Evil Home Stereo

Justin wrote a short note about the Web-o-Trust already more than a month ago, but I just recently found some time to work up the mail of several mailinglists I’m subscribed to.

One side effect of our well beloved spam problem is that more often than never mailserver of innocent people end on some blacklists. We don’t really have any working whitelists to compensate that. (Except maybe Bonded Sender.) It’s almost impossible for a single person or group to maintain a reliable list of “good” mail servers; they’d have to check all submissions and complaints for fakes. A daunting task for somebody who doesn’t even know the people who use the lists.

But wait… I know that my mail server isn’t used for spamming. A friend of mine knows that his mail servers are “good”, too. And I know him. I also know a few other people who administer their mail server and they know others and so on… Doesn’t this sound familiar? Yeah, the web of trust already worked pretty good for PGP. Why not apply this for mail servers?

The Web-o-Trust solution is simple: You publish a plain text file somewhere on your webspace (normally in the root directory, called web-o-trust.txt but as the format looks like YAML, I prefer the name web-o-trust.yml). That file lists a bunch of IP addresses of servers you use and pointers to other people you trust. That’s all you’ve got to do. (But one thing is very important here: Cool URIs don’t change.)

Now you’ve got to wait till your favorite anti-spam solution supports some Web-o-Trust powered whitelist. I hope that I’ll find the time to hack this into SpamAssassin for 2.70 (or maybe Justin has already done so, I’ve still got a month worth of unread commits to catch up).