Blog

Discover our latest research findings, technical insights, and expert analysis

Day in the life of RIPE Atlas
11 min read RIPE Research

Day in the life of RIPE Atlas

RIPE Atlas is one of the most widely used Internet measurement platforms, trusted by researchers and operators alike. In this blog, we analyse what RIPE Atlas looked like on 1 November, 2025.
LogoTrust: a validated dataset of brands, domain names, and logos
9 min read BIMI Research

LogoTrust: a validated dataset of brands, domain names, and logos

In this blog, we explore how Brand Indicators for Message Identification (BIMI) can be used as a foundation for a high-integrity dataset that is suitable for security-related applications like phishing detection.
Bulletin: DNS Abuse Campaign Exploiting “Subdomain Cloaking”
16 min read DNS Abuse NetBeacon

Bulletin: DNS Abuse Campaign Exploiting "Subdomain Cloaking"

As a follow up to our recent blog on the concentration of malicious phishing, we are publishing this blog to raise awareness of a recently observed (and ongoing) campaign which involves a specific type of malicious registration.
Discovery of Designated Resolvers
7 min read DDR Research

Discovering the Discovery of Designated Resolvers

DNS encryption is gaining momentum with proposed standards such as DoT, DoH, and DoQ protecting DNS exchanges from external observers. In this blog, we look at the Discovery of Designated Resolvers (DDR) - a mechanism that allows clients to obtain encryption configurations of recursive resolvers.
INFERMAL Project: Analyzing Features of Malicious Domain Registrations
4 min read ICANN INFERMAL

INFERMAL Project: Analyzing Features of Malicious Domain Registrations

INFERMAL Project, funded by ICANN and conducted by KOR Labs, is dedicated to understanding the selection patterns behind cybercriminals' preferences for specific domain name registrars and top-level domains (TLDs) in their phishing operations.
Building a Resilient Domain Whitelist to Enhance Phishing Blocklist Accuracy
6 min read Allowlist Research

Building a Resilient Domain Whitelist to Enhance Phishing Blocklist Accuracy

Community-driven and automated methods for constructing phishing blocklists may occasionally result in false positives, erroneously flagging benign domains or URLs as malicious. This blog discusses how we address this problem.
The D(M)ARC Side of the Email Reporting System
6 min read DMARC Research

The D(M)ARC Side of the Email Reporting System

This blog post presents a large-scale study of DMARC to observe the user habits and preferences, consider the evolution of DMARC adoption in time, and understand how popular domains use DMARC.
Phishing Attack Trends
6 min read DNS Abuse NetBeacon

Phishing Attack Trends

Since collecting and publishing data on the number of unique domains used for phishing attacks and malware distribution as part of our NetBeacon MAP reporting, we've been on the lookout for any discernible patterns or trends. This blog post discusses one of those.
Measuring DNS Abuse is Difficult
3 min read DNS Abuse NetBeacon

Measuring DNS Abuse is Difficult

This blog is a condensed overview from our full report titled "Why do different DNS Abuse measurement projects result in different numbers" and is meant to create a greater awareness of how DNS Abuse is measured.
Challenges in Measuring DNS Abuse
9 min read DNS Abuse NetBeacon

Challenges in Measuring DNS Abuse

This blog covers an interesting case of suspected abuse in a gTLD registry between February and April 2023. It is a good example of an edge case, where the decision on whether or not to mitigate was not clear cut, and different levels of evidence were available at different time.