Most spam filtering is usually accompanied by some degree of whitelisting in order to avoid too many false positives. Given the recent increase in spam levels, filtering must become ever more aggressive, and the effort both to maintain the rules and the whitelists to mitigate the increased risk of false positives is increasing as well.
For many sites, this will mean a slow but steady shift away from the “Default Allow” paradigm of Internet e-mail towards a “Default Deny”. As long as you are not whitelisted on the receiving end, the chances of your mail being lost will steadily increase. And worst of all: most often you will not notice, since the mail will end up in some central or user-specific Junk folder, never to be seen again. Given the widespread heavy filtering, we must realize that the “Default Allow” policy of Internet e-mail does no longer exist.
And now it is time to get honest. Internet e-mail should switch to a “Default Deny” policy. Everything not whitelisted is rejected with a 5xx error and a hint on how to get yourself whitelisted (eg: make a phone call).
Spam filtering is an example of Enumerating Badness—we try to identify the millions of bad senders in 2^31 IP addresses, instead of finding the couple of hundred or thousand good senders and giving the yet unknown good senders an efficient method of making themselves known. Even 100’000 good senders are roughly 0.005% of the complete (theoretical) IP address range.
Compare that to the Spamhaus XBL which contains some 4.5 million records, ie somewhere around 0.2% of the address range. Just a single (albeit large) DNS blocklist contains 45 times more entries than a comparable whitelist of good senders.
Of course there will be edge cases, especially the mailservers of large providers. But then some light spam filtering on these couple of hundred servers would still be possible.
And of course, such a transition is not without pain. But then even the not yet very comprehensive dnswl.org data already whitelists more than 30% of all incoming messages at a particular e-mail system with 10’000 users. Given enough priority, a significant improvement seems plausible.
Complex cryptographic and semantic work à la DKIM is not necessary. A healthy competition amongst reputable providers of whitelists should be enough to make the paradigm shift from “Default Allow” to “Default Deny”.
Ist Email wirklich schon so kaputt durch Spam, das man nicht mehr jede Mail annimmt, sondern nur wenn die Domain in irgendeiner Domain-Whitelist steht? Ich denke nicht, aber Mathias Leisi vertritt in “Default Deny” - A Paradigm Shift for E-...
Tracked: Nov 11, 20:56