Whitelisting is dead

A decade or so ago I was offering whitelisting services to clients. It was pretty simple. I’d collect a bunch of information and do an audit on the customer’s sending. They’d get a report back identifying any issues that would limit their chances at acceptance. Then I’d go and fill in the forms on behalf of the client. Simple enough work, and it made clients feel better knowing their mail was whitelisted at the various ISPs.
When email filters were less complex and more binary, whitelists were a great way for receivers to identify which senders were willing to stand up and be held accountable for their mail. Over time, whitelists became much less useful. Filtering technology progressed. Manual whitelisting wasn’t necessary for ISPs to sort out good mail from bad.
The era of whitelisting is over.
In fact, three of the major whitelist providing ISPs were AOL, Yahoo, and Verizon; all three are now a part of OATH. The Verizon whitelist page now redirects to postmaster.aol.com. New requests to signup for the AOL whitelist are rejected with the message that AOL whitelisting is no longer available or necessary. Yahoo has a “new IP review” form rather than a whitelisting form.
Whitelisting is dead.
Even the various certification and whitelisting services have mostly gone away. Both Habeas and Goodmail failed to achieve a profitable exit event. Of course, Return Path is still around, but they have built a platform of tools and services unrelated to whitelisting or certification.
Now senders are going to have to focus on sending mail that people ask for and want in order to make it to the inbox.
 

Another day another dead blacklist
List the world!

Related Posts

AOL MX Change update

The AOL postmaster team posted some information about the upcoming MX transition on their blog.

Read More

OATH and Microsoft updates

I’ve seen multiple people asking questions about what’s going to happen with the Yahoo and AOL FBLs after the transition to the new Oath infrastructure. The most current information we have says that the AOL FBL (IP based) is going away. This FBL is handled by the AOL infrastructure. As AOL users are moved to the new infrastructure any complaints based on their actions will come through the Yahoo complaint feedback loop (CFL). The Yahoo CFL is domain based. Anyone who has not signed up for the Yahoo CFL should do so.
When registering you will need each domain and the selectors you’re planning on using. Yahoo will send an email with a confirmation link that needs to be clicked on within a short period of time in order to activate the FBL.
Microsoft’s SNDS program had an outage at the end of last week. That’s been fixed, but the missing data will not be back populated into the system. This has happened a couple times in the past. It seems the system gets a live feed of data. If, for some reason, the data is interrupted, then it’s gone and doesn’t get populated.

Read More

More on AOL transition to Oath Infrastructure

AOL posted on their blog today about changes to DMARC reporting and FBL messages as they continue to transition domains to the OATH infrastructure. As AOL domains go to the new infrastructure, DMARC reports for those domains will be included in the existing Yahoo DMARC reports.
After the MX migration is done, they’ll start migrating the actual user mailboxes. Right now, FBL messages for AOL properties are coming from AOL and will continue to do so until the actual mailbox is transitioned to the new infrastructure. Once the mailbox is transitioned, then any FBL emails from that address will come from the Yahoo infrastructure. The blog post at AOL suggests signing up for both AOL and Yahoo FBLs during this transition phase.
It does bring up an interesting question as to whether or not the combined FBL is going to be IP based, DKIM based or a mix of both. It sounds like at least during some part of the consolidation there will be a DKIM only FBL. It could be that there will be some expansion to an IP system in the future. Or, it could be that all FBLs from AOL addresses will be based on DKIM domain.

Read More