Blocking .zip and .mov Top Level Domains from Office 365 Email
source link: https://joeydantoni.com/2023/05/15/blocking-zip-and-mov-top-level-domains-from-office-365-email/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Blocking .zip and .mov Top Level Domains from Office 365 Email – The SQL HeraldSkip to content
Last week, Google announced that they were selling domain registrations for the .zip and .mov top-level domains (TLDs). Google registered these TLDs as part of ICANN’s generic top level domain program. Spammers and threat actors everywhere have rejoiced at this notion–.zip and .mov files are very common malware vectors. While there haven’t been any real-world observations of attacks the SANS institute is recommended proactively blocking these domains from your network, until we better understand their behavior.
There are a number of places to block these domains (and you will see various blogs from DCAC consultants this week about the different areas). I have become our defacto email admin, so I decided to handle the Office 365 side of this.
The first thing you need to do is login to the Exchange Admin Center, which is admin.exchange.microsoft.com.
The way you are going to block a whole TLD, is using mail flow rules. You can also block an entire domain (hiya Chris Beaver), using the accepted domain feature, but that feature doesn’t not allow you to block a TLD. So on the left, expand the mail flow object in the hive, and click on rules, and then click on “Create a Rule”
In your rule, you will first need to give it a name–this is just metadata–I used Blocked Spammy Domains Demo. For where to apply this rule select “The Sender” and then “address matches any of these text patterns” and then add the patterns \.zip$ and \.mov$ as shown below.
Next you have to specify an action–here I’m going to reject the message and include an explanation that gets sent back to the sender. “Buy a better domain spammer”. Next, I’m going to notify the recipient that a spammy domain was trying to email you.
After that, you can click next, and then you will be on the set rule settings page. Select “enforce” and activate this rule and then click next again.
On the final screen, click finish to complete the rule.
Your email is now protected from these spammy domains, that could be nefarious.
Recommend
-
6
DNS Hijacking – Taking Over Top-Level Domains and Subdomains / January 19, 2021
-
4
Aug 27, 2021 — 22:22 CUT MacStories Unwind: Club Announcements, Custom Domains for Email, and TestFlight for Mac
-
6
List of disposable email domains This repo contains a list of disposable and temporary email address domains
-
4
Catalin Cimpanu February 11, 2022 Thousands of npm accounts use email addresses with expired domains
-
12
Siv Scripts Solving Problems Using Code I started taking classes at
-
3
How to host email for custom domains for free (or almost free) has_many :codes Tips and walkthroughs on web technologies and digital life Update July 27, 2022
-
15
A list of all email provider domains (free, paid, blacklist etc). Some of these are probably not around anymore. I've combined a dozen lists from around the web. Current "major providers" should all be in here as of the date this is created...
-
6
Security researcher: New zip and mov top-level domains from Google pose phishing risks...
-
0
This Week In Security: .zip Domains, Zip Scanning ...
-
5
That means that Google won't default .ai domains as being geo-specific to Anguilla. Barry Schwartz on June 1, 2...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK