About EmailReg.org

EmailReg.org creates responsibility for email sent from an IP address. EmailReg.org associates specific domains with a sending IP address. By creating a responsible party and identifying IP addresses, we greatly enhance our ability to fight spam and to eliminate false positives.

One of the primary challenges in fighting spam today is not knowing the person or entity responsible for the email sent from an IP address. There is no reliable way to contact the IT person running the email servers; there is no easy way to contact the security person or team. Therefore, it is difficult to stop bots or spamming machines. Oftentimes, spam is being sent by a compromised machine, and either the owner does not know or does not care. It is not affecting their email, so it’s not a critical problem for them. By creating an avenue through the listing on EmailReg.org for taking responsibility, we can remedy this situation.

The concept behind EmailReg.org is simple. It’s about standing up and taking responsibility for the email sent from an IP address. If a domain owner is willing to stand up and they do not send spam, then their email bypasses spam filtering. This means no false positives and no delays. It means that spam filters can be more aggressive at blocking email from unregistered sources.

This project was started out of frustration with spam filters blocking legitimate email from legitimate senders. A problem that we all encounter. This project is supported by donations from spam vendors and from individual users. We are also charging a small administration fee in order to develop a viable future for the project. We are still not covering our costs and any donations would be greatly appreciated. We have received support from Barracuda Networks and a few other people, and are thankful to them. Without them we would not have progressed to where we are and been able to build the database we have. If you would like to make a donation to further support our efforts (either because the data we provide is useful or because you believe in what we are doing) please contact us (info@emailreg.org). We hope to eventually help eliminate spam and make email more reliable.

How It Works

EmailReg.org maintains a registry of domains and IP addresses that sends email for that domain. This list is maintained by the owners of the domains in a manner similar to a domain name registry. An owner of a domain must prove domain ownership. Once ownership is proven he or she can specify which IP addresses will send email for the domain. The IP addresses and domains are published in the Registered Email Sender List (RESL). The RESL is used by spam filtering companies and spam filtering tools to help block spam and also allow good mail through.

If spam is sent by an IP address on the RESL, their listing on the RESL will be suspended. The IP address and domain listing will not be re-instated until it’s proven that the problem has been remedied. The coupling of the source IP address, which is maintained by the domain owner, and a responsible party, creates a strong answer to reducing false positives in email filtering.

EmailReg.org data is provided as a free service to anyone who wants it. It is used by a number of spam filtering companies. We also provide plug-ins and patches for many programs to utilize it, such as SpamAssassin. EmailReg.org data is used by Barracuda Networks.

Why EmailReg.org?

  • Solves the problem of accountability for email sent from an IP address by providing a point of contact
  • Greatly reduces false positives in any email filtering system
  • On the road to eliminating spam by creating email responsibility
  • Gives domain owners and email senders a way to receive intelligent, useful complaints about spam coming from their IP addresses

Use and participation of EmailReg.org is strictly voluntary. If it does not meet with your requirements, needs or policies, you should not use it.

Comparison to other Services

Several whitelisting services exist (eg bondedsender, Habaes). These services have traditionally tried to associate a business model and charged the senders significant amounts of money. So far these economically driven solutions have not worked well.

The business model behind other whitelisting services pushes e-mail into a "paid" model. Senders pay to be included in the lists mentioned above. Of course, commercial providers have an incentive to enforce their policies (otherwise people would stop using them), but only potentially "bad" senders have an incentive to make use of such paid services.

But for the typical receiver (ie you) they do not help to reduce the risk of losing mail for the majority of e-mail senders (eg customers and partners). It would be counter-intuitive to require all senders to pay one of the third parties just to let email through.

False Positives

Filtering incoming emails to make the decision between good and bad has the risk of creating a false positive, blocking a good message.

The idea behind EmailReg.org is to have information on the good senders of email such that you can clearly identify the email coming from a good sender and thereby avoid false positives. Those "good" senders are known or believed to have an efficient, effective and prompt reaction to any abuse or problems happening on their network.

It does not make sense to have emails sent from these sources subject to the extensive filtering and checking that is done in most spam filters.

How is EmailReg.org different than a whitelist?

Most whitelists are based on one parameter. Some examples and the issues associated with them are:

  1. whitelist by IP address. Problem when the IP address gets infected with a virus or BOT and starts sending lots of spam.
  2. whitelist by from address. From addresses can be spoofed by spammers and mostly are. This allows spam to get through.
  3. whitelist by domain name. Again the from domain can be spoofed.

EmailReg.org offers a whitelist that requires the from domain and the IP address match the database of entries in the RESL. By checking both parameters against the published parameters of the organization we are much more sure that the email is actually being sent by the entity in question. If the entity in question is reputable we can then be more sure that whitelisting is appropriate.