Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Increased usage of unregistered spam domains

Consider a spam email that promotes an online casino site. URL check and filtering systems that block access to such sites usually run a few checks before adding the URL to the “spam” category. One of these checks is that the URL is registered. Once this is known the date of registration can be checked – bad sites usually have registrations that are only several hours old and this is then an important indicator of the reputation of a site.

But what if the site is not registered (as in the spam example shown above)? Many URL reputation systems will not blacklist such a site and will not be able to pursue any further reputation checks (such as the date of registration). This loophole allows spammers to send out emails linking to unregistered URLs – and then register them an hour or so after the outbreak in order to prevent the URLs from being blocked.

Although this trick has been used in the past, the previous 2 weeks have seen extensive usage made with outbreaks of several hundred million emails and many thousands of unregistered URLs. Of course a recipient who actually clicks on the link in the first hour or so will not reach the destination – but the spammers seem to think that this is worth the reduced blockage.

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...