DNSWL

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A DNSWL ("DNS-based whitelist") is a "whitelist" of semi-trusted locations on the Internet. The locations consist of IP addresses which may be reputed with no or low occurrences of spamming.

Generic need for whitelisting[edit]

Natural language understanding is not a mature field. Common computer processes used for spam filtering apply heuristics to avoid presenting too many useless messages to email recipients. This has the severe impact of reducing SMTP reliability[note 1] by creating false positives; i.e., silently dropping legitimate messages. Whitelists tackle the task of vouching for a sender, which implies identifying an accountable party that the sender belongs to.

DNS whitelisting can also be applied to web traffic when doing incident response or network forensics, since it helps the analyst to tell malicious domains apart from "normal" web surfing.[1] It is, however, not recommended to actively block web traffic not on the whitelist, since this would cause even legit web surfing to be blocked.

For IPv6, blacklisting is not a realistic option, because of the greatly increased addresses. So whitelisting can be used to reduce a huge address space to a set of manageable size: first build a global whitelist of IPv6 registered senders, and second blacklist within that. By accepting all authentic sender registration request, it is at least possible to eliminate spambots.[2]

See also[edit]

Notes[edit]

  1. ^ See Bounce message for a discussion about delivery errors, and backscatter (e-mail) for why they cannot always be noticed to the sender.

References[edit]

  1. ^ "DNS whitelisting in NetworkMiner, NETRESEC Network Security Blog". Netresec.com. 2013-10-02. Retrieved 2013-10-03.
  2. ^ Paul Vixie (7 June 2011). "Two Stage Filtering for IPv6 Electronic Mail". CircleID. Retrieved 17 June 2011.