Racially loaded terms like Master-Slave Infrastructure and Master-Git-Branch, and many others have been in constant discussion over the past few years. And we want to make sure that everybody knows and understands that we are entirely in favor of making changes to those terms.
The same discussion has evolved over the last few years in our industry with the terminology around “blacklist” and “whitelist.” Those terminologies have existed for a very long time, not only in the tech world. In some societies, Black and White are associated with Night and Day. In Eastern Culture with dualism like in Yin and Yang. Still, some feel these terms are negatively loaded, and the discussion around changing them is absolutely legit.
The question of why we, as Abusix, haven’t made the complete change yet has many reasons. So let us explain our thoughts and concerns here:
No industry alignment on terminologies
First, there is a diverse set of new names in the wild for “blacklist” alternatives, such as blocklist, denylist, reject list, droplist, exclude list (the list goes on). Looking at alternative terms for whitelist, we’ve seen the following: allowlist, safelist, accept list, welcome list, etc. By all means, they are supposed to mean all the same. Still, it just gets way too confusing if everybody uses different terminologies for the same thing.
Let’s look at some definitions. A blacklist is a list of banned or excluded things of disreputable character, while a whitelist is a list of approved or favored items. We all get what it means and it would have been unbelievably important to have an industry-wide agreement. Everybody could have adapted to simplify things for our industry user and customer base, while in fact, everybody is using a different approach.
Commonly Used Alternative Terms for Blacklist:
The two most commonly used alternatives for “blacklist” are denylist and blocklist.
Denylist is a term used in firewalls to deny traffic from a specific origin to enter the network. Generally the same concept, but completely different use cases and not based on the same data sets. Denying traffic on a firewall with data created for SMTP traffic is not a very good idea.
The term blocklist doesn’t fit 100% as well. It implies being used for blocking, which is not necessarily true. But at least it is as close to the old term and promises faster adoption, or does it? A benefit of the term blocklist is that it allows keeping the abbreviations such as RBL or DNSBL, as they produce millions of search results on Google and other search engines.
Commonly Used Alternative Terms for Whitelist:
Allowlist and Acceptlist are the terms used in firewalls. We also have seen “Safelist” as an alternative for the term whiteliste. Another one we just heard recently is “welcome-list”. By the logic of not changing abbreviations, this term makes a lot of sense. A DNSWL could still be a DNS Welcome List, and our friends at dnswl.org might get around a bothersome renaming.
Loss of Search Traffic and Search Results
As mentioned above, terms like blacklist, RBL, and DNSBL lead to millions of Google search results. Whether we like it or not, search engines play a significant role in anybody’s online business. But not only for the sake of traffic generation. But also for delivering valuable information to the person that only knows the terms blacklist and whitelist.
Frontend and Backend Efforts
People might say: “How hard can it be to switch from blacklist to blocklist?” It might look like it’s only about changing one letter, while the truth is that it is way more than that. It is about educating the users and not confusing them, getting them used to the new terminology. Doing all of that takes a lot of time and effort.
It’s one thing to change the marketing collateral, let’s say from blacklist to blocklist and from whitelist to welcome list, while 99% of the documentation, frontends, blog posts, and search results stay with the old terminology. Looking at the solutions and products our customers integrate our blocklist Abusix Mail Intelligence into, we see that over 90% still use the terms blacklist and whitelist in their frontends, configuration, files, and documentation. The other 10% that made a change are not speaking the same language. That might not be a problem for people navigating through that space every day, though it might be a problem for people looking at email security once a year or even less. We have already seen this happening.
Unfortunately, it seems that some efforts to find common ground in the industry have not been successful. Everybody keeps doing what they think is right. Additionally, even if the sector aligns one day, we still don’t know whether the users/audience is adapting to those changes. Those terminologies have been around for many years. People might use the new terms in public, while they might not use them when searching for it privately.
We have been talking to different vendors and open-source projects in the past few months, trying to find common ground. We learned that the majority is still unsure how and if to change but tends towards adopting the term blocklist.
Kevin A. McGrail, who is personally involved with the Apache SpamAssassin Project for nearly two decades, already started doing that change in SpamAssassin back in 2011. “Using ‘welcome list’ and ‘blocklist’ is non-offensive, more descriptive and, since ‘welcome’ and ‘block’ start with ‘W’ and ‘B,’ we avoid having to rename things like RBLs, WLBL, DNSBL, etc.,” he states in a blog post of the Guardian Digital. There are also other DNSBL providers out there, like Spamhaus, that are using the terminology blocklist instead of blacklist.
We wish there was an overall alignment on this topic, but there isn’t one as of now. That’s why we decided to go the same route and change our wording slowly but eventually from “blacklist” to “blocklist” and from “whitelist” to “welcome-list”.