What is email whitelisting and how to create an email whitelist

Every authentic email that doesn’t reach its recipient is a missed chance for communication. Due to the huge volume of spam being sent around, it’s becoming harder and harder to communicate with your target group via email, especially if you’re sending a large number of marketing emails at once. One of the main anti-spam measures out there is blocklisting. An even more restrictive solution is allowlisting, in which only explicitly allowed content is allowed into the recipient’s inbox. In addition to blocklisting and allowlisting, greylisting is another method for fighting spam email.

Allowlists are the opposite of blocklists. Instead of blocking senders, IP addresses, and domains, allowlists only contain entries of senders that are welcome. Entries can be websites, programs, file endings, email addresses, or people. Anything that doesn’t explicitly appear on the list is blocked.

Allowlists are also used in firewalls. The administrator actively adds approved communication targets to the allowlist, and this is the only content that can pass through the firewall. Everything else won’t make it through. It works similarly in the case of individual computers - only apps that have been approved via allowlist can make it onto the device. Many of these lists don’t include files with endings like .docx, .xlsx, and .exe, effectively blocking them. The same also goes for the control of email systems or the use of parental controls, in which precisely defined IP addresses and domains are allowed. To find out which data is transmitted from the sender to receiver, check out our guide on the Internet Protocol.

Two data sets play an important role in the delivery of emails: One is the MX record of a domain. MX stands for mail exchange and gives a client information about which domain a mail server can be reached at. The other is the email header, which can be used to trace back the route of an email and check whether the supposed sender is the actual sender. Spammers often manipulate the “from-” and “return-path” lines to create false identities.

Allowlists make it possible to centrally control permissions for user interactions. That ensures clarity and security when it comes to permitted programs, web services, and senders. Content that’s judged unsafe or illegal is filtered out from the beginning and placed in designated storage locations or in quarantine. The pre-requisite is that it’s been precisely defined which interactions are allowed. The advantage of this approach is that new or unknown senders, programs and files won’t make it into the protected system.

Email recipients listed in a passlist will always receive the information sent out. Messages from permitted senders won’t end up in the spam folder - they’ll always make it into the inbox. Individual email recipients may be asked in emails to add the sender to their contacts.

There are several levels to be aware of when making an allowlist: the Internet provider, paid and unpaid service providers, and the individual user.

Many Internet providers allow you to make your own blocklists and allowlists. Note that entries into a blocklist often overwrite the allowlist. You’ll usually need an account to add and edit entries.

One well-known independent service provider is DNSWL.ORG, an anti-spam organization made up of volunteers that provides a publicly available, free (up to a certain point) allowlist. If you’re listed you’ll receive a detailed overview of the listed data, for example IP range and host names. Well-known paid providers include Spamhaus, Return Path, and Certified Senders Alliance (CSA). To get yourself listed with one of these providers, you’ll have to register with them and fulfill certain criteria. For example:

• Responsible and responsive approach to abuse from your own network
• Correct registration in Whois registry
• As yet no spam complaints about you

The providers check potential new entries using public and private sources. Here it will become relevant if a domain or IP address was already reported as spam. Networks with public users will receive a low rating for trustworthiness, whereas those with tight administrative control will receive a higher rating. Additional criteria ensure that an entry can later be removed from the allowlist. Criteria vary from provider to provider.

You can also create an allowlist on your computer with just a few clicks. More on that in the coming section.

Each provider has its own way for users to manage allowlists, with the technical principle behind each allowlist remaining more or less the same. On mobile devices, the process will be near identical. It’s also possible that you won’t be able to see certain fields in the email client. You can change that in the settings or menu. On touch screens, you can tap on “From” to view the true email address of the sender (without opening the email). Here’s a short overview of how it works with different providers:

1. Log in to your Google account and open your inbox
2. Hover the mouse over the email sender; a pop-up window will open
3. Click on the button with a person and a plus sign to add the sender to your contacts

1. Open an email from the sender that you want to add to your allowlist
2. Right-click on the email address in the “From” field
3. Click on “Add to contacts” and then “OK”

1. Right-click on the sender in the message preview window
2. Select “Junk Email” in the dialog menu and make a decision; when you click on “Junk Email Options”, a menu will open where you can set the degree of protection for junk mail and manage allowlists and blocklists in Outlook

In Thunderbird, you can create multiple address books, for example one named “Allowlist”.

1. Select and open a message from the sender you wish to add to the list
2. Right click on the sender’s email address
3. Add it to your address book and click “OK”

1. Open the message
2. Click on “Add contact” (the button is located near the “From” entry)
3. Add the sender to the list

1. Select a message from the sender in question
2. Click on “Mark as secure” next to the “From” field
3. Add the email address to your contacts

1. Select and open the email
2. Hover over the sender (first entry in the email header) and then open the drop-down menu
3. Click on “Add to contacts”
4. In “Settings>Rules” you can make special rules for individual email addresses

You can set up blocklists and allowlists for your entire account in the settings section of your IONOS customer account. Simply click on the box “Apply to all email addresses on the contract”.

1. Log into your account
2. Choose the email from the menu, then click on “Email Addresses”
3. Select the email address > Anti-Spam > Enter the sender under “Secure senders”