Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What are whitelisting and blacklisting?

What are whitelisting and blacklisting?

Whitelisting and blacklisting go hand-in-hand with HIPAA compliant email . But what exactly is whitelisting and its counterpart, blacklisting? As a healthcare provider, you’ve probably heard these terms in passing. We’re going to review the subtle differences between these two protocols and how they apply to email.




Whitelisting is a cybersecurity protocol. It’s a restriction on what email, websites, or applications are allowed to reach their destination.  A whitelist, in simple terms, is a list of “safe” websites and email addresses that can be received and retrieved. Whitelisting is the practice of placing websites and emails on this list.   Whitelisting can be used as a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance. Instead of trying to keep one step ahead of cyberattackers to identify and block malicious code, IT staff compiles a list of approved applications, websites, or email addresses that a computer or mobile device can access.




Blacklisting is the opposite of whitelisting. A blacklist tells the server that the healthcare professional deems a specific website or email unsafe. Any website or email address on a blacklist is not received or retrieved. The sender of the email or the website host is never made aware that their email is on a blacklist.


Whitelisting, blacklisting, and HIPAA compliant email


Whitelisting and blacklisting are commonly used for email, especially HIPAA compliant email. Whitelisting allows no emails to pass except for those that are deemed safe. Blacklisting does the opposite. It allows all emails to pass except for those that are deemed unsafe.  Since whitelisting practices are based on the least-privilege access principle of cybersecurity, placing certain domains on a whitelist helps ensure that the emails you receive as a healthcare professional have an extended level of protection. Whitelisting an IP address or an email address assures that the sender is known to you and you trust them to deliver safe content.  This can be especially useful for preventing phishing email attacks where small variations on domain names can trick healthcare professionals who process a lot of email content on a daily basis. 

ExecProtect is Paubox’s patented form of whitelisting. It checks incoming emails against a whitelist of your organization’s email addresses in order to block display name spoofing attacks. Additionally, whitelisting can mitigate and reduce the risk of violating HIPAA by preventing the unauthorized exposure of protected health information.


How Paubox can help


Paubox Email Suite Plus allows you to configure your own blacklist and whitelist rules. It comes with inbound email security features that protect healthcare professionals from malware, viruses, and ransomware for protection against cyberattacks and to mitigate the risk of data breaches. Paubox Email Suite Plus also comes with patent-pending Zero Trust Email, which follows the security parameters of Zero Trust in leveraging two-factor authentication for email delivery. 


Try Paubox Email Suite Plus for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.