18 Apr
2004
18 Apr
'04
12:33 p.m.
Maybe a stupid question... But if broadband providers aren't going to do this, and considering there are way less legitimate SMTP senders than broadband users, wouldn't it make more sense to whitelist known real SMTP sources rather than blacklist all addresses that potentially have a fake one?
that's not a stupid question, and you're right that statistically it's better engineering to make a small list of good things than large lists of bad ones. IETF MARID, my own MAIL-FROM, somebody's SPF, yahoo's "domainkeys", and lots of other people are working on what amounts to "a whitelisting solution", and in a few more years you might actually see some results along those lines.