Overview
This section explains the overview and setup procedure for the whitelist feature, which can be configured via:
[Admin Console] → [Account Settings] → [Security Center] → [Security Settings] menu.
Detail
Whitelist feature overview
Recently, there have been cases of malicious third parties obtaining login information for OTAs such as Booking.com and Airbnb, as well as site controllers, and then committing fraud by asking guests to re-enter their credit card information.
The most important countermeasure is to thoroughly manage your accounts as described below to prevent unauthorized logins.
Set a strong passwords
Change your password regularly
Manage login credentials in a secure environment
Enable Two-Factor Authentication (2FA)
The whitelist feature acts as a last line of defense in the unfortunate event that a login is compromised. Fraudulent messages typically attempt to direct guests to an external URL and steal their credit card information through fake pages.
To protect guests, AirHost currently inserts a security warning at the beginning of any message that contains a URL, except for a few pre-approved URLs such as the pre-check-in link. This ensures guests are aware and can exercise caution when clicking on unknown links.
***Auto-Generated Message
This message contains external links. For your safety, if you are asked to enter your credit card information, please contact the hotel directly to verify the authenticity.
When the whitelist feature is enabled, the following behavior changes will apply:
If a URL included in the message is already registered in the whitelist, the message will be sent without a warning message.
If a URL included in the message is not registered in the whitelist, the message will not be sent.
This feature allows users to manage safe URLs on their own.
How to set up the Whitelist Feature
Go to [Admin Console] → [Account Settings] → [Security Center] → [Security Settings], and enable “Enable Whitelist Verification”.
Note:
This action can only be performed by the owner user who was initially registered when the account was created.
Open the "Whitelist Settings" and add the domain of the URLs you wish to allow to the list, then save it. (*No need to add the pre-check-in URL.)
By saving the settings, the whitelist function will be enabled.
When entering an email address in a message, if it contains “.com”, the whitelist may be triggered.
If you plan to send such messages, please register them in advance.
⚠️ Important Notes for URL Whitelist Settings
Do not register non-standard URLs that contain Japanese characters or other special formats.
Doing so may cause automatic messages and customer service messages to fail sending.Please copy and paste the URL exactly as it appears in the browser’s address bar when registering it.
Please register the domain (e.g., www.notion.so) instead of a page-specific URL.
Shortened or page-level URLs such as https://www.notion.so/xxxxx may cause message sending errors.
If you want to allow multiple pages within the same site, you do not need to register each individual link.
For example, registering www.notion.so will allow all pages under that domain.
Additional Note:
[November 2024]
URLs containing “?” can now be registered in the whitelist.