Whitelist/verification spam filters
peter at engcorp.com
Wed Aug 28 05:22:55 CEST 2002
Mark McEahern wrote:
> The appeal, to me, of the whitelist technique is that for the addresses in
> my whitelist, there will be no false positives.
Not entirely true if I understand what you mean. Among other problems,
SMTP has no authentication standard. If you are using a typical server,
somebody can connect and say they are sending mail from <whitelisteduser>
when in fact they are not.
I have received spams sent from "myself" (peter at engcorp.com) because
I've unfortunately left that address open until now. There are others
that have been hit accidentally or deliberately, including <> which
I believe qmail uses for bounced messages and which I whitelisted
to make sure I became aware of certain configuration problems.
Note, the above comments are with respect to whitelisting as implemented
using TMDA (written in Python of course, see http://tmda.net ) running
More information about the Python-list