| 主权项 |
1. A method comprising:
maintaining within a private network a database including information regarding each of a plurality of domains, including legitimate domains and doppelganger domains, wherein the the doppelganger domains represent potential malicious domains and include one or more of (i) a misspellling of a fully qualified domain name (FQDN) of a well-known domain and (ii) an FQDN spelled identically to a legitimate FQDN but without a dot between a hostname portion and a domain name portion of the legitimate FQDN, wherein the information includes an indication regarding perceived legitimacy of the domain and one or more of an indication regarding configuration status of a mail server associated with the domain, an indication of a registered owner of the domain and an indication regarding how long the domain has been registered; receiving, by an email security appliance associated with the private network, an outbound email message originated by a host computing system of the private network and directed to a destination external to the private network; evaluating, by the email security appliance, a target domain specified within an address field of the outbound email message with reference to the database; when the indication regarding perceived legitimacy for the target domain identifies the target domain as acceptable to access, then allowing transmission of the outbound email message to the desination; and when the indication regarding perceived legitimacy for the target domain identifies the target domain as unacceptable to access, then preventing transmission of the outbound email message to the destination. |
