist/verification spam filters

Peter Hansen peter at engcorp.com
Wed Aug 28 05:22:55 CEST 2002


Mark McEahern wrote:
> 
> The appeal, to me, of the whitelist technique is that for the addresses in
> my whitelist, there will be no false positives.  

Not entirely true if I understand what you mean.  Among other problems,
SMTP has no authentication standard.  If you are using a typical server,
somebody can connect and say they are sending mail from <whitelisteduser>
when in fact they are not.

I have received spams sent from "myself" (peter at engcorp.com) because
I've unfortunately left that address open until now.  There are others
that have been hit accidentally or deliberately, including <> which 
I believe qmail uses for bounced messages and which I whitelisted
to make sure I became aware of certain configuration problems.

Note, the above comments are with respect to whitelisting as implemented
using TMDA (written in Python of course, see http://tmda.net ) running
with Qmail.

-Peter



More information about the Python-list mailing list