Domain Security

DNSSEC

Cryptographic extensions that authenticate DNS responses to prevent tampering.

SSL/TLS Certificate

Cryptographic certificate enabling encrypted HTTPS connections for a domain.

Domain Hijacking

Unauthorized takeover of a domain through social engineering or security exploits.

Domain Security

All measures protecting domain names from unauthorized access or modification.

HTTPS Requirement (HSTS)

TLD-level requirement for HTTPS, enforced via browser HSTS preload lists.

DNS Spoofing (Cache Poisoning)

Attack that corrupts DNS cache data to redirect users to malicious sites.

Typosquatting

Registering misspelled variants of popular domains to capture mistyped traffic.

Cybersquatting

Registering domains in bad faith that infringe on existing trademarks.

SPF Record

DNS TXT record specifying authorized email-sending servers for a domain.

DMARC

Email authentication protocol that uses SPF and DKIM to prevent email spoofing.

DKIM

Email authentication adding digital signatures verified via DNS public keys.

Domain Abuse

Malicious use of domains for phishing, malware, spam, or fraud.

Domain Shadowing

Attack creating malicious subdomains under a legitimate domain after compromising its registrar account.

DNS Rebinding

Attack that tricks browsers into accessing internal network resources by rapidly changing a domain's DNS resolution.

Certificate Transparency (CT)

Open standard requiring all TLS certificates to be recorded in public, auditable logs for transparency and abuse detection.

HSTS Preloading

Submission of a domain to browser preload lists ensuring HTTPS-only access from the very first connection.

DANE (DNS-Based Authentication of Named Entities)

Protocol using DNSSEC-signed TLSA records to bind TLS certificates to domains, bypassing traditional CA trust.

RPZ (Response Policy Zone)

DNS firewall mechanism allowing resolvers to block or redirect queries for domains on threat intelligence lists.

Domain Fronting

Technique hiding traffic's true destination by using a trusted domain's CDN infrastructure to route encrypted requests.

BIMI (Brand Indicators for Message Identification)

Email standard enabling verified brand logos in inboxes, requiring DMARC enforcement and a Verified Mark Certificate.

MTA-STS (Mail Transfer Agent Strict Transport Security)

Standard requiring mail servers to use valid TLS when delivering email to a domain, preventing TLS downgrade attacks.

Domain Reputation

Score assigned to a domain based on abuse history, email behavior, and content signals used by filters and security systems.