
Ask HN: Why isn't whitelist only email used more often or even the standard? - stuntkite
I plan to be Google and Apple free by the end of the year. I&#x27;ve been migrating my personal email over to Protonmail, which I feel is the best service option. The main reason to use a service is preventing spam. Obviously not getting your emails dumped as spam is important too, but that can be solved by anyone with a static IP.<p>I&#x27;ve been thinking about whitelist only email for personal though. Why isn&#x27;t that more of a thing? You can definitely do it with existing services, but this could already be a standard and hosted independently.<p>You could give people a portal where they can make a request to send you emails and you can approve it and revoke that approval at any time. You can generate keys for people so they&#x27;ll be whitelisted when they&#x27;ve signed up. You could even print those on business cards and tie their usage to events. You could use that to provide a more complete identity for contact. Chats, currency wallets, feeds of information you&#x27;re publishing, but you&#x27;d never have to deal with an open connection to stuff you did not want.<p>When I search the problem it appears as if this idea doesn&#x27;t have any traction anywhere. I had my own email server on Slicehost in like 2001 and haven&#x27;t messed with operating my own since GHA came online. I am not an expert in this area. What am I missing?
======
hwkeye
I'm a developer and I want to build a Whitelist Only Email service.

The idea is changing how emails should work. When you want to message someone
on social media, you have to first add them as a friend, so there is a
whitelist-only approach in that regard. Emails should be like that in a way.

When you signup for a service, Facebook for example, you go into this email
service and whitelist the *.facebook.com domain, so all emails from Facebook
will go through your inbox.

If your email address ends up in the hands of the bad guys, they can't spam
you or send you phishing emails since they are not on your whitelist.

Seems like a reasonable solution. I don't know why there is no service like
this yet.

I'm still doing some market research hence why I stumbled upon this thread.

Anyone, please jump in and give me a reason to stop making this email service
a reality.

------
stephenr
If I have to go to a web page to request access to email you, I'm just not
going to email you. That's the part you're missing.

You're asking people to jump through extra hoops to help you.

~~~
stuntkite
Then don't email me. I understand that's what I'm asking. That approval
process could be built into how we email each other and be very simple and
smooth.

~~~
stephenr
I think there are better solutions to what you want to achieve.

If S/MIME certs were more readily available you could just spam-filter mail
that isn't signed, and use the signer's details to better flag spam
automatically.

~~~
stuntkite
Interesting.

Why I made this post is to figure out a better solution to what I want to
achieve. You proposition here doesn't look like it solves it, but I didn't
know about it before. I'll dig into it. If you have any further thoughts, I'd
love to hear them.

------
jrnichols
I vaguely recall seeing something like this on the postfix users list ages
ago. you can already do something similar (way less automated, though) with
postfix's sender_access map.

as for why it's not a thing.. I think it's too many steps for the masses. you
can do it on your own server like I mentioned, though. but on a smaller scale,
sure. go for it.

------
zero_by_divide
Reading your post reminded me of this link (found on HN last month):
[http://blog.nawaz.org/posts/2018/Sep/solving-my-email-
proble...](http://blog.nawaz.org/posts/2018/Sep/solving-my-email-problem/)

~~~
stuntkite
This is great! Thanks so much for sharing it!

------
cimmanom
Pretty sure I’ve seen a system like this in action. People sign up for our
service; we send them a receipt (and for many of them, the cost is tax
deductible); and it bounces with a message that we have to click on a link to
enable it to go through. (For a number of reasons, we don’t. And most
companies send stuff like that from a black hole no-reply address anyway.)

Good luck when your bank tries to contact you about something important but
the email bounces.

