The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Add Punycode Domain Name to Destination List

To block suspicious destinations and prevent phishing attacks, you can add a domain name encoded in Punycode to destination lists. For more information about preventing Punycode attacks, see Umbrella Learning Center: Punycode Awareness and Protection.

What is Punycode?

Punycode is a way to represent domain names that use characters outside of the standard ASCII set. The domain name system (DNS) accepts a subset of ASCII characters for domain name labels. Because Punycode uses characters that look similar, it can be used to mislead unsuspecting users to malicious content.

In phishing attacks, a malicious actor may replace certain ASCII characters in a domain name with Unicode characters. A browser or mobile client displays the altered domain name (as Unicode) which closely resembles an authentic domain name. For example, bü and look similar but are different domains.

To prevent phishing attacks and block malicious domain names, encode a domain name that contains Unicode characters in Punycode. Once encoded, add the Punycode string to a destination list. For more information about Punycode, see RFC 3429.

Note: You can only add Punycode encoded domain names to a destination list one at a time.

Examples of Unicode and Punycode Encoded Strings




Only one ASCII character.



Only one emoji character.



Only one Greek character.


Domain name with a Unicode character.


Domain name with a Unicode character.

Add Top-Level Domains To Destination Lists < Add Punycode Domain Name to Destination List > Test Your Destinations

Updated about a month ago

Add Punycode Domain Name to Destination List

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.