Ask HN: Why isn't whitelist only email used more often or even the standard?
I've been thinking about whitelist only email for personal though. Why isn't that more of a thing? You can definitely do it with existing services, but this could already be a standard and hosted independently.
You could give people a portal where they can make a request to send you emails and you can approve it and revoke that approval at any time. You can generate keys for people so they'll be whitelisted when they've signed up. You could even print those on business cards and tie their usage to events. You could use that to provide a more complete identity for contact. Chats, currency wallets, feeds of information you're publishing, but you'd never have to deal with an open connection to stuff you did not want.
When I search the problem it appears as if this idea doesn't have any traction anywhere. I had my own email server on Slicehost in like 2001 and haven't messed with operating my own since GHA came online. I am not an expert in this area. What am I missing?
13 comments
[ 5.1 ms ] story [ 49.3 ms ] threadYou're asking people to jump through extra hoops to help you.
If S/MIME certs were more readily available you could just spam-filter mail that isn't signed, and use the signer's details to better flag spam automatically.
Why I made this post is to figure out a better solution to what I want to achieve. You proposition here doesn't look like it solves it, but I didn't know about it before. I'll dig into it. If you have any further thoughts, I'd love to hear them.
Edit: or maybe that’s what you meant?
as for why it's not a thing.. I think it's too many steps for the masses. you can do it on your own server like I mentioned, though. but on a smaller scale, sure. go for it.
Good luck when your bank tries to contact you about something important but the email bounces.
The idea is changing how emails should work. When you want to message someone on social media, you have to first add them as a friend, so there is a whitelist-only approach in that regard. Emails should be like that in a way.
When you signup for a service, Facebook for example, you go into this email service and whitelist the *.facebook.com domain, so all emails from Facebook will go through your inbox.
If your email address ends up in the hands of the bad guys, they can't spam you or send you phishing emails since they are not on your whitelist.
Seems like a reasonable solution. I don't know why there is no service like this yet.
I'm still doing some market research hence why I stumbled upon this thread.
Anyone, please jump in and give me a reason to stop making this email service a reality.