Heh...odd. Not sure if anyone here participated in the PHP Marathon from Dotgeek.org, but I did, and one of the tasks you could do was to do this exact thing. People did everything from create Crontabs to creating non-php binaries that PHP ran when someone checked their email from the webserver. I...did not finish, but was working on making a webmail system that combined crontabs and a web-interface to do the job.

When an email was received, it's checked against the white-list. If it's not on the whitelist, it's entered into an SQLite database for temporary storage, and an email is sent to the reply address containing a link to a "authorization" page. That page had an image created dynamically with the GD library. The image contained a verification code that matched one in the database for the temporarily held email. If they filled in the image form correctly, it re-entered the email into the mail server.

Bit more to it than that, but that was the basic idea.

That operates on the premise that spammers are legitimate business people that will follow proper rules. Unfortunately, the ones that are the problems (such as those that give you a "remove" option, only to sell your now confirmed email address to other spam lists) are the ones that will bypass your whitelist.

Does a spammer care if they can't get in to your personal account? No. They have millions of other addresses to use, and they don't have the time or money to devote to deal with your whitelist. In fact, spammers only need a few people to respond to their millions of spam messages sent out in order to make any sort of profit.

On top of that, most spammers have fake or third-party return addresses, so your email "inviting" them to join your whitelist will be returned as undeliverable (which of course adds yet another email in your inbox you don't want).

For a related link, and some fun, check out www.thespamletters.com

Well my dear friend Buzzly, that's why there was more to it. The image was a human check, which kept non-humans from adding themselves to your whitelist. Anything received that was not from a white-listed member didn't get through (in theory...it IS possible for it to get through if the user checks their email via POP3/IMAP remote download, but I didn't feel like running a crontab every 30 seconds ). On top of that, all mail received from certain address masks, such as mailer daemons, were screened to make sure they were not the result of a non-whitelisted email notification. If they were from a third-party email address that was returned, then the user (again in theory) never sees it.

It's a decent system...but a better one could be done if you delve into the lovely world of mailservers.

[edit]
btw, awesome site!

thank you both for your inputs.. i wish i knew more about mailservers.. will study that next...

for now i would like to know if PHP and MYSQL is enough to handle this system? I believe PHP alone can connect to mail servers and manipulate it, correct?

Tea

Actually, ZC, I was responding to Tea_J. I was called away in the middle of my post, so by the time I posted it, you had already responded LOL. Normally, I quote the person I'm responding to if my response is not the next post, but I didn't want to bother editing my post to put in the appropriate quotes.

Isn't that site funny? I saw that tonight on Unscrewed with Martin Sargent (on G4), and had to check it out.

hmm.. what are the PHP functions used to retrieve email from mailservers?? Do you guys know of any link that teaches the basic in playing with the mail server thru PHP?

TEa

Playing with mailserver? Uh...not sure if this is what you mean, but if you check out... www.php.net/imap you will get a good bit of information.

Buzzly -
Well that makes more sense, heh. They need to add a "People currently responding to this post" section. Would be advantageous.

imap functions?? ahhh.. so that's what it is.. i've been looking for mailserver functions.. stoopid me..

thanks.

Tea