Guides
ProductDeveloperPartnerPersonal

Add Punycode Domain Name to Destination List

To block suspicious destinations and prevent phishing attacks, you can add a domain name encoded in Punycode to destination lists. For more information about preventing Punycode attacks, see Umbrella Learning Center: Punycode Awareness and Protection.

What is Punycode?

Punycode is a way to represent domain names that use characters outside of the standard ASCII set. The domain name system (DNS) accepts a subset of ASCII characters for domain name labels. Because Punycode uses characters that look similar, it can be used to mislead unsuspecting users to malicious content.

In phishing attacks, a malicious actor may replace certain ASCII characters in a domain name with Unicode characters. A browser or mobile client displays the altered domain name (as Unicode) which closely resembles an authentic domain name. For example, bücher.com and bucher.com look similar but are different domains.

To prevent phishing attacks and block malicious domain names, encode a domain name that contains Unicode characters in Punycode. Once encoded, add the Punycode string to a destination list. For more information about Punycode, see RFC 3429.

Note: You can only add Punycode encoded domain names to a destination list one at a time.

Examples of Unicode and Punycode Encoded Strings

UnicodePunycodeDescription
aa-Only one ASCII character.
😉xn--n28hOnly one emoji character.
αmxaOnly one Greek character.
starɓucks.comxn--starucks-hpd.comDomain name with a Unicode character.
adıdas.dehttp://xn--addas-o4a.de/Domain name with a Unicode character.

Add Top-Level Domains To Destination Lists < Add Punycode Domain Name to Destination List > Test Your Destinations