Home | About Spam | About SpamBouncer | Downloads | Configuration | Reference | Resources
Overview | Configuration Variables | Blocked Spammers | Whitelists | Blocklists | Pattern Matching Filters
This page contains a detailed description of all external DNS-based whitelists, accreditation services, and reputation services supported by the SpamBouncer.
The operators of the AHBL blocklists maintain the AHBL Exemptions Whitelist, a whitelist of trusted email hosts and domains with strict anti-spam policies. This whitelist is designed to be used together with the unusually aggressive AHBL blocklists, which can and do cause some false positives. As such, it lists email servers at sites that have solid anti-spam policies. This does result in a small amount of missed spam, but from servers whose operators will want to hear about the spam and will take action against the spammer. It also prevents legitimate email from sites with responsible anti-spam policies from being blocked by mistake.
If you want to whitelist email from hosts on the AHBL Exemptions whitelist, you must also set AHBLEXEMPTCHECK=yes in the variables section at the top of your .procmailrc file. This whitelist is disabled by default.
The Bonded Sender program is a trusted sender program run by ReturnPath. The Bonded Sender whitelist lists IPs from servers that have posted a bond and agreed to certain standards for the bulk email that they send. Both Bonded Sender lists require that participants send email only to users who have consented to receive it. They restrict the methods that may be used to obtain that consent, forbid participants to sell their email lists to third parties, and impose a number of other requirements intended to prevent spam.
To guarantee compliance with the standards, the Bonded Sender program requires senders of bulk email put up a substantial cash bond, and fines them for spam complaints above a certain, very small, "allowed complaint rate." Currently, the allowed complaint rate is one complaint per million emails sent, and the fine for additional complaints is $20 per complaint. This quickly becomes prohibitively expensive for spammers.
The Bonded Sender plus list requires that all bulk email be sent only to users who opted in using a closed-loop confirmed opt-in (COI) process. ("Double opt-in" for you marketers.) The SpamBouncer requires COI for a default whitelisting of servers used to send bulk email, and therefore enables only the Bonded Sender Plus whitelist by default. The standard Bonded Sender list does not require COI. My experience with it, however, indicates that very little spam comes from IPs listed on either Bonded Sender list.
NOTE: If you get spam from a server on either Bonded Sender whitelist, you should report that spam to Bonded Sender via their web site. (They also list an email address to which you can report spam on this web page.) Please send a copy to spamtrap@spambouncer.org as well.
Habeas is the oldest of the email accreditation services. It guarantees that email coming from servers listed on its whitelist, the Habeas Safelist, meets the criteria indicated by the server's response code. Habeas accredits personal email, transaction-based email (non-bulk email tied to a specific online transaction, such as a purchase), closed-loop confirmed opt in (COI) bulk email, opt-in (OI) bulk email, bulk email from servers known to Habeas and vouched for, and bulk email from listed servers that Habeas does not vouch for, returning different response codes for each type of email. Many (although not all) of those codes should guarantee that email from a listed server is not spam.
The SpamBouncer whitelists email from servers listed as sending personal email only, transaction-based email, and COI bulk email by default. If they wish, users can choose to relax the default criteria and also whitelist email from servers listed as sending non-COI opt-in email. The SpamBouncer does not support whitelisting of "vouched for" or "listed, not vouched for" servers.
NOTE: If you get spam from a server on the Habeas Safelist, you should report that spam to Habeas via their web site or by sending a complaint that contains the email with complete headers to complaints@habeas.com. Please send a copy to spamtrap@spambouncer.org as well.
The IADB is an accreditation service run by the Institute for Spam and Public Policy (ISIPP). The ISIPP is, in turn, the work of Habeas founder and former MAPS attorney Anne Mitchell. The IADB is not properly a whitelist at all; it will list any email server whatsoever as long as the operators of that email server state what their bulk email policies are, and adhere to those stated policies. When queried, the IADB then returns a response that reflects the stated policies of the email server it was queried about.
Although the IADB is not technically a whitelist, it is useful for whitelisting if you trust the information on it, and then whitelist email from servers that meet your criteria. I trust the IADB. Anne knows the bulk email delivery business and the people involved in it well, and makes sure that the information on the IADB is accurate. In addition, the IADB provides a wealth of fine-grained information; you can get a degree of detail from it that you can't from any other whitelist OR blocklist in existence. Theoretically, you could even use the IADB as a blocklist by checking for servers that send to scraped addresses or have no email controls at all, although the SpamBouncer does not currently use the IADB for this purpose. I personally prefer the IADB to any of the actual whitelists.
By default, the SpamBouncer whitelists all email coming from IPs on the IADB that use closed-loop confirmed opt-in (COI) methods exclusively. Users also have the option of relaxing the criteria to whitelist servers that send non-COI opt-in email.