Home  |  Lookup  |  Report Abuse  |  FAQs

The Spamhaus Whitelist
Spamhaus Whitelist Logo

Frequently Asked Questions

Whitelist General FAQ

Whitelist Technical FAQ

Whitelist Setup FAQ

About

Eligibility

Rationale

How to use

Whitelist General FAQ

Does this remove me from Spamhaus blocklists?
Will this stop me getting on a Spamhaus blocklist?
How do I get on the whitelist?
Sunrise Period: The Invite System
Fee Schedule
What about ESPs?
Are colleges and universities eligible for the Spamhaus Whitelist?
What is "transactional email"?
What if the message combines commercial with transactional content?
Can an organization that sends both transactions and bulk mail apply for the Spamhaus Whitelist?
Are invitations to a social network eligible for the Spamhaus Whitelist?
What differentiates the Spamhaus Whitelist from other Whitelists?
What is the projected reach of the Spamhaus Whitelist?
The Spamhaus Whitelist Company



Does this remove me from Spamhaus blocklists?
NO. It is not possible to whitelist an IP address or domain that is on any Spamhaus Project blocklist. The whitelist application system will not accept any IP address or domain that is on any Spamhaus Project blocklist, or that has a history of being on any Spamhaus Project blocklist.

Will this stop me getting on a Spamhaus blocklist?
NO. A whitelisted IP address or domain which later becomes blocklisted by Spamhaus Project is automatically suspended from the whitelist until the blocklisting issue is fully resolved with Spamhaus Project.

How do I get on the whitelist?
During the initial rollout of the whitelist operation, in what we refer to as the 'sunrise period', free whitelist accounts are offered to a select number of known 'white hat' organizations only.

During the sunrise period applications for whitelist accounts are ONLY available by invitation. To add an IP address or a domain to the whitelist you must first be sent an invitation by someone who already has a whitelist account.

Whitelist account holders are chosen by others who trust them; you cannot simply apply.

Sunrise Period: The Invite System
Spamhaus plans to run the invite system during the initial rollout period. Applications for whitelist accounts will be accepted from organizations invited by an existing whitelist account holder. This is being done in order to control growth of the whitelist with a slow ramp-up to enable Spamhaus to correct any problems early on.

Whitelist account holders are allocated a number of invites which they can send to other organizations they trust. Each user they invite is given a free account for one year.

At the end of the sunrise period the whitelist will be opened to all eligible organizations on a commercial basis where a yearly fee will be charged to cover the cost of vetting accounts and operating the whitelist.

Fee Schedule
At the end of the free beta period, or at a future date yet to be decided on, the whitelist will be opened to everyone with a yearly account fee charged to newcomers. The fee will be designed to cover the cost of vetting new accounts and handling any account issues.

A fee schedule will be published by the Spamhaus Whitelist Company in the Winter of 2010. The average annual fee for a whitelist entry is anticipated to be in the region of US$250.00, with the price based on the amount of mail sent.

What about ESPs?
There is already an existing whitelist/reputation-service for ESPs, run by Return Path. Spamhaus Whitelist recommends that ESPs sign-up to the: Return Path SSC

Are colleges and universities eligible for the Spamhaus Whitelist?
Maybe. We consider students to be analogous to customers of universities, and hence their mail is not eligible for the Spamhaus Whitelist. In practice, we have found that students are, well, students. Mail servers that handle student mail send rather a lot of spam sent from computers belonging to students, due to ignoring security advice, failure to understand the rules, and other problems.

If a university has a separate mail stream (server IPs or DKIM signatures) for mail sent by staff members, that would generally be eligible for the Whitelist.

What is "transactional email"?
Transactional email, also called relationship email, fits into a narrow category of business-to-client messages that:
  1. Facilitate or confirm a commercial transaction that the recipient already has agreed to;

  2. Gives warranty, recall, safety, or security information about a product or service the recipient has obtained;

  3. Gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;

  4. Provides information about an employment relationship or employee benefits;

  5. Delivers goods or services as part of a transaction that the recipient already has agreed to.
Another way to state this would be email directly related to a specific action by the recipient, or reporting the status of an account set up by the recipient. Typical examples would be order acknowledgements and bank account statements.

What if the message combines commercial with transactional content?

It can be common for email sent by businesses to mix commercial content and transactional or relationship content. When an email contains both kinds of content, the primary purpose of the message is the deciding factor.

How to make that determination? If a recipient reasonably interpreting the subject line would likely conclude that the message contains an advertisement or promotion for a commercial product or service or if the message's transactional or relationship content does not appear mainly at the beginning of the message, the primary purpose of the message is commercial, not transactional.

When a message contains both kinds of content - commercial and transactional - if the subject line would lead the recipient to think it's a commercial message, it's a commercial message. Similarly, if the majority of the transactional part of the message doesn't appear at the beginning, it's a commercial message, not transactional.


Can an organization that sends both transactions and bulk mail apply for the Spamhaus Whitelist?
Since transactions are eligible for the Spamhaus Whitelist and bulk mail is not, an organization must separate its mail streams. That is, for an IP address to be eligible for the Whitelist, it must send only transactional mail, and for a DKIM signature to be eligible, it must sign only transactional mail.

Are invitations to a social network eligible for the Spamhaus Whitelist?
Since they are neither mail from staff nor transactions, of course they are not.

What differentiates the Spamhaus Whitelist from other Whitelists?

The concept and policy of the Spamhaus Whitelist is radically different to that of existing whitelists. The system is based on a policy of "Know Your User" and is a true whitelist, it does not contain mail servers used by third parties or bulk senders.

Spamhaus has approached the issue of whitelisting from the perspective of the receiver by asking what a listing on a whitelist should actually mean. To recipients, it should mean the sending server is trusted to never deliver spam. Clearly, we can trust certain mail servers, such as those of a major bank or airline, but how can we be sure that the customer outbound mail servers of a major ISP will not deliver spam? We can't, since spammers can sign up with an ISP at any moment, therefore we can not whitelist them.

The only way we can trust a server is where the server owner knows all of the server's users, thus the Spamhaus Whitelist is based on "Know Your User". Spamhaus Whitelist account holders must personally know or employ each sender that uses a whitelisted resource.

This rule automatically excludes from whitelisting all Email Service Providers, all ISP customer mail relays, and all mail servers used by third-parties. Note: For these generic mail servers Spamhaus has a separate list, not yet released, called the Mail Servers Register (MSR) a list of all known legitimate mail servers.

Following the concept of "Know Your User", the Spamhaus Whitelist is designed for transactional email such as from ecommerce systems, banks, automated billing and travel booking systems, and important mail such as from medical centers, known corporations, organizations and government agencies.

Of the existing whitelists (as at 2010) some exist to certify 'good' bulk email marketers to help improve email marketing delivery rates, some list ISP customer relays and ESP outbounds from which an amount of spam will always flow, some whitelist any sender that pays a registration fee regardless of reputation, and one or two bad examples exist simply as a means to monetize removals from the whitelist owner's blacklist.

Current whitelists suffer from a catch-22 usage problem; they are used by only a very small fraction of internet mail servers meaning that the benefit to senders of being on the whitelist is extremely slim, if not non-existent. What is the point of being on a whitelist if hardly anyone uses it? Spamhaus by contrast, with its DNSBLs already installed on over three quarters of the internet's mail servers, benefits from an existing userbase that can immediately begin to use the Spamhaus Whitelist.


What is the projected reach of the Spamhaus Whitelist?
Spamhaus DNSBLs are currently in use at an estimated 75% of internet networks worldwide. In addition to ISPs and corporate mail-servers, almost all of the major free email providers use the Spamhaus DNSBLs. From its own Datafeed service data Spamhaus knows the number of Internet users behind each Datafeed account and currently these total in excess of 1.4-billion Internet email users.

There is no charge for using the Spamhaus Whitelist. The Spamhaus Whitelist is made available free to the public and the existing Spamhaus userbase, and is included at no extra charge in Spamhaus's Datafeed service.

With a 10-year track record of supplying trusted data and a highly experienced team in place to run the whitelist service, Spamhaus assures its users that the quality of the whitelisted data will be without parallel. As its purpose is to substantially improve email flow, eliminate poor filtering decisions and thus improve email service for senders and receivers alike, there is no reason not to implement the Spamhaus whitelist. The only delays in implementation will be the time it takes older email software to support it and postmasters to implement it.

Spamhaus expects that within one year over half of the networks that currently use Spamhaus Blocklists will have implemented the Spamhaus Whitelist on their incoming mail-servers and expects the remainder to have implemented it within two years.

The Spamhaus Whitelist Company
The Spamhaus Whitelist Company Ltd. is the company that has developed the Spamhaus Whitelist and its policies, and manages the whitelist system. While the Spamhaus Project is the publisher to the public of the whitelist data, the Spamhaus Whitelist Company is the generator and supplier of the data.

To maintain the self-governance and integrity of the Spamhaus Project's blocklist operations, The Spamhaus Whitelist Company Ltd. and The Spamhaus Project Ltd. are entirely separate independent organizations. More information on the The Spamhaus Whitelist Company is at Company Info.



Copyright © 2010 The Spamhaus Whitelist Company
Company Info   |   Contacts   |   Legal Notices   |   Privacy