A standardized email whitelist management protocol
by ZetaGecko | Add Your Comments | Email, Issues/Problems
I had the idea yesterday that a standardized protocol could be created the enable email clients to interact with whitelist-based SPAM blocking software. Given the complexity of identifying SPAM by textual analysis, whitelist-based SPAM protection appears to be getting more popular. I plan to start using it myself with some of my email addresses in the near future.
I envision it being specified something like this:
1) Protocol: secure HTTP would be preferred with HTTP also supported.
2) Authentication: Some form of authentication would be required. Basic and Digest could be supported. Implementations might require secure HTTP if using Basic authentication.
3) Data format: an XML format would be defined for transferring data back and forth. SOAP would probably be overkill.
4) Operations: add email address(es) to/remove address(es) from whitelist, add/remove address to/from blacklist (return an error if you don't support blacklisting), get all or a specified "page" of addresses from white/blacklist, query whether a specific address appears in either list (return black/white/none), get addresses in graylist (whitelist challenge sent but not responded to...adding an address to the white or black list would remove it from all other lists, so no operation is needed to move from one list to another), remove address(es) from graylist (and delete all quarantined messages from them, but don't blacklist them--they're probably spoofed addresses anyway, so why bother keeping track of them?)
5) Email client interface:
5a) Configuration: specify URL of whitelist manager interface, specify authentication method (with "auto" option to let software decide), specify authentication credentials, specify supported operations (whether has blacklist capabilities or only white and gray).
5b) In messages or message lists: buttons next to senders addresses to add to white list or (if supported) blacklist--if the server sends notifictions of new quarantined messages, how would those expose the addresses of the original senders? A new email header could be created to carry those.
Anybody interested in working with me on a document for this?