Author: Marc Perkel Date: To: Exim, Users Subject: [exim] White List and Yellow List DNS Servers - Proposal
I want to propose and idea that I've been testing with some success. But
there are plenty of people who are a lot sharper than I am that can
implement it better. Here's what I'm thinking.
We are all familiar with DNS blacklists to block spam. But what about
lists of other servers? What about white lists servers that never send
spam. Or - a new term, Yellow list, servers that send mostly nonspam but
send some spam. These ar servers that should never be blacklisted.
Spammers can fake a lot of things but that can't fake the host they are
sending from. So - the way I see it, there are 3 kinds of hosts.
1) Blacklist - host that send only spam
2) Whitelist - hosts that never send spam.
3) Yellowlist - Hosts that have some spam sneak through but should never
be blacklisted. gmail, yahoo, hotmail, etc are examples.
The problem with blacklists is false positives. If not for that we could
use them more to block spam. So - with white and yellow lists we can
check then we can make sure that good servers are never blacklisted.
That makes the blacklisting more accurate. The processing would go as
follows:
1) Whitelisted servers can bypass spam filtering.
2) Yellow listed server would bypass blacklist testing.
3) Blacklisted servers are bounced without spam filtering
4) Yellow and Unlisted email is processed with Spam Assassin for spam
testing
5) Statistical feedback on hosts to the various lists.
I've implemented a crude version of this model and it's working very
well. By tracking ham I can make sure that hosts that send ham are never
blacklisted. This has significantly increased the accuracy of my
blacklists virtually eliminating false positives. So - I'm looking to
bring together some of the great minds here and let's build a system
right that can be used to block spam and greatly reduce the server loads
on SA by bypassing SA processing.