Glossary

Brand-protection glossary

The vocabulary of brand impersonation and lookalike-domain defense, defined plainly.

BIMI

Brand Indicators for Message Identification

BIMI displays your verified logo next to authenticated email in supporting inboxes; it requires DMARC at enforcement and usually a trademark-backed Verified Mark Certificate.

Bitsquatting

Bitsquatting registers domains one bit-flip away from a real one, catching traffic from devices where a memory error corrupts a single bit of the domain name.

Certificate Transparency

CT logs, CT

Certificate Transparency is an open framework (RFC 6962) of public, append-only logs of every TLS certificate issued — an early-warning signal for brand-impersonation domains.

Combosquatting

cousin domains

Combosquatting registers a domain that keeps the brand spelled correctly and adds a keyword, like acmebank-secure.com — the most common lookalike-domain pattern.

DMARC

Domain-based Message Authentication, Reporting and Conformance

DMARC is the email-authentication policy that ties SPF and DKIM to the visible From address, stopping spoofing of your exact domain — but not lookalike domains.

DNS Sinkhole

sinkhole

A DNS sinkhole redirects a malicious domain to a controlled, harmless server, neutralizing a phishing or malware domain without waiting for it to be deregistered.

Homoglyph

confusable character

A homoglyph is a character that looks identical to another but has a different code point, such as a Cyrillic "а" used in place of a Latin "a" to spoof a domain.

IDN Homograph Attack

IDN spoofing, script spoofing

An IDN homograph attack registers a domain using confusable Unicode characters from other scripts so it looks identical to a trusted brand in the address bar.

Newly Registered Domain

NRD

A newly registered domain (NRD) is one registered within roughly the last 30 days — a strong risk signal, since most impersonation and phishing domains are freshly registered.

Passive DNS

pDNS

Passive DNS is a historical database of observed DNS resolutions, used to see what a lookalike domain resolved to over time and to pivot across attacker infrastructure.

Punycode

xn-- prefix

Punycode is the ASCII encoding the DNS uses for Unicode domain labels, marked by an xn-- prefix — the form an internationalized domain is actually registered and resolved as.

RDAP

Registration Data Access Protocol

RDAP is the modern, structured (JSON over HTTPS) successor to WHOIS for looking up domain registration data, including the registrar and its abuse contact.

Typosquatting

URL hijacking, typo domains

Typosquatting registers misspellings of a legitimate domain — like acmebnk.com for acmebank.com — to capture mistyped traffic for phishing, malware, or ad fraud.

UDRP

Uniform Domain-Name Dispute-Resolution Policy

The UDRP is ICANN's administrative process for resolving domain disputes; a win can transfer or cancel a domain that infringes your trademark in bad faith.

URS

Uniform Rapid Suspension System

The URS is a faster, cheaper alternative to the UDRP for clear-cut cases on new gTLDs; it suspends the infringing domain rather than transferring it.

WHOIS

WHOIS is the legacy protocol for looking up domain registration data; it is being superseded by RDAP and is often redacted for privacy after GDPR.

Free exposure report

See what's impersonating your brand

Send us a domain. We run a passive sweep — permutations, certificate logs, DNS — and send back what we find, free. No signup, no sales call to start.

Get a free exposure report