Block Punycode | Voters

Block Punycode

Scott

We need an option to block punycode and other homograph DNS attacks. A temporary alternative would be to block any domain that starts with "xn--" or block anything that doesn't fall within the traditional ASCII character set.

April 27, 2021

Brett

Another example is xn--e1awd7f[.]com which decodes to еріс[.]com to the user. The real epic[.]com is a healthcare site. Users of Firefox will not know the difference until they land on the suspicious parked site. Some browsers are trying to block known bad punycode sites or at least not decode them. It's all very shady and I can't rely on my users to recognize this type of obfuscation. Please allow us to block all punycode domains as Scott requested in April of 2021.

Also, I request an option to block punycode TLD. There are 152 of them right now according to iana.org (data.iana.org/TLD/tlds-alpha-by-domain.txt ) I'm using the universal policy to block them for now but in a few years, who knows how many there will be. Would be a shame to fill my filter policy with nothing but Punycode TLD blocks.

Steve Staden

Merged in a post:

Block domains with Homoglyphs

Thomas

Request a category to block domains that have homoglyphs.
In most cases, these are threats.
All these Cs are different characters:
C c ϲ Ϲ С с Ꮯ Ⅽ ⅽ Ｃｃ
Only the one with the half serif looks visually different. Different ascii codes for each, so a malicious domain name can be set up with any of these.
This domain аррⅼе.ⅽоⅿ contains none of the correct characters.

September 7, 2023