[SpamCop-List] Re: centralized white list

[Bo Briggs]

Jay wrote:
> Ive often wondered why there isnt an organization
> set up on the net to maintain a 'white list' of valid
> mail servers on the net.
> 
It has been tried before. See:
http://www.the-carrot-and-the-stick.com/Best_Practices/FAQ/

> If an RBL was set up so that all new mail server ips
> were blocked by default, and all the big players on
> the net insisted that legit mail servers were registered,
> with working administrative contacts,
> with tracking supplied on complaints and resolutions,
> with policies for suspending mail servers from the
> white list,
> 
> wouldnt it set up a situation very quickly where everyone
> would have to register and be accountable?
> 

The problem is getting everyone to agree. Implementation would be very 
difficult for everyone involved. Other problems are the same as with the 
dnsbl's. Who do you trust?

> It would stop all non spoofed spam in a proactive
> manner instead of reactive.
> 

You're getting closer. See http://spf.pobox.com/
But SPF has it's own problems and detractors. AOL is using it though:

%host -t txt aol.com
aol.com text "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 
ip4:205.188.144.0/24 ip4:205.188.156.0/24 ip4:205.188.157.0/24 
ip4:205.188.159.0/24 ip4:64.12.136.0/24 ip4:64.12.137.0/24 ip4:64.12.138.0/24 
ptr:mx.aol.com ?all"

AOL is saying that mail from @aol.com can come from only those blocks, or if a 
reverse PTR lookup results in a domain ending in mx.aol.com. If you can add 
the TXT record to your DNS, you won't get any spoof bounces from AOL. (as long 
as they continue to use it)

> Then, the obvious next step would be to require
> all isps to implement filters to stop outbound spoofing.
> 
> 

-- 
Bo Briggs