The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Add Punycode Domain Name to Destination List

To block suspicious destinations and prevent phishing attacks, you can add a domain name encoded in Punycode to destination lists. For more information about preventing Punycode attacks, see Umbrella Learning Center: Punycode Awareness and Protection.

What is Punycode?

Punycode is a way to represent domain names that use characters outside of the standard ASCII set. The domain name system (DNS) accepts a subset of ASCII characters for domain name labels. Because Punycode uses characters that look similar, it can be used to mislead unsuspecting users to malicious content.

In phishing attacks, a malicious actor may replace certain ASCII characters in a domain name with Unicode characters. A browser or mobile client displays the altered domain name (as Unicode) which closely resembles an authentic domain name. For example, bücher.com and bucher.com look similar but are different domains.

To prevent phishing attacks and block malicious domain names, encode a domain name that contains Unicode characters in Punycode. Once encoded, add the Punycode string to a destination list. For more information about Punycode, see RFC 3429.

Note: You can only add Punycode encoded domain names to a destination list one at a time.

Examples of Unicode and Punycode Encoded Strings

Unicode
Punycode
Description

a

a-

Only one ASCII character.

😉

xn--n28h

Only one emoji character.

α

mxa

Only one Greek character.

starɓucks.com

xn--starucks-hpd.com

Domain name with a Unicode character.

adıdas.de

Domain name with a Unicode character.


Add Top-Level Domains to Destination Lists < Add Punycode Domain Name to Destination List > Test Your Destinations

Updated about a month ago

Add Punycode Domain Name to Destination List


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.