Are Whitelists Providing False Hope?

You’ve worked hard to build your distribution lists, you’ve adhered to the best practices in the industry and you’ve done what was asked by mailbox providers but your mail still isn’t reaching the inbox. This is not an uncommon problem; the typical solution is to be put on a whitelist.

Blacklists, or block-lists, are routinely shared among mailbox providers in an effort to combat spam. Whitelists on the other hand are a guarded secret, holding the identification of those mailers that have received “special permission.” The special permissions may permit your mail to be delivered, may reduce or eliminate spam filtration on your mail or might simply be providing you with false hope.

Why would mailbox providers provide access to something that was apparently so sacred and so carefully guarded? Frankly, whitelists are intended to address the shortcomings of spam filtration technology. Acting in the best interests of their customers, mailbox providers will block spam to enhance the user experience. Unfortunately, the rules for catching spam also catch some legitimate mail thus a need for an exemption-based system.

Just because you’re on the whitelist doesn’t mean your mail is getting delivered. What type of whitelists are you on?

Location lists — Used to identify your mail server as a localized to a specific location. Some early spam rules treated mail from outside the continental U.S. as highly suspect and blocked in instances delivered in volume. Whitelists were used to exempt certain foreign IP addresses.

General identification — Used to assert an identity and attribute a reputation to it, typically uses IP addresses but could use other authentication technologies such as Sender ID Framework, Domain Keys or cryptographic tokens.

URL lists — Used to identify specific URLs in your message as legitimate and not spoof URLs or otherwise malicious.

Domain lists — Used to identify a mailer as a recognized legitimate mailer. Used widely early on but has declined significantly due to bogus DNS records.

Reputation/Accreditation lists — This list uses some form of authentication (generally the IP address) to identify the mailer and either asserts a reputation for the mailer or an indicator that the mailer has passed some form of accreditation. Mailbox providers may have an agreement in place with the list provider to provide some privilege.

Clearly, the trend is toward reputation or accreditation lists—and the best solutions incorporate both. Incorporating an authentication mechanism that is not spoofable with such systems is the best case scenario and forces marketers to be accountable for their online actions not just their brand reputation. What this means for marketers is that the whitelists they once relied upon for getting their email delivered are going to become less effective as mailbox providers transition to reputation-based systems.

More on what you can do to make sure your online reputation is consistent with your brand reputation in another post…

—Charles Stiles of Goodmail Systems