[RPZ] Whitelist rather than Blacklist

[Alan Doherty]

At 06:21 04/03/2013  Monday, Andrew Fried wrote:
>An awful lot of malware use domains in the alexa list.  I'd be pretty
>hesitant arbitrarily whitelisting based on a "most popular" or most used.
>
>Andy

i suppose i have to agree on the whitelisting good should (with help) be a lot less effort than blacklisting bad (as % of new bad per day/week/year far outstrips new good, though longevity of both varies wildly)

but just suggest people don't overlook that in most uses dns is used for more than web so top x sites
or all business partners and whitelisted websites, will often cause failures in mail and sometimes web-function, when whitelisted-domain changes mail provider so their MXs now point to hosts in non-whitelisted domains, or their website uses cnames or cdn's that are within non-whitelisted space

i'm not saying its not worth trying, im saying you gotta log and monitor for these cases so when/if the change happens you can investigate and respond before the complaints roll in

if only for whitelist-only web-filtering a whitelist only proxy can be much easier to control (fewer entries and more detailed) as you don't need to know about the chain of cnames between www.example.com and its actual IP
and you can allow www.google.com/path-to-plugin-js-that-partner-site-insitst-on-not-rendering-without/ without having to allow users to www.google.com

but each to their own RPZ is nonetheless a seriously powerful tool to add to the myriad available, and i would welcome seeing a public list/board/wiki sharing-point for sharing info on same such as
fictional example:  if you want to add facebook you must add facebook.com + facebookscdn.net + facebookmail.org

or is such a forum already out there?

if only i had the time ;)
whitelisters.whatever with categories for mail and web and other and open commentary on reputation and 3rd party domains/urls/hosts necessary for function