.MOI

Targeting of « newborn » domain names : the future of email screening ?

November 24, 2016

The sending of emails with links redirecting toward malware sites is, unfortunately, a common practice of cybercriminals, targeting many people and companies.

Regularly updated black lists allow email service providers to filter malware contents. However, numerous malware networks are designed to register new domain names (quickly abandoned) on a regular basis, allowing the cybercriminals to stay ahead of the black lists.

It is in this context that a patent application filed by the American company BOEING has been published by the USPTO (Pub. N° 2016/0337394, available here. The patent application, entitled « Newborn Domain Screening of Electronic mail messages », proposes a solution against the constant use of new domain names by cybercriminals.

The aforementioned he patent application describes an apparatus consisting of several steps, summarized below: - The tool detects the domain name used by an URL displayed in the subject, body or enclosures of a received email; - The Tool launches a WHOIS request on the detected domain name and determines its registration date; - If the domain name is considered « too recent », the tool may, for example, deactivate the link, send a warning to the recipient or quarantine the email.

Without making any assumption about the patentability of this invention, the described apparatus appears to provide a simple, but potentially effective solution to the problem mentioned above. It could be argued that some Top Level Domains WHOIS services are known for not displaying information on the domains registration dates. However, it should be recalled that in most cases, cybercriminals favor inexpensive, easy to register/abandondomain names : GTLDs in most cases, whose creation dates are available in the WHOIS database.

We can only hope that this solution will be implemented and commercialized in the near future.

A lire également :

← Ciblage des noms de domaine « nouveaux nés » : l’avenir du filtrage de courriels ?

24/11/2016 L’envoi de courriels contenant des liens (...)

Quand le cybersquatting fait chuter les marchés financiers →

24/11/2016 Une fois n'est pas coutume, le (...)
.MOI
ICANN ACCREDITED REGISTRAR TMCH OFFICIAL AGENT VERISIGN ACCREDITED REGISTRAR RESTENA (.LU) ACCREDITED REGISTRAR CENTRANIC ACCREDITED REGISTRAR AFNIC ACCREDITED REGISTRAR EURID ACCREDITED REGISTRAR NOMINET ACCREDITED REGISTRAR FICORA ACCREDITED REGISTRAR RIGHTSIDE ACCREDITED REGISTRAR DONUTS ACCREDITED REGISTRAR ZA CENTRAL REGISTRY ACCREDITED REGISTRAR ZA CENTRAL REGISTRY : .AFRICA ACCREDITED REGISTRAR

Droits des détenteurs (ICANN)
Politique de suppression de domaine expirés
Conditions de service proxy
Conditions Générales de Vente
Conditions Particulières Noms de domaine
Réclamations