adam's notes

Cousin Domains

Cousin domains are domain names or domain name parts that closely resemble an organization’s real domain.

  • SPF, DKIM, and DMARC do not solve problem of cousin domains or look-alike domains
  • phishers exploit the fact that many organizations use hosted email servers
    • for business tasks like customer service or support ticketing
    • e.g., for legit email support@realcompany.serviceprovider.foo a phisher might use:
      • support@reelcompany.serviceprovider.foo
      • support@realcompany.srviceprovider.foo

Graph View

Backlinks