[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: White/black lists

To: gep2 at terabites.com
Subject: Re: [Asrg] Re: White/black lists
From: "Peter J. Holzer" <hjp-asrg at hjp.at>
Date: Fri, 9 Dec 2005 11:14:46 +0100
Cc: asrg at ietf.org
In-reply-to: <B0000001826@nts1.terabites.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: gep2 at terabites.com, asrg at ietf.org
References: <auto-000121338214@fr5.webmaillogin.com> <B0000001826@nts1.terabites.com>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.4.1i

On 2005-12-08 21:59:21 -0600, gep2 at terabites.com wrote:
> > 1) You can make a list of all those which you want to treat better (the
> >    whitelist)
> 
> > 2) You can make a list of all those which you want to treat worse (the
> >    blacklist)
> 
> > Generally, you will base your decision on whether you choose the
> > whitelist or blacklist approach on the size of the resulting list (you
> > especially don't want an infinitely long list) and on which side you
> > want to err for previously unknown entities: The whitelist approach errs
> > on the side of caution: Everybody who isn't on the good list is presumed
> > bad. The blacklist approach is optimistic: Everybody not on the bad list
> > ist presumed good.
> 
> Rather than the crude idea of a "whitelist" or a "blacklist", I prefer a more 
> nuanced concept I call a "permissions" list.

Yes, we know that already :-).

Conceptually, it's no different, though. Instead of one list, you have
several.

> The idea is that one would typically by default accept a "safe" 
> lowest-common-denominator E-mail from unknown senders.  I propose that this 
> typically be:
> 
[...]
> You could specify preferential treatment for specified, known senders... you 
> might allow them to send you certain types of attachments (say, JPGs are okay, 
> but .SCR or .EXE or .COM are not...).  You might allow them to send you some 
> types of HTML (colors and fonts and point sizes are okay, but scripting and 
> ActiveX etc are not), based upon the particular types of things you EXPECT to 
> receive from that specific sender, and that you TRUST them to send to you.

That's a whitelist for JPG, a whitelist for "safe HTML", etc. 

> Likewise, you could establish more restrictive rules for mail from other 
> senders... for example, to simply T-can mail from IP addresses or domains which 
> contains information that you simply don't want to receive anymore... (such as 
> mail from familiar folks who seem determined to not take you off their mailing 
> list, or who refuse to send plain text E-mails).

And that's a blacklist (or possibly several).

	hp

-- 
   _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
| |   | hjp at hjp.at         |
__/   | http://www.hjp.at/ |	-- Holger Lembke in dan-am

Attachment: pgpGTVyFEuCou.pgp
Description: PGP signature

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Re: White/black lists
  - From: gep2

Prev by Date: Re: [Asrg] A new (?) wrinkle on the spamming problem
Next by Date: Re: [Asrg] Re: White/black lists
Previous by thread: [Asrg] Re: White/black lists
Next by thread: Re: [Asrg] Re: White/black lists
Index(es):
- Date
- Thread