Black-, White-, Greylists

In computing, a blacklist (or block list) is a basic access control mechanism that allows blocking through elements like email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc. The opposite is a whitelist, which means only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.

Blacklists can be applied at various points in a security architecture, such as a host, web proxy, DNS servers, email server, firewall, directory servers or application authentication gateways. The type of element blocked is influenced by the access control location. DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords.

We use such lists in different places and different layers of our infrastructure. Some of the lists are used to completely block or permit connections whereas others are used to just fill some point lists. If an email triggers some points we can decide if we permit that connection completely, add some greylisting or if we should block the connection.


CategoryMAIL

Email/Protection/Blacklists (last edited 2018-11-22 16:37:05 by maegger)