We defined whitelists and blacklists in a previous article, but let's dig into them a little bit.
Starting from a user perspective, whatever email client you have, you probably have the ability to create whitelists and blacklists. Should you bother? Well, in our opinion, yes and no.
Blacklists indicate domains that you just don't want to receive email from. Typical email clients have the ability to just click on an icon, and the sender will automatically be added to your personal blacklist. The problem with this is that the sender's address is often spoofed. So if you blacklist the domain because of spam, and then the real owner of the email domain tries to send you legitimate email, you won't get it! So, in our opinion, adding domains to your personal blacklist is usually a waste of time, and may cause you trouble in the long run. We know of one company that had online support, and one of their new support persons blacklisted all spam received. Unfortunately, some of the spam messages spoofed the company's own domain, and this person inadvertently blacklisted his own company's email! Don't let this happen to you - save your time, and skip the personal blacklists.
Whitelists indicate domains that you always want to receive email from. Spam is such a hot topic these days, that email providers are really tightening their filters, in an attempt to eliminate as much spam as possible. This means that it's quite common now for legitimate email to get blocked as spam. So, in our opinion, personal whitelists are more important than ever - use them, and be sure to add the domains of all your service providers!
Third-party blacklists are a different story altogether. They blacklist addresses of probable spammers. As such, they may be useful. Most spam filtering products give you the option of filtering out email that is from blacklisted addresses within the major third-party blacklists. So there you have it - from the user's perspective, our recommendation for email filtering is to:
Use personal whitelists
Use reputable third-party blacklists
Don't use personal blacklists