High Severity
Punycode sender domain
Description
The sender's domain contains punycode, a technique used by attackers to impersonate legitimate domains.
References
Sublime Security
Created Aug 17th, 2023 • Last updated Aug 21st, 2023
Feed Source
Sublime Core Feed
Source
type.inbound
and strings.ilike(sender.email.domain.domain, "*xn--*")
Playground
Test against your own EMLs or sample data.