Blacklists and Whitelists and Deliverability, Oh My!

I’d like to take this opportunity to thank ClickZ for inviting me to write for you and tell you a little bit about myself. I’m an attorney (but please don’t hold that against me), the president and CEO of the Institute for Spam and Internet Public Policy (ISIPP), and a professor at Lincoln Law School of San Jose, where I teach Spam and the Law.

In past lives, I’ve been director of legal affairs for Mail Abuse Prevention Systems (MAPS), developers of the first anti-spam blacklist, and an original founder of Habeas, where we developed one of the first email deliverability whitelists. Having been on both sides of the equation, I now find myself squarely in the middle, equally addressing issues of email deliverability and spam, advising policy makers and lawmakers about both, and mediating for the email sending and receiving communities. I’ve been teasingly called the “yenta of email deliverability.”

With that introduction, let me tell you everything you always wanted to know about blacklists and whitelists but didn’t know who to ask.

When a sending mail server connects to a receiving mail server, that receiving server notes the sending server’s IP address before it accepts any email from the sending server. This is not unlike asking to see a repairman’s identification after he’s rung the doorbell but before letting him in the door.

After identifying the sending server’s IP address and before any email is transmitted, the receiving server can query any blacklists (also known as “blocklists”) or whitelists currently available, such as the MAPS Realtime Blackhole List (RBL), Spamhaus, Bonded Sender, or Habeas, to determine if that IP address is present on the list.

Armed with the listing information, the receiving system can then choose to accept the email or reject it by refusing the email transmission and terminating the connection.

E-mail coming from servers with blacklisted IP addresses tends to get rejected. E-mail from servers with whitelisted IP addresses tends to get accepted and delivered.


There was a time when a listing on the MAPS RBL would strike fear and loathing in the hearts of email marketers. Being blocklisted meant lost revenue and a sullied reputation. But then something happened: As more blocklists sprang up, with many of the newer generation more radical than their predecessors, blocklists started to lose their teeth. ISPs started to find blocklists, especially the less responsibly maintained ones, could (and did) lead to false positives. Relying on them could (and did) lead to failure to deliver email their users actually wanted.

Meanwhile, email marketers began to realize permission-based email marketing was the way to go. Ethical email marketers were less likely to end up on well-maintained blocklists. And, ISPs were beginning to disregard the less well-maintained lists.

As a result of this tandem paradigm shift, many email marketers now regard a blocklist listing as simply a cost of doing business. Being blacklisted is no longer a dirty little secret. It’s OK, it happens to everyone. Similarly, ISPs no longer take a blocklist listing as conclusive evidence an email marketing firm is in league with Satan. (Both still hate lawyers, however.)


Listing an IP address on an email whitelist is the functional equivalent of “you should accept email from this IP address without reservation.” And mostly, that’s exactly what happens. That’s because to get on one of the whitelists presently offered, the email marketer must either put up a financial guarantee as to the cleanliness of its email lists or contractually obligate itself to send only email that meets the whitelist’s requirements.

The only commercial whitelists offered today are Bonded Sender and the Habeas Users List (HUL). ISIPP’s Accreditation Database (IADB) may also be used as a whitelist.

Something to note regarding both blacklists and whitelists: Very few large ISPs still use them on a wholesale basis. If they use these lists at all, it’s in an advisory capacity, in conjunction with other available information. The one glaring exception to this rule is Microsoft. The company recently announced it will start allowing senders listed on the Bonded Sender whitelist to have an e-ticket to Hotmail inboxes. Also, many ISPs, notably AOL and Yahoo, maintain their own internal whitelists.

On the other hand, lots of small-to-midsized ISPs and spam filtering programs let both blacklists and whitelists dictate their email acceptance decisions. For that reason alone, it’s important to know how to avoid being listed where you don’t want to be and what to do if you are.

That’s exactly what we’ll talk about in the next column.

Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.

Nominations are open for the 2004 ClickZ Marketing Excellence Awards.

Related reading