Description

The sender's domain contains punycode, a technique used by attackers to impersonate legitimate domains.

Sublime Security
Created Aug 17th, 2023 • Last updated Aug 21st, 2023
Source
type.inbound
and strings.ilike(sender.email.domain.domain, "*xn--*")
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.