Whitelist

whitelist is a list or register of entities that provides a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and / or recognized. Whitelisting is the reverse of blacklisting , the practice of identifying entities that are denied, unrecognised, or ostracised.

Email whitelists

Spam filters That come with email customers -have whitelists and blacklists of Both senders and keywords to look for in emails. If a spam filter keeps a whitelist, mail from the listed email addresses , domains , and / or IP address will always be allowed.

Typically, a user has to manually add the sender or address to a list of “approved” or “safe senders” within his or her email client for an address to be whitelisted, which is a different process in various email clients. [1]

Some Internet service providers have whitelists that they use to their customers.

If a whitelist is exclusive, only email from entities on the whitelist will get through. If it is not exclusive, it prevents email from being deleted or sent by the spam filter. Usually, only end-users would like to set up a spam filter, not Internet service providers or email services.

Using whitelists and blacklists can not help but get messages, but they are not perfect. Email whitelists are used to reduce the incidence of false positives , often based on the assumption that most legitimate mail will be a relatively small and fixed set of senders. To block a high percentage of spam, email filters send email to email email

Amazon.com uses whitelists to limit its Kindle e-reader devices. Besides Amazon itself, only e-mail addresses whitelisted by the device ‘s registered owner can send content (“personal documents”) to that device.

Non-commercial whitelists

Non-commercial whitelists are operated by various non-profit organizations, ISPs and others interested in blocking spam. Rather than paying fees the sender must pass a series of tests; for example, His email server must not be an open relay and-have a static IP address . The operator of the whitelist can remove a server from the list if complaints are received.

Commercial whitelists

Commercial whitelists are a system by which an Internet service provider allows you to bypass spam filters when sending email messages to its subscribers, in return for a pre-paid fee, or an annual or per-message fee. A sender can be more confident that their messages have reached their limits, or having links or images stripped out of them, by spam filters. The purpose of commercial whitelists is to allow them to reliably reach their customers by email.

Commercial providers include Return Path Certification, [2] Eco’s Certified Senders Alliance , and the Spamhaus Whitelist . [3]

One of the most well-publicized and controversial commercial whitelists services at present is Certified Email by Goodmail Systems, [4] which has made headlines since February 2006 when AOL and Yahoo announced plans to implement it. AOL has 0.10 cents per recipient, which has been prepaid. AOL has announced that it will pay the fee for non-profits. [5]The messages will be made to come from a trusted source. These senders must pass a system of accreditation with Goodmail, and their messages must be pre-existing business relationship with the sender. If AOL may not be able to send a message to a user, it can not be used.

AOL asserts that free email on a whitelisted AOL’s service will continue to work. AOL subscribers will not be charged for sending or receiving email, and senders who will not prepay their messages to the same spam filters as before. quote needed ]

MoveOn organized a protest of AOL’s use of commercial whitelists. [6] [7] It characterizes the program as an “email tax”, and claims that AOL is giving spammers a direct route into users’ mailboxes, while attempting to move to be rejected by the spam filters.

Certified ISPs in the USA: AOL, AT & T, Comcast , Cox, Road Runner, Verizon, and Yahoo. quote needed ]

According to Comcast, Goodmail has ceased operations and as of February 4, 2011 Comcast will no longer use the service. [8]

LAN whitelists

Another use for whitelists is local area network (LAN) security. Many network admins set up MAC address whitelists, or MAC address filter, which is allowed on their networks. This is used when encryption is not practical or in tandem with encryption. However, it’s sometimes ineffective because a MAC address can be faked .

Some firewalls can be configured to only allow data-traffic from / to certain (ranges of) IP-addresses.

Program whitelists

If an organization keeps a whitelist of software , only titles on the list will be accepted for use. The benefits of whitelisting in this forum are the one that the organization may not be able to consider.

Whitelists application

An emerging approach to combating viruses and malware, which is considered safe to run, blocking all others. [9] Dr. John Harrison, American Computer Scientist, The approach was first implemented in a modern operating system. [10] Some deem this superior to the signature-based standard, anti-virus approach of blocking / eliminating harmful malware (essentially blacklisting), as the standard means that exploits are already in the wild. [11] [12] Leading providers of application whitelisting technology include Bit9 , McAfee , and Lumension . [13]

These products can be used to prevent the introduction of new malware. [14]

Among Unix Operating system variants, HP-UX has introduced a feature called ” HP-UX Whitelisting ” on 11iv3 version. HP-UX Whitelisting (WLI) provides secure RSA encryption technology. WLI is complementary to the traditional UNIX discretionary access controls (DAC) based on user, group, and file permissions. The more granular DAC access control list (ACL) permissions are available on VxFS and HFS filesystems are likewise not affected.

Among Windows Operating Systems, Microsoft has introduced a new feature in Windows 7 and Windows Server 2008 R2 called ” Windows AppLocker “. Windows AppLocker allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create files based on file names. Rules can apply to individuals or groups. Policies are used by the users of different levels. For example, some users can understand the impact of this problem.

However, application level is still vulnerable to a variety of attacks or those that use a malicious tool. Level</s> level wh level wh level wh level wh level………………… </s>. </s>..

See also

  • DNSWL , whitelisting based on DNS
  • Walled garden (technology) , a whitelist

References

  1. Jump up^ https://www.campaignmonitor.com/resources/glossary/email-whitelist/
  2. Jump up^ “Email Certification – Email Sender Certification – Return Path – Return Path” . returnpath.net .
  3. Jump up^ “The Spamhaus Whitelist” . spamhauswhitelist.com .
  4. Jump up^ “Good Mail Systems •” . Good Mail Systems .
  5. Jump up^ Sandoval, Greg (March 3, 2006). “AOL to pay e-mail tab for nonprofits” . CNET . Retrieved 2007-10-04 .
  6. Jump up^ “Stop AOL email scheme” . MoveOn . February 22, 2006.
  7. Jump up^ “An examination of MoveOn’s claims” . Urban Legends Reference Pages. February 23, 2006.
  8. Jump up^ http://security.comcast.net/certifiedemail/?cid=NET_33_1210&fss=certified%20email
  9. Jump up^ without.org
  10. Jump up^ John Harrison,Enhancing Network Security User-Initiated By Preventing Malware Execution, Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05) (Wireless Ad Hoc / Sensor Networks and Network Security Track), Volume II – Volume 02; pages 597-602; IEEE Computer Society Washington, DC, USA 2005.
  11. Jump up^ “Dark Reading – Security – Protect The Business – Enable Access” . Dark Reading .
  12. Jump up^ “Whitelisting Application Gains Traction” . eweek.com .
  13. Jump up^ Blum, Dan (February 8, 2014). “Lessons Learned from Target Breach” . Security-Architect Blog . Dan Blum . Retrieved July 18, 2014 .
  14. Jump up^ Vamosi, Robert (2008-07-21). “Will you be saying your antivirus app anytime soon?” . CNET . Retrieved 2010-03-22 .

Leave a Reply

Your email address will not be published.