To protect a device or network from potential threats, you need to control access. This requires a well-defined perimeter and ways to defend that perimeter. It also requires you to decide which entities should be allowed access and which should be blocked.
- How To White List An App On Macbook Air
- How To Whitelist An Exe
- How To White List An App On Macbook
- How To Whitelist App Download
- How To Whitelist Apps
- How To Whitelist An Email Address
There are two primary approaches used to manage which entities get access to your system — blacklisting and whitelisting. Both methods have their pros and cons, and not everyone agrees on which is the best approach to use. The right choice depends mostly on your organization’s needs and goals, and, often, the ideal tactic is a combination of both. Let’s look at blacklisting and whitelisting in detail and discuss the differences between the two methods.
Click a row to review request details in the Request Details page. Each row in the Enterprise level activity pane represents an executable file and endpoint combination. Click Allow Locally for a row. The Allow Locally dialog box lists one or more paths to add to the whitelist. MacRumors attracts a broad audience of both consumers and professionals interested in the latest technologies and products. We also boast an active community focused on purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.
What Is Blacklisting?
The blacklisting approach involves defining which entities should be blocked. A blacklist is a list of suspicious or malicious entities that should be denied access or running rights on a network or system.
As an example out in the physical world, a border control authority might maintain a blacklist of known or suspected terrorists. A store owner might have a blacklist of shoplifters. In the world of network security, a blacklist often consists of malicious software such as viruses, spyware, Trojans, worms and other kinds of malware. You could also have a blacklist of users, IP addresses, applications, email addresses, domains, processes or organizations. You can apply blacklisting to virtually any aspect of your network.
You might identify suspicious or malicious entities by their digital signatures, heuristics, behaviors or by other means. To blacklist applications, organizations can create their own blacklists and also use lists created by third parties, such as network security service providers. Blacklisting is the traditional approach to access control and has long been used by anti-virus tools, spam filters, intrusion detection systems and other security software programs.
The blacklist approach is threat-centric, and the default is to allow access. Any entity not on the blacklist is granted access, but anything that’s known or expected to be a threat is blocked.
- Blacklisting involves blocking access to suspicious or malicious entities.
- The default is to allow access.
- Blacklisting is threat-centric.
What Are the Pros and Cons of Blacklisting?
One of the biggest pros of the blacklisting approach is its simplicity. It works based on a simple principle — just identify the known and suspected threats, deny them access and let everything else go.
For users, it’s a relatively low maintenance approach. In many cases, your security software or security service provider will handle compiling the list with little need for input from the user.
A blacklist can never be comprehensive, though, since new threats emerge constantly. Every day, the AV-TEST Institute, which researches IT security, registers more than 350,000 new malicious programs and potentially unwanted applications. While keeping up with these threats is challenging, threat information sharing can help make blacklists more effective.
Even with information sharing, it’s easy for security software providers to miss threats simply because there are so many. While blacklisting is effective against known threats, it’s useless against new, unknown threats like zero-day attacks. If your organization is unlucky enough to be the first to be hit with a new kind of attack, blacklisting won’t be able to stop it.
Hackers also sometimes design malware specifically to evade detection by tools that use a blacklist system. They may be able to modify the malware so the blacklist tool does not recognize it as a blacklisted item.
What Is Whitelisting?
Whitelisting tackles the same challenges as blacklisting but uses the opposite approach. Instead of creating a list of threats, you create a list of permitted entities and block everything else. It’s based on trust, and the default is to deny anything new unless it’s proven to be acceptable. This results in a much stricter approach to access control. It’s analogous to denying everyone access to your office building unless they can pass a background check and have the credentials to prove that they did.
If a firewall only allows particular IP addresses to access a network, for instance, it’s using the whitelisting approach. Another example that most people have dealt with is the Apple app store. The company only lets users run apps that Apple has approved and allowed into the app store.
The simplest technique you can use to whitelist applications is to identify them by their file name, size and directory path. The problem with this technique, though, is that hackers could create an app with the same file name and size as the whitelisted app, allowing it to slip into the system. To combat this possibility, you can use a stricter approach, which the U.S. National Institute of Standards and Technology (NIST) recommends. It involves using cryptographic hash techniques and the digital signatures of the manufacturer or developer of each component.
To create a whitelist for the network level, you need to consider all of the tasks that users need to perform and the tools they’ll need to complete them. This network-level whitelist may include network infrastructure, sites, locations, applications, users, contractors, services and ports as well as finer details such as application dependencies, software libraries, plugins, extensions and configuration files. On the user level, a whitelist might include email addresses, files and programs. Using the whitelist approach requires you to consider user activity as well as user privileges.
Organizations can create their own whitelists or work with third parties that typically create reputation-based whitelists and give ratings to software and other items based on their age, digital signatures and other factors.
To sum up:
- Whitelisting involves only allowing access for approved entities.
- The default is to block access.
- Whitelisting is trust-centric.
What Are the Pros and Cons of Whitelisting?
Whitelisting is a much stricter approach to access control than blacklisting, as the default is to deny items and only let in those that are proven to be safe. This means that the risks of someone malicious gaining access to your system are much lower when using the whitelisting approach.
While whitelisting offers stronger security, it can also be more complex to implement. It’s difficult to delegate creating a whitelist to a third party because they need information on the applications you use. Because it requires information specific to each organization, it requires more input from users. Most organizations regularly change the tools they use, which means every time they install a new application or patch an existing one, they need to update their whitelist. Administratively, whitelisting can be more complicated for the user, especially if they have larger, more complex systems.
Whitelisting applications also restrict what users can do with their systems. They can’t install whatever they like, which limits their creativity and the tasks they can perform. There’s also the chance that whitelisting will result in blocking traffic that you want, which is a higher likelihood in some applications than in others.
What Is Graylisting?
Another technique that’s related to blacklisting and whitelisting but less frequently discussed is graylisting, also spelled greylisting. As its name suggests, it’s somewhere in between blacklisting and whitelisting. It’s typically used in tandem with at least one of these two main methods.
A graylist is a list where you can put items which you have not yet confirmed as either benign or malicious. Graylisted items are temporarily banned from accessing your system. After an item ends up in a graylist, you scrutinize it further or gather more information to determine whether it should be allowed or not. Ideally, things do not stay in a graylist for long and quickly move to either a blacklist or whitelist.
How you decide what to do with a graylisted item depends on the kind of entity it is. A security tool might, for instance, prompt the user or a network administrator to make a decision.
One example of the use of graylisting is in email. If a spam filter is unsure of whether to accept a message, it can temporarily block it. If the sender attempts to send the message again within a specified period, then it will be delivered. If not, it will reject the message. The thinking behind this is that most spam comes from applications designed to send spam, not actual users, so they won’t attempt to resend an email if they get a message saying it’s temporarily blocked. A real user, on the other hand, would send the email again.
Which Approach Should You Use?
So, which approach is right for you? Let’s look at when to use each of them and how to use both together.
1. When to Use Blacklisting
Blacklisting is the right choice if you want to make it easy for users to access your systems, and you want to minimize administrative effort. If you value those things more than having the most stringent access control possible, choose blacklisting.
Blacklisting is traditionally the most common approach security teams use largely because when people design systems, they often want as many people as possible to be able to access them. An ecommerce store, for example, would most likely rather risk the occasional fraudulent transaction than block a legitimate customer from making a purchase. If an ecommerce store blocked every customer it didn’t already know, it wouldn’t last very long.
If you want to provide something to the public and maximize the number of people that can use it, blacklisting is typically the best approach.
In short, use blacklisting when:
- You want the public to be able to use a system, such as an ecommerce store.
- You want a less restrictive environment.
- You want to minimize administrative effort.
2. When to Use Whitelisting
If, on the other hand, you want to maximize security and don’t mind the extra administrative effort or limited accessibility, whitelisting is the best choice. Whitelisting is ideal when stringent access control and security are crucial.
Whitelisting works well for systems that aren’t public. If you have an application that only select employees of your company need access to, for example, you could whitelist the IP addresses of their computers and block all other IP addresses from accessing the app.
Additionally, whitelisting can be useful when you want to define what actions an application or service can perform and restrict it from doing anything else. You can accomplish this by whitelisting certain types of behavior. As an example, you might have a computer that you use only to perform one specific task. In a hotel lobby, for instance, you might have a computer that guests can use to log in. You could whitelist the hotel’s website so that it’s the only site guests can access on the device. As another example, you might create a policy that allows a microservice to consume a certain amount of resources or run on a particular host but shuts it down if it tries to use more resources or move to a new host.
It wouldn’t be practical to do this using blacklisting because the number of possible behaviors that you don’t want your application to perform is too high. You can’t predict everything the application might do, but you can define what you want it to do if you only want it to do very specific things.
Use whitelisting when:
- Only a select group of users needs to use a system.
- You want a more controlled environment.
- You don’t mind investing more administrative effort.
3. Using Blacklisting and Whitelisting Together
Often, using blacklisting and whitelisting together is the ideal option. You can use different approaches at different levels of your infrastructure and even use both within the same level.
You might take a blacklist approach, for example, to malware and instruction detection by using security software, but use a whitelist approach to controlling access to the network as a whole. You could also blacklist hosts based on their IP addresses while whitelisting the desired application behavior.
You might also whitelist access to a service based on geographic region by only allowing users from regions where you know real users are located. At the same time, though, you could have a blacklist of malicious users located within those regions. This is an example of using both whitelisting and blacklisting within the same level.
Many organizations use both blacklisting and whitelisting for different parts of their security strategies. For example, controlling access to a computer or an account using a password is whitelisting. Only those with the password are allowed access, and all others can’t get in. Many of those same organizations also run anti-malware programs that use a blacklist of known malware to block harmful programs.
Improve Your Network Security With Consolidated Technologies, Inc.
Controlling access is at the center of network security. Blacklisting and whitelisting are both legitimate approaches to controlling access to your networks and keeping your data secure. The right one for you depends on your organization’s needs and goals.
The experts at Consolodated Technologies, Inc. can help you figure which cybersecurity strategies are best for your organization and provide you with a range of solutions to help you meet your security goals. We offer firewall solutions, network vulnerability assessments, compliance assistance and even comprehensive managed security solutions. To talk with one of our experts about which cybersecurity strategies and solutions are right for you, contact us today.
In today’s post I’m going to show exactly how to whitelist emails so they don’t get sent to spam.
And I’m going to show you how to do it on ALL major email apps.
Click the desktop or mobile email app you use below for detailed instructions on how to whitelist using that app.
Pro tip: Link your email subscribers to this page in your welcome email (or on your email sign up thank you page) to make it easy for them to whitelist your emails.
Mobile (Tablet/Phone) Email Apps
Desktop (Mac/PC) Email Apps
Mobile (Tablet/Phone) Email Apps
If you’re using a smartphone or tablet, here’s how to whitelist an email address on the most common mobile email apps.
Gmail
In the Gmail app, you have two options:
![How to white list an app on macbook pro How to white list an app on macbook pro](/uploads/1/3/4/1/134144020/300077194.jpg)
- Report an email as “not spam” (if the email is in spam).
- Move an email from the promotional inbox to the primary inbox.
If an email is ending up in your spam folder, open the email and click Report not spam.
You can also tap the three dots in the upper right corner and click Mark important to give it priority in your inbox (shown in the video below).
To move an email from the promotional folder to your primary inbox, open the email and tap the three dots in the upper right corner, then tap Move to > Primary.
Apple Mail
Apple Mail doesn’t have the option to whitelist like some other email providers do. Instead, all you can do is mark something as “Not Junk” and it will be sent to your inbox. Here’s how:
- Open your Mail app and go to the Mailboxes screen.
- Select the Junk folder.
- Find the email you want to whitelist and swipe left to see options.
- Tap the More button.
- Tap the Mark button.
- Tap the Mark as Not Junk button.
Yahoo
How To White List An App On Macbook Air
To add an email address to your mobile Yahoo! Mail contacts (and ensure delivery), follow these steps:
- Tap the hamburger menu (three stacked lines) in the top left.
- Tap Settings and scroll down to Filters.
- Select the email account you want to add a filter for.
- Tap the + icon to add a new filter.
- Name it anything you want (such as “Whitelist”), then either:
- Add the exact email you want to whitelist OR;
- Add the @domain.com you want to whitelist to get deliveries from every email at that domain.
- Click the ✓ icon in the top right to save the filter.
Outlook Mobile
On Outlook mobile, you can add senders to your focused inbox to ensure delivery of their emails. Here’s how:
- Open the email you want to whitelist.
- Tap the three dots in the top right of the screen (not the dots inside the email).
- Tap Move to Focused Inbox.
- In the popup box, tap the radius button for “Move this and all future messages” then tap MOVE TO FOLDER.
Desktop (Mac/PC) Email Apps
Gmail
There are three ways to whitelist emails using Gmail:
- Gmail tabs
- Marking an email as “not spam”
- Creating a filter
If you’re using Gmail tabs (Promotional and Social), click and drag the email you want to whitelist from the tab it’s in to the Primary tab, like so:
Xbox one app mac. Once done, you’ll get an alert saying “This conversation has been moved to Primary. Do this for all future messages from [email protected]?” Click Yes.
If the email is already in your spam folder, mark it as “not spam”. Open the email in your spam folder that you want to whitelist, then click Report not spam.
Finally, if an email is already in your primary folder but you want to make sure all emails from this sender always end up there, you can create a filter. To do this, follow these steps:
- Click the cog icon in the top-right corner, and then Settings from the drop-down menu.
- Click the Filters tab then Create a new filter.
- Enter the domain of the email you want to whitelist in the From field.
- Click Create filter with this search.
- In the box titled When a message arrives that matches this search select Never send it to spam.
- Click the Create filter button.
Outlook 20XX
To whitelist an email in any version of Outlook after 2000:
- Click the blue Click here to download pictures information box.
- Click Add Sender to Safe Senders List. You can also click Add the Domain @domain.com to Safe Senders List to whitelist all emails coming from any email address on that domain.
Outlook.com
How To Whitelist An Exe
Open the email you want to whitelist. An alert message should display stating, “Parts of this message have been blocked for your safety.” Click I trust [email protected]. Always show content.
How To White List An App On Macbook
AOL Mail
To whitelist emails on AOL: Mac app drop shelf.
- Open the email you would like to whitelist.
- Click their email contact name and address, then click Add Contact.
- Enter their first and last name (company name works).
- Click Add Contact again. That’s it!
Comcast/Xfinity
If you have an email account from Xfinity (formerly Comcast), here’s how to whitelist a contact:
- Sign into your My XFINITY account.
- At the top right, click the Mail icon to get to your inbox.
- Click the Address Book tab.
- Click +Create Contact in the top menu (looks like a head silhouette with a plus sign).
- Add the sender’s email address.
- Click Save to save and whitelist the contact.
AT&T Yahoo Mail
AT&T uses the Yahoo! Mail app platform, so whitelisting instructions are the same with both. To whitelist contacts with these email providers:
- Click the contact book in the right-hand menu.
- At the bottom of the sidebar, click +Add new contact.
- Enter the name and email information of the sender you want to whitelist (you can use a business name).
- Click Save.
How To Whitelist App Download
Mac OS X Mail App
To whitelist all emails from a domain in the Mail app for Mac OS X or macOS:
- In the top menu, click Mail > Preferences.
- Click the Rules tab.
- Click Add Rule.
- Enter a whitelist name in the Description field, such as 'Whitelist: sumo.com' to create the new rule.
- For conditions, set the first dropdown menu item to any. It should say: If any of the following conditions are met.
- In the following dropdown menus, select From in the first field and Ends with in the second field.
- In the text field following Ends with, enter the domain name that you want to whitelist. Include '@' before the domain name to make the filter specific—for example, to whitelist all mail from the sumo.com domain, but not mail that might come from one of its subdomains (such as @subdomain.sumo.com), type '@sumo.com' into the field.
- Click the plus sign next to the last condition to add another domain with the same criteria if you want to whitelist more domains.
- In the Perform the following actions section, set the three dropdown items to: Move Message, to the mailbox: Inbox (or any target folder you want).
- Click OK to save the rule.
Get My Email Deliverability Checklist
Getting your subscribers to whitelist your emails is only one part of email deliverability. It’s still possible to end up in the spam folder before you even get the chance to ask them to whitelist you!
How To Whitelist Apps
Want to ensure your subscribers receive and act on your emails? Click the button below to download my 15-point email deliverability checklist.
How To Whitelist An Email Address
Email is the highest ROI marketing channel—but only if your emails aren’t sent to spam!