A blacklist is list of items, such as usernames or IP addresses, that are denied access to a certain system or protocol. When a blacklist is used for access control, all entities are allowed access, except those listed in the blacklist. The opposite of a blacklist is a whitelist, which denies access to all items, except those included in the list.
Blacklists have several applications in computing:
- Web servers often include a blacklist that denies access from specific IP addresses or ranges of IPs, for security purposes.
- Firewalls may use a blacklist to deny access to individual users, systems located in certain regions, or computers with IPs within a certain subnet mask.
- Spam filters often include blacklists that reject certain e-mail addresses and specific message content.
- Programmers may implement blacklists within programs to prevent certain objects from being modified.
Since blacklists deny access to specific entities, they are best used when a limited number of items need to be denied access. When most entities need to be denied access, a whitelist approach is more efficient.