DNSWL

From HandWiki
Revision as of 02:39, 21 July 2022 by imported>StanislovAI (linkage)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

A DNSWL ("DNS-based whitelist") is a "whitelist" of semi-trusted locations on the Internet. The locations consist of IP addresses which may be reputed with no or low occurrences of spamming.

Generic need for whitelisting

Natural language understanding is not a mature field. Common computer processes used for spam filtering apply heuristics to avoid presenting too many useless messages to email recipients. This has the severe impact of reducing SMTP reliability[note 1] by creating false positives; i.e., silently dropping legitimate messages. Whitelists tackle the task of vouching for a sender, which implies identifying an accountable party that the sender belongs to.

DNS whitelisting can also be applied to web traffic when doing incident response or network forensics, since it helps the analyst to tell malicious domains apart from "normal" web surfing.[1] It is, however, not recommended to actively block web traffic not on the whitelist, since this would cause even legit web surfing to be blocked.

For IPv6, blacklisting is not a realistic option, because of the greatly increased addresses. So whitelisting can be used to reduce a huge address space to a set of manageable size: first build a global whitelist of IPv6 registered senders, and second blacklist within that. By accepting all authentic sender registration request, it is at least possible to eliminate spambots.[2]

See also

Notes

  1. See Bounce message for a discussion about delivery errors, and backscatter (e-mail) for why they cannot always be noticed to the sender.

References