Blacklist (computing)

Last updated
Screenshot of a website blocking the creation of content which matches a regular expression term on its blacklist TitleBlacklist demonstration.png
Screenshot of a website blocking the creation of content which matches a regular expression term on its blacklist

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements (email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc.), except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist , allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.

Contents

Blacklists can be applied at various points in a security architecture, such as a host, web proxy, DNS servers, email server, firewall, directory servers or application authentication gateways. The type of element blocked is influenced by the access control location. [1] DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords.

Example uses include a company that might prevent a list of software from running on its network, a school that might prevent access to a list of websites from its computers, or a business that wants to ensure their computer users are not choosing easily guessed, poor passwords.

Examples of systems protected

Blacklists are used to protect a variety of systems in computing. The content of the blacklist is likely needs to be targeted to the type of system defended. [2]

Information systems

An information system includes end-point hosts like user machines and servers. A blacklist in this location may include certain types of software that are not allowed to run in the company environment. For example, a company might blacklist peer to peer file sharing on its systems. In addition to software, people, devices and Web sites can also be blacklisted. [3]

Email

Most email providers have an anti-spam feature that essentially blacklists certain email addresses if they are deemed unwanted. For example, a user who wearies of unstoppable emails from a particular address may blacklist that address, and the email client will automatically route all messages from that address to a junk-mail folder or delete them without notifying the user.

An e-mail spam filter may keep a blacklist of email addresses, any mail from which would be prevented from reaching its intended destination. It may also use sending domain names or sending IP addresses to implement a more general block.

In addition to private email blacklists, there are lists that are kept for public use, including:

Web browsing

The goal of a blacklist in a web browser is to prevent the user from visiting a malicious or deceitful web page via filtering locally. A common web browsing blacklist is Google's Safe Browsing, which is installed by default in Firefox, Safari, and Chrome.

Usernames and passwords

Blacklisting can also apply to user credentials. It is common for systems or websites to blacklist certain reserved usernames that are not allowed to be chosen by the system or website's user populations. These reserved usernames are commonly associated with built-in system administration functions. Also usually blocked by default are profane words and racial slurs.

Password blacklists are very similar to username blacklists but typically contain significantly more entries than username blacklists. Password blacklists are applied to prevent users from choosing passwords that are easily guessed or are well known and could lead to unauthorized access by malicious parties. Password blacklists are deployed as an additional layer of security, usually in addition to a password policy, which sets the requirements of the password length and/or character complexity. This is because there are a significant number of password combinations that fulfill many password policies but are still easily guessed (i.e., Password123, Qwerty123).

Distribution methods

Blacklists are distributed in a variety of ways. Some use simple mailing lists. A DNSBL is a common distribution method that leverages the DNS itself. Some lists make use of rsync for high-volume exchanges of data. [6] Web-server functions may be used; either simple GET requests may be used or more complicated interfaces such as a RESTful API.

Examples

Usage considerations

As expressed in a recent conference paper focusing on blacklists of domain names and IP addresses used for Internet security, "these lists generally do not intersect. Therefore, it appears that these lists do not converge on one set of malicious indicators." [8] [9] This concern combined with an economic model [10] means that, while blacklists are an essential part of network defense, they need to be used in concert with whitelists and greylists.

Controversy over terminology

Some major technology companies and institutions have publicly distanced themselves from the term blacklist due to a perceived connection with racism, instead recommending the terms denylist or blocklist. [11] [12] [13] [14] [15] [16] The term's connection with racism, as well as the value in avoiding its use has been disputed. [15] [17] [ better source needed ]

Related Research Articles

<span class="mw-page-title-main">Open mail relay</span> SMTP server that allows anyone to send e-mail through it

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A whitelist or allowlist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognized, or ostracized.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

<span class="mw-page-title-main">PeerGuardian</span> Free and open source program developed by Phoenix Labs

PeerGuardian is a free and open source program developed by Phoenix Labs (software). It is capable of blocking incoming and outgoing connections based on IP blacklists. The aim of its use was to block peers on the same torrent download from any visibility of your own peer connection using IP lists. The system is also capable of blocking custom ranges, depending upon user preferences.

Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.

SORBS was a list of e-mail servers suspected of sending or relaying spam. It had been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

Barracuda Networks, Inc. provides security, networking and storage products based on network appliances and cloud services.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically receive a challenge.

SURBL is a collection of URI DNSBL lists of Uniform Resource Identifier (URI) hosts, typically web site domains, that appear in unsolicited messages. SURBL can be used to search incoming e-mail message bodies for spam payload links to help evaluate whether the messages are unsolicited. For example, if http://www.example.com is listed, then e-mail messages with a message body containing this URI may be classified as unsolicited. URI DNSBLs differ from prior DNSBLs, which commonly list mail sending IP addresses. SURBL is a specific instance of the general URI DNSBL list type.

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

<span class="mw-page-title-main">Fail2ban</span> Intrusion prevention software framework

Fail2Ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, such as iptables or TCP Wrapper.

Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sent spam on command. Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action.

Forum spam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, trolling and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with intent to get the spam in front of readers who would not otherwise have anything to do with it intentionally.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. Code Shikara is a computer worm, related to the Dorkbot family, that attacks through social engineering. Particularly prevalent in 2015, Dorkbot-infected systems were variously used to send spam, participate in DDoS attacks, or harvest users' credentials.

References

  1. Shimeall, Timothy; Spring, Jonathan (2013-11-12). Introduction to Information Security: A Strategic-Based Approach. Newnes. ISBN   9781597499729.
  2. "Domain Blacklist Ecosystem A Case Study". insights.sei.cmu.edu. 17 June 2015. Retrieved 2016-02-04.
  3. Rainer, Watson (2012). Introduction to Information Systems. Wiley Custom Learning Solutions. ISBN   978-1-118-45213-4.
  4. "反垃圾邮件联盟". Archived from the original on 2015-08-11. Retrieved 2015-08-10.
  5. "Fabelsources Blacklist".
  6. "Guidelines". www.surbl.org. Retrieved 2016-02-04.
  7. "B.I.S.S. Forums FAQ Questions about the Blocklists". Bluetack Internet Security Solutions. Archived from the original on 2008-10-20. Retrieved 2015-08-01.
  8. Metcalf, Leigh; Spring, Jonathan M. (2015-01-01). "Blacklist Ecosystem Analysis". Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security. pp. 13–22. doi:10.1145/2808128.2808129. ISBN   9781450338226. S2CID   4720116.
  9. Kührer, Marc; Rossow, Christian; Holz, Thorsten (2014-09-17). "Paint It Black: Evaluating the Effectiveness of Malware Blacklists". In Stavrou, Angelos; Bos, Herbert; Portokalidis, Georgios (eds.). Research in Attacks, Intrusions and Defenses. Lecture Notes in Computer Science. Vol. 8688. Springer International Publishing. pp. 1–21. doi:10.1007/978-3-319-11379-1_1. ISBN   9783319113784. S2CID   12276874.
  10. Spring, Jonathan M. (2013-09-17). Modeling malicious domain name take-down dynamics: Why eCrime pays. 2013 ECrime Researchers Summit (eCRS 2013). IEEE. pp. 1–9. CiteSeerX   10.1.1.645.3543 . doi:10.1109/eCRS.2013.6805779. ISBN   978-1-4799-1158-5. S2CID   8812531.
  11. Cimpanu, Catalin (2020-06-14). "GitHub to replace "master" with alternative term to avoid slavery references". ZDNET . Retrieved 2025-01-02.
  12. "George Floyd: Twitter drops 'master', 'slave' and 'blacklist'". BBC News . 2020-07-03. Retrieved 2025-01-02.
  13. Cimpanu, Catalin (2020-07-11). "Linux team approves new terminology, bans terms like 'blacklist' and 'slave'". ZDNET . Retrieved 2025-01-02.
  14. Kan, Michael (2020-07-17). "Apple to Remove 'Master/Slave' and 'Blacklist' Terms From Coding Platforms". PCMag . Retrieved 2025-01-02.
  15. 1 2 Conger, Kate (2021-04-13). "'Master,' 'Slave' and the Fight Over Offensive Terms in Computing". The New York Times . Retrieved 2025-01-02.
  16. Milanesi, Carolina (2021-06-29). "The Importance Of Inclusive Language And Design In Tech". Forbes . Retrieved 2025-01-02.
  17. Jocom, Juan Miguel (2022-03-24). "Op-Ed | "Blacklist" and "whitelist" aren't racist, you are". The Seattle Collegian. Retrieved 2025-01-02.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.