exclude lists

With shades of Big Brother, the Exclude List approach relies on identifying email addresses from which spam messages have been sent and then blocking all further messages from that address. There are several Exclude Lists maintained by anti-spam organisations. These Lists are then used by spam-blocking software and services at either the mail server or individual PC level to block messages from addresses on the List. That is, any email sent from an address on an Exclude List will be trashed either by your ISP before it reaches its mail servers, or by software that you might install on your PC.

The idea sounds fine but, as usual, the devil's in the detail: spammers generally don't use exactly the same email address repeatedly. This has resulted in Exclude List managers listing whole domains on their lists (for example, everyone who uses a particular ISP or studies at a particular university). This means that if an ISP's domain is placed on to an Exclude List because someone despatched spam messages from that ISP's mail server, everyone – all that ISP's customers – would be tarred with the same brush and would be effectively placed on the Exclude List. These customers would then be unable to send email messages to anyone relying on that Exclude List to reject spam.

This approach is obviously heavy handed and basically unfair on users of an ISP that has been used by spammers to transmit spam messages. It's arguable that the ISP should be more vigilant in determining whom it permits access to its mail servers, but we believe that it's unreasonable to punish all customers of an ISP for that ISP's shortcomings.

There's another issue too: it doesn't work very well. Spammers can easily fake their source email address and circumvent the Exclude List approach.