Whitelist
From Wikipedia, the free encyclopedia
A whitelist is a list of accepted items or persons in a set. This list is inclusionary, confirming that the item being analyzed is acceptable. It is the opposite of a blacklist which confirms that items are not acceptable.
Contents |
[edit] E-mail whitelists
An e-mail whitelist is a list of contacts that the user deems are acceptable to receive email from and should not be sent to the trash folder.
Spam filters that come with e-mail clients have both white and black lists of senders and keywords to look for in e-mails. If a spam filter keeps a whitelist, mail from the listed e-mail addresses, domains, and/or IP address will always be allowed.
Internet service providers have whitelists that they use to filter e-mail to be delivered to their customers. ISPs receive requests from legitimate companies to add them to the ISP whitelist of companies. Companies either pay for a time period to be allowed to e-mail their customers or the companies pay per complaint received by the ISP from their customers. These payments per complaint increase incrementally: ie. The first 10 complaints are $10 each. The next 10 are $20 each. These funds are then used by the ISPs to fund anti-spam programs to prevent unwanted e-mail.
If a white list is exclusive, only e-mail from those on the white list will get through. If it is not exclusive, it prevents e-mail from being deleted or sent to the junk mail folder by the spam filter. Usually, only end-users would set a spam filter to delete all e-mails from sources not on the white list, not internet service providers or e-mail services.
Using whitelists and blacklists can assist in blocking unwanted messages and allowing wanted messages to get through, but they are not perfect. E-mail whitelists are used to reduce the incidence of false positives, often based on the assumption that most legitimate mail will be from a relatively small and fixed set of senders. To block a high percentage of spam, e-mail filters have to be continuously updated as e-mail spam senders create new email addresses to e-mail from or new keywords to use in their e-mail which allows the e-mail to slip through.
[edit] Commercial whitelists
Commercial whitelists are a system by which an internet service provider allows someone to bypass spam filters when sending e-mail messages to its subscribers, in return for a small pre-paid fee (typically a fraction of a cent) per message sent. A sender can then be sure that his messages have reached their recipients without being blocked, or having links or images stripped out of them, by spam filters. The purpose of commercial whitelists is to allow companies to reliably reach their customers by e-mail.
Commercial providers include Sender Score Systems (formerly Bonded Mail), SuretyMail (formerly ISIPP IADB), and GoodMailSystems's CertifiedEmail(tm) product. Goodmail made headlines in February 2006 when America Online and Yahoo announced plans to implement it. AOL has stated that mail from senders who have prepaid 1/4 cent per message (AOL has announced free programs with SuretyMail and Habeas for non-profits) will be delivered directly to users' mailboxes without being subject to spam filters. The messages will be clearly identified to the user as having come from a trusted source. These senders must pass a system of accreditation with Goodmail, and their messages must only be sent to people who have a pre-existing business relationship with the sender. If a sender sends a message to a user who has not previously agreed to receive it, AOL may entirely block the sender.
Free e-mail on AOL's service will continue to work as it always has, and a user will continue to receive all messages from a sender whom he has whitelisted. AOL subscribers will not be charged for sending or receiving e-mail, and senders who do not prepay AOL will have their messages subject to the same spam filters as before.
[edit] LAN whitelists
Another use for whitelists is local area network (LAN) security. Many network admins setup MAC address whitelists or a MAC address filter to control who is on their networks. This is used when encryption is not a practical solution or in tandem with encryption. However, it's sometimes ineffective because a MAC address can be faked.
[edit] Program whitelists
If an organization keeps a white list of software, only titles on the list will be accepted for use. For example, a school might whitelist MATLAB and Netscape Navigator, thus allowing only those programs to be used on its computers. The benefits of whitelisting in this instance are that the school administration can ensure itself that students will not be able to download and/or use programs that have not been deemed appropriate for use.
