Accuracy: The numeric internet source ‘IP’ address of an email sender is not only the first thing email servers get– it’s nearly impossible to ‘fake’. And, as it’s from a large organization it’s also likely to be well guarded and among the most reliable.

Speed: Checking a numeric internet IP address against a stored ‘high confidence’ list is nearly instant, since email servers have everything necessary to do it built in– no time lost or bandwidth consumed doing external checks. And, as most email people actually want is most often sent via our largest and accredited organizations, ‘clearing likely good email’ nearly instantly using the fewest CPU and internet bandwidth resources is ‘a very good thing’. One of the most effective spam deterrents forces unknown or first time senders to retry sending an email after an imposed delay of several minutes, often hours– causing all first time senders to a new address — even by our largest or accredited companies — to experience a delay unless they either use such as our list, or just let spam through and hope analyzing the text might catch some of it. With our list there’s no need for such delays as only known senders appear.

Confidentiality: Alternative ‘spam checking’ schemes almost always give third parties information about who is sending your users how much and how often. This is a consequence of the many internet transactions involved among domain registrars and others required to ‘validate’ an email sender isn’t spam. As our lists are compact and entirely contained on each email server– information about who is sending your staff how much information and when isn’t leaked out during the ‘spam checking process’. Confidential information like that can be kept only inside your business since all the major approved email sender addresses are entirely contained within your building, no external checks need occur that give away from whom and how often your staff is getting mail.

Curated: The official numeric addresses our largest organizations use to send email starts with each one, one by one, advertising in a technical fashion on their company website how email recipients should validate the mail they send. Each might use some or all of many technical industry standards such as ‘SPF’ and ‘DNS/DNSSEC’ and ‘DMARC’ and others. While many organizations hire out email technology to third parties, and others handle it internally– if they want to send email at all, they must adhere to at least some industry standards to let the public know who it is they use to send email out under their name. The RSS Whitelist system chases all that down to the numeric detail, then removes duplicates (as many organizations hire the same third parties to handle email). While no system can prevent all unwanted email, users of our lists can at least know the sending organization is in fact the source of the email, that there is ‘a real person there’ who is responsible to handle abuse complaints, that there is ‘a real organization there’ that bears accountability for what it sends and to whom.

• If you are a subscriber and want your firm’s name added to the list: send an email to whitelistadmin@rockstablesystems.com with a link showing Better Business Bureau accreditation for 3 or more years and a BBB rating of B+ or higher with website address, and a link to a state or federal government website listing the same company name and address as provided by the BBB. We will include policies for other countries as we add subject matter experts who reside therein.

Updated: The RSS Whitelist system checks the world’s most trusted email sources every three days, to catch changes and updates. If an address is on our list, it certainly was an official email source within the last three days. If an address isn’t on our list, the email could possibly be legitimate and worthy of the more traditional inspection methods — though it takes more time and uses resources to check: at least because of our lists the need to check happens dramatically less often, so reducing the number of these slower checks. Most email source numeric addresses remain stable over a period of months.

Compatible: The RSS Whitelists come in three versions, IP version 4 only, IP version 6 only, and combined IP4/6. The format is compatible with the most common programs that handle email today including ‘postfix’, ‘sqlgrey’ and almost all others. They are text files, with one IP network specification per line. The first line begins with # and is a comment, usually the date the list was created and the subscriber name and copyright notice. We provide some test files for you, each containing a few lines that were at some point in the past valid. The information in these example test files is not to be used for any production purpose as not only are they out of date, each is very short, very incomplete.

General installation instructions and also some specific per-mail-system integration instructions are available in the next section. To look at the sample files now, try:

For ‘plain’ files, one validated network per line (for example, sqlgrey) : Click here for a sample of combined ip4/ip6 valid email sender addresses. Click here for a sample of just ip4 addresses. Click here for a sample of just ip6 addresses.

For ‘posfix cidr’ format files: Click here for a sample of combined ip4/ip6 valid email sender addresses. Click here for a sample of just ip4 addresses. Click here for a sample of just ip6 addresses.

Accountable: If an email comes from a source on our lists, that’s proof that a very large organization trusted that email source with its communications tasks. As some organizations hire out their email sending task, it’s possible the third party company hired by a bigger firm has other clients with less good judgement among its customers who abuse the email system. You can trust our larger organizations are aware of this and do not tolerate misdoing of that sort for very long and in response change their approved numeric address– and those changes appear in our lists within three days of their change. Subscriber Benefits: If you are a subscriber, and you question which organization(s) caused an address block to be included on our list, we will provide that answer in response to your email. Also, as a subscriber benefit, we can tell you what other organizations on our list use the same numeric address your organization uses.

Affordable: Rates are annual, billed quarterly in advance, based on the greater of company size or revenue according to the table below. Subscribers are licensed to use the list internally only, neither resell nor sub-license all or nor any part of it, and accept the obligation to treat it as company confidential. This is a business to business product, available only to active organizations and businesses.

Delivery Details: A username and password and links to the files will be sent to the email address you provide in the subscription process.

If you are using the Modoba package, visit this installation guide.

Otherwise, the general instructions are:

Decide whether you want both ip version 4 and 6 addresses and separately or in one file, then a command like this will download it:

wget -NP /path_to/local/directory --user=username --password=password https://whitelistfiles.rockstablesystems.com/subscribersonly/ip_whitelist

Or equivalent for just ip version 4 addresses, as in:

curl -X GET "https://whitelistfiles.rockstablesystems.com/subscribersonly/ip4_whitelist" --user username:password > /tmp/myfile

or for just ip6 addresses:

curl -X GET "https://whitelistfiles.rockstablesystems.com/subscribersonly/ip6_whitelist" --user username:password > /tmp/myfile

Subscribers can browse the latest files and previous versions at any time, after entering their credentials by visiting https://whitelistfiles.rockstablesystems.com/subscibersonly/ In order to catch the latest changes, these files are updated every three days. Most users most users will find a weekly job to update their local whitelist file is sufficient. Note: In the subscriber directory you will find files including ‘cidr_ok’ in the name, these are formatted in postfix cidr: database format. The ‘plain’ files, one network per line, are usable by such as sqlgrey.

It is possible to avoid the complexity of sqlgrey in postfix but still use the whitelist. To do that, in the configuration section ‘smtpd_recipient_restrictions =’… after the line ‘reject_unauth_destination,’ add something like:
check_client_access cidr:/etc/postfix/ip_whitelist_cidr_ok

Sample files are available to the public, the full files are just as the samples in every aspect except length. Here are links to the latest samples:

For ‘plain’ files, one validated network per line (for example, sqlgrey) : Click here for a sample of combined ip4/ip6 valid email sender addresses. Click here for a sample of just ip4 addresses. Click here for a sample of just ip6 addresses.

For ‘posfix cidr’ format files: Click here for a sample of combined ip4/ip6 valid email sender addresses. Click here for a sample of just ip4 addresses. Click here for a sample of just ip6 addresses.

You can see the history of the sample files, including those formatted in postfix cidr: format, by browsing at this link: https://whitelistfiles.rockstablesystems.com

If you’re looking for a proven way to add this capability to your inbound email server, consider using the open source package ‘sqlgrey’.

This service is provided by Rock Stable Systems, a d/b/a of Quiet Fountain LLC, in business since 2008. Click here to learn about Rock Stable Systems. For details about Quiet Fountain’s CEO, click here.