Blacklist (computing)

In computing, blacklisting is a form of access control. A proxy server might check the list of pages accessed against a blacklist, if the address is on the blacklist, the page cannot be accessed.

Screenshot of a web page of a Wikimedia Foundation project. Filing a blacklisting request.

Examples of systems protected

Blacklists are used to protect a variety of systems in computing. The content of the blacklist has to be targeted to the type of system defended.[1]

Information systems

An information system includes hosts like computers and servers. A blacklist in this location may include certain types of software that aren't allowed to run in the company environment. For example, a company might blacklist worker to worker file sharing on its systems, to stop them editing worker information. In addition to software, people, devices and websites can also be blacklisted.[2]

Email

Most email providers have an anti-spam feature that essentially blacklists certain email addresses if they are thought to be spam or malicious. For example, a user who gets of a lot of emails from a particular address, they may blacklist that address, and the email client will automatically route all messages from that address to a junk-mail folder or delete them without telling the user.

An e-mail spam filter may keep a blacklist of email addresses, any mail from which would be prevented from reaching its intended destination. It may also use sending domain names or sending IP addresses to implement a more general block.

In addition to private email blacklists, there are lists that are kept for public use, including:

  • China Anti-Spam Alliance[3]
  • Fabel Spamsources[4]
  • Spam and Open Relay Blocking System
  • The DrMX Project

Web browsing

The goal of a blacklist in a web browser is to prevent the user from visiting a malicious or deceitful web page via filtering. A common web browsing blacklist is Google's Safe Browsing, which is installed by default in Firefox, Safari, and Chrome.

Usernames and passwords

Blacklisting can also apply to user information. It is usual for systems or websites to blacklist certain usernames that aren't allowed to be chosen by the system or website's users. These reserved usernames are commonly associated with built-in system administration functions. Also usually blocked by default are profane words and racial slurs, for example, ROBLOX has a feature blocking certain usernames from being used.

Password blacklists are very similar to username blacklists but contain more entries than username blacklists. Password blacklists are used to stop users from choosing passwords that are easily guessed or are well known and could lead to unauthorized access by malicious parties. Password blacklists are used as a layer of security, which sets the requirements of the password length and/or character complexity. This is because there are a lot of number password combinations that fulfill many password policies but are still easily guessed (i.e., Password123, Qwerty123).

References

  1. "Domain Blacklist Ecosystem - A Case Study". insights.sei.cmu.edu. Retrieved 2016-02-04.
  2. Rainer, Watson (2012). Introduction to Information Systems. Wiley Custom Learning Solutions. ISBN 978-1-118-45213-4.
  3. "反垃圾邮件联盟". Archived from the original on 2015-08-11. Retrieved 2015-08-10.
  4. "Fabelsources - Blacklist".