{"componentChunkName":"component---src-templates-landing-page-subdomailing-tsx","path":"/subdomailing","result":{"pageContext":{"slug":"/subdomailing","template":"landing-page-subdomailing","flags":{"topStripLogo":"https://cdn.guard.io/uploads/img_b86e1a02bbe0ff8e.svg+xml","pageTitle":"SubdoMailing Checker Tool | Guardio","pageDesc":"Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers","cta":null,"hero":null,"headerMenuType":null,"pageImage":"https://cdn.guard.io/uploads/img_d278c579814824e5.png","subdomailingCopyLinkText":"Link copied to clipboard","subdomailingSections":["hero","dataNumbers","textbox","topExamples","textAndImages","takeActionSection","footer"],"subdomailingFooter":{"disclaimerText":"The search results provided are derived from Guardio Labs internal \"SubdoMailing\" research findings. This tool and the results of our research are not an exhaustive nor complete database of hijacked domains or subdomains. As such, the results may occasionally yield inaccurate information or may fail to identify relevant information. If you believe that the outcomes of your search are erroneous for any reason, please reach out to us at <a href=\"mailto:subdomailing@guard.io\">subdomailing@guard.io</a>","title":"Protect your inbox from SubdoMailers","desc":"Get Guardio to protect yourself from malicious emails and online threats.","copyrightsText":"Guardio © 2024  //  All rights reserved","iconsUrls":[{"src":"https://cdn.guard.io/uploads/img_1ea30007f3e35a4c.svg+xml","dest":"https://twitter.com/intent/post?text=Check%20if%20your%20domain%20has%20also%20fallen%20into%20the%20wrong%20hands%20with%20Guardio%E2%80%99s%20SubdoMailing%20checker%20-%20%20https%3A%2F%2Fguard.io%2Fsubdomailing"},{"src":"https://cdn.guard.io/uploads/img_da13fee7cbeef945.svg+xml","dest":"https://www.linkedin.com/shareArticle/?mini=true&url=Check%20if%20your%20domain%20has%20also%20fallen%20into%20the%20wrong%20hands%20with%20Guardio%E2%80%99s%20SubdoMailing%20checker%20-%20%20https%3A//guard.io/subdomailing"},{"src":"https://cdn.guard.io/uploads/img_e2042ecbb3c904f7.svg+xml","dest":"copy"}],"cta":{"action":"redirect","dest":"https://chromewebstore.google.com/detail/guardio-protection-for-ch/gjfpmkejnolcfklaaddjnckanhhgegla","label":"Try for free"}},"subdomailingTakeActionSection":{"title":"How to protect your domain:","cards":[{"title":"Monitor all your CNAME records","desc":"These should only link to domains that are under your control or under a trusted party’s control. Also, remove any unused subdomains from your DNS records."},{"title":"Remove permissive SPF settings","desc":"Avoid configurations that permit all senders (+all), use caution with SoftFail (~all) or Neutral (?all), and take extra care with including IP ranges outside your control."},{"title":"Monitor your SPF Policies","desc":"Audit your SPF records for the main domain as well as all subdomains, ensuring all approved domains and IP addresses are under your or a trusted party's control."},{"title":"Implement DMARC","desc":"In order to prevent unauthorized use of your domain in email spoofing, set DMARC to quarantine unaligned emails, and enable reporting to monitor abuse attempts."}]},"subdomailingTextAndImages":[{"title":"CNAME-Takeover","desc":"Forgotten subdomains with CNAME records pointing to abandoned domains can be hijacked if attackers register these domains. This grants them control to host sites, send emails, and potentially steal cookies from your visitors under your subdomain's guise.","asset":"https://cdn.guard.io/uploads/img_057380234826eed3.svg+xml","direction":"left","imageAlt":"cname takeover"},{"title":"SPF-Takeover","desc":"SPF authorize specific senders to use your domain for emails. If they list outdated or abandoned domains and those get re-registered by attackers, these malicious actors can then add their own servers to your SPF, sending emails as if they were you, complete with your authentication.","asset":"https://cdn.guard.io/uploads/img_ea9884eca99022fd.svg+xml","direction":"right","imageAlt":"spf takeover scam"}],"subdomailingHero":{"title":"SubdoMailing Checker","logoDest":"https://labs.guard.io","errors":{"domainNotFound":"Not found in our database of compromised domains. <a href=\"#take-action-section\">Make sure your domain is safe</a>","invalidDomain":"Domain unrecognized, please use “example.com” format."},"subtitle":"Type in a domain to see if it’s been compromised by “SubdoMailers”","inputPlaceholder":"example.com","inputButtonText":"Check","inputSubtitle":"Known Affected Domains: <span color=\"#FF461E\">8,756</span> | Last updated: 14.2.24 (last 60 days)","ctaText":"Spread the word","iconsUrls":[{"src":"https://cdn.guard.io/uploads/img_7b4cc4eb81812e0e.svg+xml","dest":"https://twitter.com/intent/post?text=Check%20if%20your%20domain%20has%20also%20fallen%20into%20the%20wrong%20hands%20with%20Guardio%E2%80%99s%20SubdoMailing%20checker%20-%20%20https%3A%2F%2Fguard.io%2Fsubdomailing"},{"src":"https://cdn.guard.io/uploads/img_850f4254479485d1.svg+xml","dest":"https://www.linkedin.com/shareArticle/?mini=true&url=Check%20if%20your%20domain%20has%20also%20fallen%20into%20the%20wrong%20hands%20with%20Guardio%E2%80%99s%20SubdoMailing%20checker%20-%20%20https%3A//guard.io/subdomailing"},{"src":"https://cdn.guard.io/uploads/img_6887ecfff39329ed.svg+xml","dest":"copy"}]},"subdomailingTopExamplesSection":{"title":"Examples of Compromised Domains","tabsAction":{"text":"What is it?","dest":"#texts-and-images"},"compromisedDomains":[{"domain":"msn.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_aca32ec44aa5b434.png","lastCheck":"2024-02-07","records":[{"affectedDomain":"marthastewart.msn.com","takedOverDomain":"msnmarthastewartsweeps.com","hijackedSince":"2022-08-30","state":"fixed"}]},{"domain":"cbsnews.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_665e1d3c5d4aaf3c.png","lastCheck":"2024-02-07","records":[{"affectedDomain":"data.api.cbsnews.com","takedOverDomain":"data-cbsnews-api01.cbsibot.com","hijackedSince":"2023-08-16"}]},{"domain":"mlb.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_984ebf7960b037b2.png","lastCheck":"2024-02-08","records":[{"affectedDomain":"gms.mlb.com","takedOverDomain":"mlb.globalmediaservices.net","hijackedSince":"2023-05-19"}]},{"domain":"nyc.gov","method":"cname","logo":"https://cdn.guard.io/uploads/img_f10a3e3600ea4159.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"a816-hanconf.nyc.gov","takedOverDomain":"nychanconf.phinonline.com","hijackedSince":"2023-11-23"}]},{"domain":"menards.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_bb5b0df9a09b7856.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"vice1.menards.com","takedOverDomain":"hw.eifmenardc.com","hijackedSince":"2023-06-12"},{"affectedDomain":"vice2.menards.com","takedOverDomain":"hw.eifmenardc.com","hijackedSince":"2023-06-12"},{"affectedDomain":"vice3.menards.com","takedOverDomain":"hw.eifmenardc.com","hijackedSince":"2023-06-12"},{"affectedDomain":"vice4.menards.com","takedOverDomain":"hw.eifmenardc.com","hijackedSince":"2023-06-12"},{"affectedDomain":"vice5.menards.com","takedOverDomain":"hw.eifmenardc.com","hijackedSince":"2023-06-12"}]},{"domain":"mcafee.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_7ac56d5cd5903770.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"api.xdr.mcafee.com","takedOverDomain":"api.xdr-mcafee.com","hijackedSince":"2024-01-20"}]},{"domain":"economist.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_fcc66cd18544ad1b.png","lastCheck":"2024-02-11","records":[{"affectedDomain":"l.economist.com","takedOverDomain":"partner.nnx.mobi","hijackedSince":"2022-10-27"}]},{"domain":"cornell.edu","method":"cname","logo":"https://cdn.guard.io/uploads/img_c930f0bf39423b2a.png","lastCheck":"2024-02-07","records":[{"affectedDomain":"freedomandfreesocieties.cornell.edu","takedOverDomain":"www.freedomandfreesocieties.org","hijackedSince":"2023-07-07"},{"affectedDomain":"www.freedomandfreesocieties.cornell.edu","takedOverDomain":"www.freedomandfreesocieties.org","hijackedSince":"2023-07-07"},{"affectedDomain":"metta.bscb.cornell.edu","takedOverDomain":"micortex.org","hijackedSince":"2023-10-09"}]},{"domain":"marvel.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_e5101fa609033e8c.png","lastCheck":"2024-02-07","records":[{"affectedDomain":"subscribe.marvel.com","takedOverDomain":"marvel.im-clients.com","hijackedSince":"2023-05-26"}]},{"domain":"philips.com","method":"cname","logo":"https://cdn.guard.io/uploads/img_76641a7bcc98650e.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"login.sso3.philips.com","takedOverDomain":"publogin.ssophilipscloud.com","hijackedSince":"2023-12-28"}]},{"domain":"vrbo.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_cc69b1ceebce40ef.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"vrbo.com","takedOverDomain":"haspf.com","hijackedSince":"202023-04-21"}]},{"domain":"easyjet.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_b94d13bf87bcfac6.png","lastCheck":"2024-02-13","records":[{"affectedDomain":"20ans.easyjet.com","takedOverDomain":"picutremosaics.net","hijackedSince":"2024-02-11"},{"affectedDomain":"20anosbemvividos.easyjet.com","takedOverDomain":"picutremosaics.net","hijackedSince":"2024-02-11"},{"affectedDomain":"20anos.easyjet.com","takedOverDomain":"picutremosaics.net","hijackedSince":"2024-02-11"}]},{"domain":"bbb.org","method":"spf","logo":"https://cdn.guard.io/uploads/img_57a0aa45ae59c2c0.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"wisconsin.bbb.org","takedOverDomain":"vocus-bounce.com","hijackedSince":"2023-05-11"},{"affectedDomain":"pittsburgh.bbb.org","takedOverDomain":"vocus-bounce.com","hijackedSince":"2023-05-11"},{"affectedDomain":"trenton.bbb.org","takedOverDomain":"vocus-bounce.com","hijackedSince":"2023-05-11"}]},{"domain":"swatch.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_f48740632f86321c.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"swatch.com","takedOverDomain":"directtoaccess.com","hijackedSince":"2023-12-28"}]},{"domain":"scotiabank.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_95186c4274849908.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"scotiarewards.scotiabank.com","takedOverDomain":"ems02.com","hijackedSince":"2023-05-11"}]},{"domain":"straighttalk.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_29248fe2c6191189.png","lastCheck":"2024-02-07","records":[{"affectedDomain":"straighttalk.com","takedOverDomain":"fb-tracfone.com","hijackedSince":"2024-01-08"}]},{"domain":"thorne.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_9c42ac3e90ebed2d.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"thorne.com","takedOverDomain":"spf.akreto.net","hijackedSince":"2023-05-31"}]},{"domain":"codemasters.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_dd2a6d4416fa1de8.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"codemasters.com","takedOverDomain":"smtp01.cogbilling.com","hijackedSince":"2023-12-30"},{"affectedDomain":"codemasters.com","takedOverDomain":"smtp02.cogbilling.com","hijackedSince":"2023-12-30"}]},{"domain":"pizzahut.co.in","method":"spf","logo":"https://cdn.guard.io/uploads/img_d96e21878c71387a.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"pizzahut.co.in","takedOverDomain":"_spf.vduitsols.in","hijackedSince":"2024-01-09"}]},{"domain":"hyundaicanada.com","method":"spf","logo":"https://cdn.guard.io/uploads/img_968c71bfc3023839.png","lastCheck":"2024-02-06","records":[{"affectedDomain":"hyundaicanada.com","takedOverDomain":"martizcx.com","hijackedSince":"2023-12-25"}]}]},"subdomailingDataNumbers":[{"title":"~5M","subtitle":"Malicious emails sent daily from compromised domains"},{"title":"${domainsCount}","subtitle":"Compromised domains identified so far"},{"title":"500+","subtitle":"Sites with over 1M monthly visits have compromised domains"}],"subdomailingTextbox":{"desc":"“SubdoMailing” is a newly-identified cyber tactic in which attackers hijack reputable subdomains and exploit DNS misconfigurations to send malicious emails. “SubdoMailers” leverage the credibility of well-known brands to bypass spam filters and mislead recipients. Through extensive research, we’ve identified thousands of compromised domains.","cta":{"text":"Read the full Guardio Labs article","dest":"https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935"}}}}},"staticQueryHashes":[]}