The Spamhaus Project has released the Spamhaus Whitelist which allows Internet mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown, allowing mail server operators to block known bad email traffic, let known good email traffic pass safely, and heavily filter unknown email sources.
This whitelist is intended for email from qualified corporations such as banks, accounting firms, law firms, airlines; from medical centers & government agencies, and transactional email from automated billing systems, e-commerce servers, online banking and booking systems. It is designed to enable special and priority handling by email servers of important email from senders who are known to be extremely unlikely to ever send spam.
The benefit is better, faster and infinitely safer spam filtering. For email recipients, the Spamhaus Whitelist heralds an end to many messages wrongly marked as spam by scoring systems, content filters, local “blacklists” or poor filtering choices. For email senders, it will mean a large reduction to important mail being delayed, lost in junk folders or wrongly classified as spam.
For transactional email, such as e-commerce systems, banking, airline booking, mail from medical centers, judiciary or government departments, the whitelist will mean email can arrive no matter how heavily filtered the receiver’s mailbox is.
The Spamhaus Whitelist is currently in a beta release phase during which applications for whitelist accounts are only available by invitation. To add an IP address or a domain to the whitelist users must first be sent an invitation by someone who already has a whitelist account. Whitelist account holders, Spamhaus says, “are chosen by others who trust them; you cannot simply apply.”
Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account. Bulk email, of any type, is not allowed in any form and the whitelist operates a policy of ‘Know Your User’. This means that whitelist account holders must personally know or employ each sender that uses a whitelisted resource. This means that servers of ESPs and ISPs are not eligible for whitelisting, but servers of – for example – banks, airlines and private organizations are.
The Spamhaus Whitelist is published as two separate DNS-based lists, named the SWL and the DWL. The SWL is an IP whitelist which supports both IPv4 and IPv6 addresses. Although at launch SWL will contain predominantly IPv4 addresses, its future primary intended usage is to enable networks who implement IPv6 email services control over IPv6 spam. The DWL is a Domain White List specifically designed to enable automatic certification of domains using DKIM signatures. Both are available to use now from Spamhaus Project servers worldwide.
Software controls ensure it is not possible to whitelist an IP address or domain that is on a Spamhaus Project blocklist, therefore the Spamhaus Whitelist cannot be used to circumvent a Spamhaus Project blocklist.