
Phishing Protection at the DNS Level. Comparing DNS-Based Security Filters - nykolasz
https://medium.com/@nykolas.z/phishing-protection-comparing-dns-security-filters-9d5a09849b91
======
DyslexicAtheist
I wonder if there are any SaaS providers out their implementing DNS filtering
for their users as part of their product. Say if you're running a high-traffic
platform for content sharing, it would probably be trivial to alert users that
they're about to clicking on a potentially risky link forcing a user to
copy/edit haxxs://evil.com instead of sending them there and pushing the
responsibility for protection to the user.

It would mean a massive overhead in DNS queries (as opposed to passing the
link on to the frontend) for a large site, but wouldn't this be something a
DNS caching could easily handle?

While this wouldn't do anything to reduce actual spear phishing by email, it
would reduce the possibility of spreading links widely on big social media
sites.

I'm probably missing something though because sure others would have thought
about such an obvious thing and turn it into a feature.

Edit: I forgot that you'd also have the overhead parsing the link so it's _not
just_ extra DNS. still ...

~~~
nykolasz
Google and twitter does that by default. If you try to click on any link from
their search / tweet feed, it will be blocked if they flag it as phishing.

There are multiple phishing blacklists that any provider can leverage.

