Interception of Emails to Doppelganger Domains
(Last updated on September 7, 2023)
In response to the recent incidents of information leakage caused by misdirected e-mails to so-called "Doppelganger Domains(*)", we have blocked e-mails from our internal mail system to destinations that are strongly suspected of being doppelganger domains.
Doppelganger Domain
Doppelganger domains are domain names that have names similar to well-known domain names and are easily mis-typed or mis-recognized.
For example, gmai.com and gmail.co are doppelganger domains for gmail.com which have been in the news recently.
By using a doppelganger domain name and receiving erroneously sent e-mails from users, an organization's confidential or personal information can be obtained.
Doppelganger domains are domain names that have names similar to well-known domain names and are easily mis-typed or mis-recognized.
For example, gmai.com and gmail.co are doppelganger domains for gmail.com which have been in the news recently.
By using a doppelganger domain name and receiving erroneously sent e-mails from users, an organization's confidential or personal information can be obtained.
Targets for outbound blocking
The following domains are currently subject to outbound blocking.
- Doppelganger domains for gmail.com (e.g. gmai.com, gmail.co, etc.)
- Doppelganger domains for icloud.com (e.g. iclud.com, etc.)
Others than the above may be added depending on the situation.
Behavior when sending blocked
An error (mail) with the following contents is returned when sending mail, and mail sending is not executed.
SMTP Response Code: 550 Message: Your Email Has Been Rejected Because It Violates Organization Policy. Please Check RCPT Address.
Internal mail systems to which the send block is applied
Date of change
September 7, 2023
Last-Modified: September 7, 2023
The content ends at this position.