Millions of new domains are registered on the internet each day, but not all domains are created equal. Malware, spam, phishing, and many other scams are brought to life daily by nefarious actors seeking to steal money, access to information, and intellectual property. It takes time for these domains to be vetted and classified as either malicious or benign. Fresh Domains is designed to protect you during much of the time needed to determine the intent of a domain.
As systems and analysts become faster and more capable of identifying, categorizing, and responding to threats, miscreants and actors of ill-intent are forced to use the domains they register at a faster rate. The first hours of use are the hardest for many security controls to protect against these threats.
OSC analysts and systems are in a unique position to see some of the critical first moments of a domain's actions due to our unique positioning of passive DNS sensors detecting an average more than one million new domains daily. Once OSC detects a domain that our systems have never seen before, it is added to the Fresh Domains system. This is where the protection process begins for our subscribers. Fresh Domains is designed to help protect against a variety of threats in concert with other security tools.
Best of all, Fresh Domains uses the efficiency of DNS to provide this protection in a fast, reliable, and scalable manner. Fresh Domains serves as an essential layer of protection against threats including business email compromise (BEC), malware, and phishing.
Business Email Compromise
Business email compromise (BEC), also known as executive impersonation fraud, is a multi-billion dollar problem. The actors engaged in this fraud often set up look-alike domains of their targets. They then quickly begin sending emails to individuals inside the target organization requesting expedient wire transfers. The response and losses to these emails are staggering. Fresh Domains can be used in conjunction with mail filters to block email to any domains that are on the DNSBL.
The largest volume of unwanted email is sent via malware. This spam includes pharma or pill spam, click-bait spam promising breaking and shocking news about celebrities, traditional 419 spam, and many others. The purposes for sending the spam vary as much as the spam itself. Oftentimes spammers are including links to programs called droppers, malicious programs that provide a foothold onto a computer system for many other nefarious follow-on infections. Another common technique is a direct request to send money or gift cards to foreign entities in exchange for a promise of a reward worth many times the value of funds sent. Whatever the purpose of this spam, your organization can use the DNSBL to help increase productivity and lower organizational risk by keeping many of these emails out of individual inboxes.
Phishing can take many forms. Similar to BEC, actors regularly set up look-alike domain and host names. Unlike BEC, replicas of the target site are hosted using the look-alike infrastructure. This deception risks disclosure of sensitive data such as credentials, financial, and payment information. Utilizing the Fresh Domains DNSBL on incoming mail will prevent phishing emails from domains on the DNSBL from delivery to the target's inbox.
Utilizing Fresh Domains
Utilizing the Open Source Context DNSBL is an easy process for your mail administrator. In fact, there are only two things required to start utilizing the DNSBL and help reduce risk within your organization:
- obtain a free trial subscription
- a mail filtering application or appliance capable of utilizing a DNSBL
A free trial subscription can be requested using the button at the bottom of this page. Open Source Context staff will provide you with the appropriate settings to use in your environment.
More information about implementing the DNSBL can be found on our support page.