We are evaluating the option to allow end users to add their "buddies" to a separate, database-based, whitelist. This would allow users to whitelist their friends without having to go thru the helpdesk or the sysadmins or their provider.

This whitelist would only allow individual emails to be whitelisted, there would not be any wildcard allowed, and there would possibly be a limit per user of how many entries can be added.

If anyone has any opinions, objections, suggestions, please let us know as we'd like to hear them.

Roberto F.
LogSat Software

Good idea (tracking the user who added the entry), didn't think about that, but will definetly include it.

Yes - the plan was to modify the web interface so that users would have a link for each email to add that sender to their buddy list. That whitelist would be a separate new table in the database.

Roberto F.
LogSat Software

We do this already...   We have this tied into our mailserver users table.  It then is linked to their buddylist.  So when the customer leaves our service for what ever reason the buddy lists will not be inserted into the whitelist txt file that SF loads.  But If you add this feature in realtime this would be great.

Dan B

I've got a solution already in place at most of my customers using a web page to allow them to add buddies to their whitelist.

The page is a simple form that takes one field, a text field, that is the buddy's email to add. When submitted the white list is opened and the text field is appended. Simple and sweet.  

I bet your solution works better than this so I say let's make it happen. My solution is just plain ol' web stuff. Not database driven or anything.

bill

You should add a way to check for duplication when users submit their whitelist entries.

When you have many people who work for the same company and/or associate with many of the same people, you will likely end up with some entering some of the same people and the database can grow uneccessarily large with dupes.

Roberto -

Would this whitelist be specific to the person receiving the message?  I ask, because I can see  user 'A'  whitelisting a mailing list that user 'B' considers  SPAM.  This would cause many headaches within some organizations.

-Ric

I have a similar solution in place, except I have it as a button in the quarantine listing so the sender can be appended to the whitelist with a mouseclick (without having to re-type the address). 

The only flaw has been the occasional newsletter that is sent by a mailing service that uses a different From address each time (such as a different number string in the header From).  Additionally I guess making it too easy will tend to make the list grow much faster as users may use less discretion as to who they add.

We'd be making it "global", active for all users. We'd think it will do more good than harm, possibly whitelisting mailing lists (ex Microsoft security list) once but having all users benefit from it. Furthermore it would be much more cumbersome to implement it otherwise :)

Roberto F.
LogSat Software

Weird. I was just thinking about the same thing, but backwards. What about blacklisting? and having the option to automatically deleted messages for the customer as well?

Well, I'm no master programmer...lol...I wish I could write PHP code the likes of some of the other guys on here...lol   What I did was bulky and ugly...but it works. 

It's actually quite simple using standard web forms that save the submissions to a plain text file.  There were generated in Frontpage but I figured I would post the HTML so you will see what options I set up.  These options are required for the text file to be as simple as possible, not included field names, etc.

<form method="POST" action="../_derived/nortbots.htm" webbot-action="--WEBBOT-SELF--" onSubmit="location.href='../_derived/nortbots.htm';return false;" webbot-onSubmit>
  <!--webbot bot="SaveResults" u-file="../_private/addfrom.txt" s-format="TEXT/PRE" s-label-fields="FALSE" b-reverse-chronology="FALSE" s-builtin-fields s-form-fields="email " startspan --><input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><!--webbot bot="SaveResults" endspan i-checksum="43374" --><p align="center">
  <b>White List From Address</b><br>
  (Please enter one email address per line with no other text)</p>
  <p align="center">Your request will be automatically processed within 15
  minutes.<br>
  <b>Email Addresses:</b><br>
  <textarea rows="6" name="email" cols="30"></textarea><br>
  <br>
  <br>
  <input type="submit" value="Submit" name="B1"></p>
</form>
<p align="center">

<p align="center">

<p align="center">

<form method="POST" action="../_derived/nortbots.htm" webbot-action="--WEBBOT-SELF--" onSubmit="location.href='../_derived/nortbots.htm';return false;" webbot-onSubmit>
  <!--webbot bot="SaveResults" u-file="../_private/domainfrom.txt" s-format="TEXT/PRE" s-label-fields="FALSE" b-reverse-chronology="FALSE" s-builtin-fields startspan --><input TYPE="hidden" NAME="VTI-GROUP" VALUE="1"><!--webbot bot="SaveResults" endspan i-checksum="43406" --><p align="center">
  <b>White List From Domains</b></p>
  <p align="left">Please enter one domain per line with no other text (i.e.
  yourdomain.com).&nbsp; Do not white list ISP or free email domains as this can
  seriously undermine the functionality of the spam filter.&nbsp; This white
  list is intended for VIP domains that our clients do a lot of business
  communications with, such as vendors and clients who maintain their own
  corporate domain names.</p>
  <p align="center">Your request will be automatically processed within 15
  minutes.<br>
  <b>Domain Name:<br>
  <textarea rows="5" name="domain" cols="31"></textarea></b></p>
  <p align="center"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
</form>

Here's the batch file that runs every 15 minutes on the server:

@echo off
copy addfrom.txt addnew.txt /y
copy addfrom.bak addfrom.txt /y
type addnew.txt | find "@" >> file://\\unimatrix0\blacklist\exclfrom.txt" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - \\unimatrix0\blacklist\exclfrom.txt
copy domainfrom.txt adddomain.txt /y
copy domainfrom.bak domainfrom.txt /y
type adddomain.txt | find "." >> file://\\unimatrix0\blacklist\excldom" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - \\unimatrix0\blacklist\excldom
copy adddomblack.txt addnewdomblk.txt /y
copy domblackbak.txt adddomblack.txt /y
type addnewdomblk.txt | find "." >> file://\\unimatrix0\blacklist\domains.txt" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - \\unimatrix0\blacklist\domains.txt
type addnewdomblk.txt | find "." >> file://\\unimatrix0\blacklist\keywords.txt" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - \\unimatrix0\blacklist\keywords.txt

Note the >> symbol means append output

I have my black/white list folder shared for this script...among other reasons.
When someone submits a white list entry for an email address for example, the submission is appended into a text file on the web server called addrom.txt.  The batch file is set to run every 15 minutes.  It copies the contents of addfrom.txt to a work file called addnew.txt.  The *.bak files are simply blank txt files to clear the past appended submissions since the last time the batch file ran.  The past submissions are then ran through a find filter that searches for all lines containing the @ symbol which will be valid email addresses.  It is stressed to the user that these must be typed in carefully and we only allow admins/office managers access to this form through a secured link that requires authentication.

Another note...I've only got the email white list and domain white list submissions working so far....the blacklist stuff in the batch file doesn't do anything yet because I haven't come up with a way to utilize find to filter out what is needed....or I just haven't taken the time yet to set up the forms...don't remember which...lol

Let me know if you're able to add to this or someone jumps in and throws together a PHP script or something that makes this look like childs play...lol