Back to Security Pattern Catalog

Network Address Blacklist

Classification Key : Exterior Security, Spoofing


Identifying the malicious users at the system access point is a very effective defense mechanism. However, it is computationally expensive. How can a malicious user be identified?


Maintain a list of network addresses that exhibit inappropriate behavior. Drop requests received from a blacklisted address.

Known Uses

RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.

Related Patterns

Policy Enforcement Point, Minefield


Kienzle et. al. Repository


Honey-pot, Blacklist


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz