What is an email whitelist and how does whitelisting work?

An email whitelist is a list of senders or domains whose emails are automatically considered trustworthy and not blocked by spam filters. Whitelisting checks if the sender is on this list; if so, the message is delivered, even if it meets other filter criteria. This way, users can ensure that important emails are reliably received.

What is an email whitelist?

A whitelist is the opposite of a blacklist. Instead of blocking individual senders, IP addresses, or domains, a passlist contains only entries that are explicitly allowed. These can include websites, programs, file extensions, email addresses, or individuals. In short, everything is prohibited except what is listed.

How does an email whitelist work?

Such lists are commonly used in firewalls. Administrators define which communication targets are permitted by adding them to an email whitelist, and only these are allowed through the firewall. All other connections are blocked. A similar principle applies to securing individual computers, where only approved applications can be installed via a whitelist.

In many cases, these lists also exclude certain file types — for example, files with the extensions .docx, .xlsx, or .exe — ensuring they are blocked from being opened or installed. Whitelists are also used to manage email systems or enforce youth protection rules, where only specific IP addresses or domains are granted access.

From a technical perspective, two key data sets are particularly important in the delivery of emails:

• The MX record of a domain. MX stands for Mail Exchange and specifies which server is responsible for handling email for that domain.
• The (often hidden) information in the email header, which makes it possible to trace an email’s path and check whether the stated sender actually matches the true sender. Spammers frequently manipulate the From and Return-Path fields to create false identities.

What are the advantages of whitelisting?

With email whitelists, administrators can centrally manage permissions for user interactions. This ensures both clarity and security when it comes to approved programs, web services, or senders. Content that is unsafe or not legally permitted is automatically filtered out and redirected to designated storage or quarantine. In this way, spam emails can be effectively reduced. The key requirement is to clearly define which interactions are permitted. The main advantage of this approach is that unknown senders, programs, or files cannot penetrate the protected system.

Recipients on an email whitelist will consistently receive messages from those senders. Emails from approved contacts skip the spam folder and are delivered straight to the inbox. In many cases, a small note within the message also prompts recipients to add the sender to their address book for ongoing reliable delivery.

How to create an email whitelist

When creating a passlist (whitelist), it’s important to consider several levels: internet service providers (ISPs), free or commercial email providers, and individual users. Many email providers allow you to manage your own blocklists and passlists. Keep in mind that blacklist entries may override whitelist entries — both terms are still commonly used. To configure these settings, a customer account with the provider is usually required.

A well-known, provider-independent option is DNSWL.ORG, a volunteer anti-spam coalition that offers a publicly accessible free whitelist (with a query limit). If your domain is listed there, you receive detailed information such as IP ranges and hostnames.

Among the most widely used paid reputation and whitelist services in the U.S. are Spamhaus and Return Path (Validity). These organizations work with major providers such as Gmail, Microsoft Outlook, and Yahoo to help improve email deliverability and reduce the chance of messages being flagged as spam. To be listed with such services, you generally need to register and meet specific requirements, including:

• Responsible and responsive handling of abuse reports from your network
• Proper registration in the Whois directory
• A proven track record with minimal spam complaints

New entries are carefully reviewed using both public and private data sources. Past spam activity linked to a domain or IP address can negatively impact approval. Networks with open or public users are given lower trust ratings, while tightly managed networks can achieve higher levels. Each provider also defines its own removal criteria if issues arise. In addition, U.S. senders must comply with the CAN-SPAM Act, which sets legal standards for commercial email and plays a central role in maintaining sender reputation.

Guides for creating an email whitelist

Although the technical principle behind whitelists is essentially the same, the practical steps can differ from one provider to another. On mobile devices, the procedures are usually very similar. In some cases, certain fields in the email client may be hidden by default, but these can typically be made visible through the settings or menu. On touchscreens, for example, tapping on the “From” field will reveal the sender’s actual email address — without opening the message itself. Here’s a brief overview with simple steps:

Gmail

• Log into your Google account and open your inbox
• Hover the mouse pointer over the email sender; a pop-up window will open
• Select “Add to contacts” (avatar with plus sign) in the window

Outlook for Microsoft 365 / Outlook 2019 and 2016

• Open the sender’s email that you want to add to the email whitelist
• Click the 3-dot icon
• Click on “Junk” and then on “Never Block Sender”

Outlook 2013 / Outlook 2010

• Right-click on the email from the sender you want to whitelist in the message preview window.
• In the context menu, go to “Junk”.
• Select “Never Block Sender” (or “Never Block Sender’s Domain” to allow all emails from that domain).
• If you choose “Junk Email Options”, you can open the settings window to adjust the level of junk mail protection and manage both the Safe Senders List (whitelist) and Blocked Senders List (blacklist).

Thunderbird

In Thunderbird, you can create additional address books beyond the default one — for example, an address book named Whitelist. Adding a sender to this list ensures their emails are treated as safe.

• Open the message from the sender you want to whitelist.
• Right-click on the sender’s email address.
• Select “Add to Address Book”.
• Confirm by clicking “OK”.

Yahoo Mail

• Open the message from the sender you want to whitelist.
• Hover over or click on the sender’s name in the “From” field.
• In the pop-up window, click “Add to contacts”.
• Fill in any details if you wish, then click “Save”.

Apple Mail

• Open the email you want to whitelist in the preview.
• Hover over the sender’s name (the top entry in the email header) and open the drop-down menu.
• Click “Add to Contacts” (or “Add to VIPs” if you want messages from this sender to be highlighted).
• Tip: In “Mail > Settings > Rules”, you can also create custom rules for specific email addresses to ensure those messages are always delivered to your inbox.

Create an email whitelist with a provider (IONOS)

With the IONOS email whitelist, you can make sure that messages from specific senders are always delivered in IONOS Webmail and never end up in the spam folder. To set this up, log in to your IONOS customer account and open the menu settings. Under the “Anti-SPAM” settings, go to the “Safe Senders” section and enter the email addresses or domains you want to whitelist. From then on, all emails from these senders will automatically be recognized as trustworthy. Using the IONOS whitelist gives you full control over your email traffic, prevents important messages from being filtered out, and ensures reliable delivery.