Blacklist (computing)

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements (email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc.), except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.

"Blocklist" redirects here. For the song by Lil Durk, see Blocklist (song).

Blacklists can be applied at various points in a security architecture, such as a host, web proxy, DNS servers, email server, firewall, directory servers or application authentication gateways. The type of element blocked is influenced by the access control location.^[1] DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords.

Example uses include a company that might prevent a list of software from running on its network, a school that might prevent access to a list of websites from its computers, or a business that wants to ensure their computer users are not choosing easily guessed, poor passwords.

China Anti-Spam Alliance

[4]

Fabel Spamsources

[5]

Spam and Open Relay Blocking System

The DrMX Project

Distribution methods[edit]

Blacklists are distributed in a variety of ways. Some use simple mailing lists. A DNSBL is a common distribution method that leverages the DNS itself. Some lists make use of rsync for high-volume exchanges of data.^[6] Web-server functions may be used; either simple GET requests may be used or more complicated interfaces such as a RESTful API.

Companies like , Symantec and Sucuri keep internal blacklists of sites known to have malware and they display a warning before allowing the user to click them.

Google

such as DansGuardian and SquidGuard may work with a blacklist in order to block URLs of sites deemed inappropriate for a work or educational environment. Such blacklists can be obtained free of charge or from commercial vendors such as Squidblacklist.org.

Content-control software

There are also free blacklists for proxy, such as Blackweb

Squid (software)

A or IDS may also use a blacklist to block known hostile IP addresses and/or networks. An example for such a list would be the OpenBL project.

firewall

Many schemes include software blacklisting.

copy protection

The company offers a password blacklist for Microsoft's Active Directory, web sites and apps, distributed via a RESTful API.

Password RBL

Members of sites may add other members to a personal blacklist. This means that they cannot bid on or ask questions about your auctions, nor can they use a "buy it now" function on your items.

online auction

Yet another form of list is the yellow list which is a list of email server IP addresses that send mostly good email but do send some spam. Examples include , Hotmail, and Gmail. A yellow listed server is a server that should never be accidentally blacklisted. The yellow list is checked first and if listed then blacklist tests are ignored.

Yahoo

In modprobe, the blacklist modulename entry in a modprobe configuration file indicates that all of the particular module's internal aliases are to be ignored. There are cases where two or more modules both support the same devices, or a module invalidly claims to support a device.

Linux

Many web browsers have the ability to consult anti- blacklists in order to warn users who unwittingly aim to visit a fraudulent website.

phishing

Many programs support blacklists that block access from sites known to be owned by companies enforcing copyright. An example is the Bluetack^[7] blocklist set.

peer-to-peer file sharing

Usage considerations[edit]

As expressed in a recent conference paper focusing on blacklists of domain names and IP addresses used for Internet security, "these lists generally do not intersect. Therefore, it appears that these lists do not converge on one set of malicious indicators."^[8]^[9] This concern combined with an economic model^[10] means that, while blacklists are an essential part of network defense, they need to be used in concert with whitelists and greylists.

announced that it would replace many "terms that may be offensive to developers in the black community".^[15]

GitHub

announced at its developer conference that it would be adopting more inclusive technical language and replacing the term "blacklist" with "deny list" and the term "whitelist" with "allow list".^[16]

Apple Inc.

said it would use neutral language in kernel code and documentation in the future and avoid terms such as "blacklist" and "slave" going forward.^[17]

Linux Foundation

The Engineering team stated its intention to move away from a number of terms, including "blacklist" and "whitelist".^[18]

Twitter

announced that it would make open source more inclusive and avoid these and other terms.^[19]

Red Hat

In 2018, a journal commentary on a report on predatory publishing^[11] was released which claimed that "white" and "black" are racially-charged terms that need to be avoided in instances such as "whitelist" and "blacklist", and that the first recorded usage of "blacklist" was during "the time of mass enslavement and forced deportation of Africans to work in European-held colonies in the Americas". The article hit mainstream in Summer 2020 following the George Floyd protests in America.^[12]

A number of technology companies replaced "whitelist" and "blacklist" with new alternatives such as "allow list" and "deny list", alongside similar terminology changes regarding the terms "Master" and "Slave".^[13] For example, in August 2018, Ruby on Rails changed all occurrences of "blacklist" and "whitelist" to "restricted list" and "permitted list".^[14] Other companies responded to this controversy in June and July 2020:

ZDNet reports that the list of technology companies making such decisions "includes Twitter, GitHub, Microsoft, LinkedIn, Ansible, Red Hat, Splunk, Android, Go, MySQL, PHPUnit, Curl, OpenZFS, Rust, JP Morgan, and others."^[20]

The issue and subsequent changes caused controversy in the computing industry, where "whitelist" and "blacklist" are prevalent (e.g. IP whitelisting^[21]). Those that oppose these changes question the term's attribution to race, claiming that the term "blacklist" arose from he practice of using black books in medieval England.^[13]

Squidblacklist.org - Blacklists For Squid Proxy and Content Filtering Applications.

ipfilterX by Nexus23 Labs - Blocks P2P Crawlers, Malware C&C IPs, Institutions and many more.

- abuse reporting and blacklisting