Whitelisting Hogwash & Unique Solution?

I am sick of seeing all the opt-in pages telling me to add what is often a noreply email address to my contact list, or almost as bad is adding a real address to my contact list for someone I don’t really class as a contact.

This is how I handle “whitelisting” (example for Gmail)

It works for now, and if the spammers work around it, I will just make it a little more specific by using specific information within the headers, or part of the unsubscription notification.

Proprietary Concept: Unique key to prevent spam filtering
To be quite honest, a service like Aweber or Getresponse should be able to add a unique key that is specific to my email address, such as using a base64 encoding with a seed, that would make it impossible for a spammer to replicate, and a 100% guaranteed way I could whitelist all emails they send me forever.
I am licensing my whitelisting key solution under GNU FDL so if anyone tries to patent this idea they get to fight the legal battle.

The following is an example for Aweber mailing lists, but you can do the same for Getresponse, iContact, Feedblitz, Mailchimp etc.

Don’t listen to any service that thinks their delivery rate is so good that you don’t need to whitelist in some way.

This filter method has pulled over 100 emails out of the spam folder of Gmail for me in the last week.


After you have this set up, any emails that might otherwise have gone to spam will have this at the top


I won’t say no to free unlimited email services for solving your delivery problems forever

This example is based around Gmail, but I am sure other services have a way to create filters to prevent things going in spam that override other things.

If all email you asked for made it into your email box, would you have time to read it?

Liked this post? Follow this blog to get more. Follow


  1. says

    Great, I really should try this. Because I always receive many spam in my Gmail. I have no choice to delete manually. I really hate them.
    Thanks for sharing your experience, it will help me a lot :).

  2. says

    This isn't intended as a guide to reduce the number of spam emails, but rather to prevent emails you signed up for going in the spam though filters can be created for spam as well, they are rarely required.

    If you signed up for a mailing list you no longer want, unsubscribe.
    If you are receiving emails you didn't subscribe for, hit spam though it is 99.9% certain if you receive emails from any of the listed autoresponders, you probably asked for the emails to be sent, and it is also safe to unsubscribe.

  3. says

    Your gmail filter is simple and effective.

    Regarding your Hash Key Proposal:
    Still, the mail provider needs to recognize the key. They decide what goes into the inbox and what goes into the spam box.

    We have available SPF, Domain Keys, even subscription info and unsubscribe links in the extended mail headers, … and email marketing service providers like iContact and AWeber (and others) who go through the effort dealing with feedback loops, …

    In theory this should suffice to identify mail a recipient has really subscribed for and let it bypass certain spam filters anyway.

    So why do you think an additional mechanism — the hash key — would cure that. Maybe I miss something here.


    • says

      It is like a personal hash key based on your email address and the service provider.

      Thus it would be included in every email that is sent by that provider to that email address, irrespective of list owner.

      As far as I know, there is nothing in headers from Aweber that I can use that is personal to me, that I can use as an override “never spam” that couldn’t somehow be worked out by a spammer.
      I can filter on Aweber, or maybe on other elements, but all those could be faked easily. The key couldn’t.

      Whatever mechanisms there are at the moment they aren’t working for me, and I shouldn’t have to manualy go though thousands of spam emails to find the good ones every couple of weeks, because that just serves the spammers in their emails being seen.

      • says

        I see. But I don’t think sender authentication is the real problem.

        How many spam emails pretend to come from AWeber, iContact, …, but do not?
        Major email marketing service providers (like the above) *AND* Gmail do have sender authentication [http://www.openspf.org/Related_Solutions] in place.

        The problem is Gmail doesn’t give it enough weight. Content and community feedback is a central part of their spam algorithm. And we know that for some people spam is the second email in the same week, … and why unsubscribe when the “this is spam button” smiles at them so nicely.

        Google says: “Many webmail services support a single authentication system to verify senders and help identify forged messages. Gmail supports multiple authentication systems, including SPF (Sender Policy Framework), DomainKeys, and DKIM (DomainKeys Identified Mail), so we can be more certain that your mail is from who it says it’s from. Also, unlike many other providers that automatically let through all mail from certain senders, making it possible for their messages to bypass spam filters, Gmail puts all senders through the same rigorous checks.” [Source http://www.google.com/mail/help/fightspam/spamexplained.html

        That second part of the paragraph is where the problem lies.

        Gmail’s spam filter is infamous for its high percentage of false positives.

        So who is to blame?
        The legitimate senders and their service providers do a hell of a lot already.

        (GoDaddy’s spam filter works great for me by the way.)

        • says

          I think the email service providers do a great job, and Google in this respect doesn’t.

          Thus as someone who want to receive the emails I subscribe to, even though I don’t always have time to read them, I dream up ways that this can be achieved.

          Spammers don’t currently try to fake being Aweber or other service providers, but if filtering based just upon the word “Aweber” became common, I am sure they would.

          There are ways I could do it myself.

          Use a little PHP to create a key
          Populate a custom field at signup
          Instruct subscribers how to add that key to their filters

          The thing that stops me doing that is familiarity – you do things a way that is different to everyone else, then users get confused.
          For email service providers to implement it would be an ideal situation, as then it becomes uniform.

          It is also a case then that once set up, it works for all account holders.