Permission-based blocking via personal whitelists

There are certainly some major advantages to having a personal whitelist working for you. After it has been properly configured, you can be fairly certain the volume of spam is going to drop. But getting it configured can be an ongoing job, particularly in the spoof-a-thon world we live in now.

The big advantage of a whitelist, challenge-response combination is you don’t get any spam from someone not on that list. Any sender not on the list drops directly into a junk-mail folder. If the system sits server-side, the spam gets junked before it hits the desktop. But with spammers spoofing Return-Path and From line information, what you are going to get are a lot of whitelist inclusion requests.

I am not putting down the Choicemail system described in the article below. Whitelist-only challenge-response systems are certainly tough to get around – nearly impossible. But I think it is wishful thinking to expect a challenge only once every couple of weeks, as the VP of Sales at Choicemail, Dan Wallace, suggests. An implementation at the server level, managed across the network, would reduce the spam level even further, but the challenges from disparate sources are again going to take some resources to manage.

Whitelisting functions (even at the personal level) are nothing new either. I can set my Entourage junk-mail settings to “exclusive,” meaning any inbound email not in my address book goes direct to junk. The ‘exclusive” option turns my address book into a whitelist. Nonetheless, the real spam I do receive never comes from the same address – in all cases, the sender address is spoofed, and most of it comes from zombied machines, so I continue to rely on the Bayesian filter to get rid of the spam at the “high” setting. Note that the same setup is available to Outlook users under the Tools, Options, Junk E-mail settings. The Outlook options also include Top-Level domain management, as well as rejection of email with chosen encoding.

Read more here, in Techology New’s review: Permission-Based Filtering Puts Kibosh on Spam.