Whitelists - The Ultimate in Spam Protection

A whitelist is a database of trusted email addresses, IP addresses and domains. To build the list, each one of these trusted sources is manually added to the whitelist. Only email from a whitelisted source is delivered to the user's inbox. In fact, whitelists are so effective, that the catch-rate for spam is almost 100%.

However, the efficiency of whitelisting comes at a price, because it produces a large number of false positives. This means that a lot of legitimate email goes undelivered. To deal with this problem, a challenge-response technique is often instituted.

When an email from an unknown source is received, the system will respond automatically, sending a "challenge" back to the sender. This challenge may require the sender to answer certain questions, or decipher an image that displays a series of letters and numbers. This image can only be deciphered by a human, and not by spamming software. Once this is successfully done, the email is allowed to go through the system to the inbox. The sender is also added to the whitelist. The challenge-response methodology uses a combination of human judgment and software technology to determine which email to let through and which to block.

The advantage of this method is that it is not worth it to spammers to wade through all the challenge-response emails and respond to them. They are more likely to remove the email address from their lists and go after other addresses that do not have such requirements. However, the inconvenience of having to register to send email to the whitelist user may discourage legitimate email senders from following through.

Another impractical aspect of whitelists arises when the email account user places an online order, registers for a newsletter or other service. Each of these new email sources must be manually added to the white list. If the user forgets to do this, or enters it incorrectly, important email may be blocked.

Whitelisting is far more effective than anti-spam filters, because the latter work by calculating the probability that if an email contains particular words, it is likely to be spam. However, spammers easily get around this feature simply by misspelling words, or by avoiding words associated with spam. For this reason, spam filters are usually only 80-90% successful. This may be acceptable on a personal account, but not on a business account that likely receives over a hundred emails a day.

Whitelists are especially beneficial to businesses as they almost totally eliminate the waste of valuable time that would otherwise be spent wading through the hundreds of spam that are received each day. However, despite their effectiveness in blocking spam, whitelists have not gained widespread use because of the high rate of false positives. It is also virtually impossible for businesses to compile an exhaustive whitelist database of trusted email sources.