October 23, 2010 ANTI-SPAM, WHITELISTING

Whitelisting and False Positives

Mark Webb-Johnson, my colleague at our Hong Kong headquarters, edits a monthly Network Box publication called “In the Boxing Ring.” In this month’s issue, he reports on problems that can arise from unintended anti-spam whitelisting. I would like to share a few of his findings/reflections, which you may find very interesting.

Mark indicated that administrators may often whitelist their own or popular domains – done to hopefully avoid mails being blocked as spam. Spammers, however, may often use your own domain as the sender address. Whitelisting your own or popular domains isn’t effective in avoiding false positives – it can actually cause more problems.
To quote Mark, “This causes the Network Box to incorrectly ‘learn’ that spam as ham (resulting in other similar spam being treated as ham as well).”

Our Anti-Spam system does have the ability to perform sender white and black listing. If a sender is blacklisted, for example, that tells the Network Box that the sender only sends spam and all messages from that sender are to be treated as spam. Likewise, notes Mark, a whitelisted sender instructs the Network Box that the sender only sends ‘ham’ and all messages from that sender are to be treated as ham.

My recommendation, in agreement with Mark, is to never whitelist your own domain. It is true that you do not send out spam, but it is also true that spoofed domains are an everyday issue with spam.

If you’re experiencing any whitelisting/false positive issues, send me an email (pierluigi.stella@networkboxusa.com) or pick up the phone (832/242-5757) and let’s discuss!