<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: list


Herman Van Uytven writes:

> I have been thinking about the "whitelist" principle for a while,
> but I don't believe it can work now, because what would happen when
> one person with a whitelist wants to mail to another person with a
> whitelist ?  The first person must add the second person in his
> whitelist.  Although this is possible, I don't think you can expect
> this from 'normal' users: they will forget it.  It would be possible
> if your whitelist could be updated automatically when you send mail,
> but I do not think there is any mail reader around which can do this
> at this moment.  With mailing lists it would be even more complex,
> since your first mail goes to majordomo or listserv, and you receive
> mail from the list address.

I solve this problem by remembering to put an address in the From:
line that will automatically bypass the whitelist when sending to a
real person.  (In fact my mailer does it for me and I remove it in
cases that I don't want, because I send much more mail to real people
than to mailing lists.)  When I post news or send to a mailing list
from home, I use the From: line:-

    From: rjk@localhost

However when I mail a real person directly then I write:-

    From: rjk-direct@localhost

Hence if they hit `reply' they'll bypass the whitelist without
necessarily even knowing that it's there.  Since starting to use this
a number of friends have started using the -direct address for me even
on new mail, despite not having been asked to and not needing to
(since they're on the whitelist already).

(`mydomain' is greenend.org.uk in the above, I'm just being very
cautious about not publishing the full -direct address in an easily
extractable form.)

Another point is that the "you are not on my whitelist" message can
come from an address guaranteed not to be whitelist-blocked; you
probably have to change that regularly though since it as it's
essentially published to anywhere you run the risk of it getting onto
a spam list.

However: you are quite correct that someone who had trouble
remembering to do something like this could have trouble (either
bouncing mail from people they wanted to talk to, or accidentally
publishing a "private" address wider than intended and thus losing the
advantage of the whitelist).

Subscribing to a mailing list is a bit different.  Some systems insist
that you post using the address that you subscribed with, and I don't
want to be forced into using the -direct address in a public forum.
So what I do is create a new alias for myself just for that list and
subscribe that instead.  This has the advantage that I can then do
additional filtering I choose - for example, in theory I could allow
only the list software to send to it (rather necessary given that one
is publishing it widely and therefore risking getting the address onto
a spam list), or (supposing other other users of the same system
wanted to read the same list) redirect it into a local newsgroup.

Of course in the case of a list with such a restriction I have to
remember to edit my From: line to the correct address for that list.
For replies at least one could put in a reasonable degree of
automation provided your mailer has some kind of scripting.

(I'm still not 100% sure how well this will work for me in practice
since the software is only running in debug mode, but I'll probably
turn it on for real sometime this year.)

> A similar solution would be that everyone uses digitally signed
> E-mail, and that you refuse unsigned mail (and mail from bad CA's).

The problem is that I still want to be able to receive email from
peolpe I've never encountered before - just not from spammers.  The
idea of a whitelist is to make it impossible for an entirely
mechanical process to email me but still to allow humans (who can
understand special instructions written in English) to contact me with
a minimum of fuss.

ttfn/rjk




<<< Chronological >>> Author    Subject <<< Threads >>>