An Allow List is a simple concept. Essentially, it's a list of addresses or domains that you've deemed safe, and thus emails from those addresses or domains shouldn't be filtered and should be "allowed" into the inbox.

Major sites, like Google, Facebook, and more, are often on Allow Lists. Another major site that's often on Allow Lists is Apple. Like in this email: 



In the above example, “” was in this customer’s Allow List. 

This is a phishing email. Hackers spoofed the Apple website to send a phishing link in a classic credential scheme. If Apple is on the Allow List, it goes right into the inbox. 

When we crunched the numbers for our 1H 2021 Cyber Attack Report, we found that 8.14% of phishing emails ended up in the user’s inbox simply because of an allow or block list misconfiguration. This is an increase of 5.3% from the 2019 Global Phish Report.

The problem gets worse depending on the security solution in use. When sitting behind an SEG, we found that 15.4% of email attacks are on an Allow List.

With Avanan, there are no prerequisites or complicated rules to follow. Just connect Avanan and it begins working. This process is faster with mature AI platforms and Avanan’s AI has a unique advantage because Avanan is trained with a dataset of emails that are missed by the email layers that come before Avanan. 

Subscribe to Our Attack Briefs for More Research