Home

allowlist

An allowlist is a list of entities that are explicitly permitted to access a system or perform certain actions. In information technology, items on an allowlist can include IP addresses or ranges, domain names, email addresses, software applications, or user accounts. Access is granted to anything on the list, while items not on the list are typically blocked or restricted according to policy. Allowlisting is widely used to enforce access control, application execution, and content delivery.

Examples include email allowlists (safe sender lists to improve deliverability), firewall or cloud security group allowlists

Terminology and standards: Terms such as allowlist and denylist are increasingly used as neutral alternatives to

Advantages and challenges: Allowlists can reduce risk by limiting access to known-good entities, but they require

(permitting
connections
from
approved
addresses),
and
application
allowlisting
(permitting
only
approved
software
to
run
on
a
device
or
within
a
managed
environment).
Some
allowlists
are
dynamic,
time-limited,
or
require
periodic
verification.
whitelist
and
blacklist.
Many
standards
bodies,
vendors,
and
organizations
encourage
this
terminology,
though
usage
varies
by
domain
and
region.
ongoing
maintenance
to
remain
accurate.
If
entries
are
missing
or
become
stale,
legitimate
users
or
processes
may
be
blocked.
Effective
use
often
relies
on
automation,
regular
auditing,
and
integration
with
identity
and
access
management
systems.