Blog

Discover our latest research findings, technical insights, and expert analysis

INFERMAL Project: Analyzing Features of Malicious Domain Registrations
ICANN Research
4 min read

INFERMAL Project: Analyzing Features of Malicious Domain Registrations

INFERMAL Project, funded by ICANN and conducted by KOR Labs, is dedicated to understanding the selection patterns behind cybercriminals' preferences for specific domain name registrars and top-level domains (TLDs) in their phishing operations.

Read more
Building a Resilient Domain Whitelist to Enhance Phishing Blocklist Accuracy
Blocklists Research
6 min read

Building a Resilient Domain Whitelist to Enhance Phishing Blocklist Accuracy

Community-driven and automated methods for constructing phishing blocklists may occasionally result in false positives, erroneously flagging benign domains or URLs as malicious. This blog discusses how we address this problem.

Read more
The D(M)ARC Side of the Email Reporting System
Email Research
5 min read

The D(M)ARC Side of the Email Reporting System

This blog post presents a large-scale study of DMARC to observe the user habits and preferences, consider the evolution of DMARC adoption in time, and understand how popular domains use DMARC.

Read more
Phishing Attack Trends
NetBeacon Phishing
5 min read

Phishing Attack Trends

Since collecting and publishing data on the number of unique domains used for phishing attacks and malware distribution as part of our NetBeacon MAP reporting, we've been on the lookout for any discernible patterns or trends. This blog post discusses one of those.

Read more
Measuring DNS Abuse is Difficult
DNSAI
2 min read

Measuring DNS Abuse is Difficult

This blog is a condensed overview from our full report titled "Why do different DNS Abuse measurement projects result in different numbers" and is meant to create a greater awareness of how DNS Abuse is measured.

Read more
Challenges in Measuring DNS Abuse
DNSAI
9 min read

Challenges in Measuring DNS Abuse

This blog covers an interesting case of suspected abuse in a gTLD registry between February and April 2023. It is a good example of an edge case, where the decision on whether or not to mitigate was not clear cut, and different levels of evidence were available at different time.

Read more
Introducing Compass Dashboards
DNSAI
4 min read

Introducing Compass Dashboards

Compass Dashboards empower registries and registrars with data to understand phishing and malware trends in their zone, over time, and compared against peers.

Read more