Email Impersonation Query
The Email Impersonation query detects domains that target organizations via MX (Mail Exchange) record manipulation, in which attackers disguise malicious emails as originating from legitimate mail servers.
Execute an Email Impersonation Query
From the navigation menu, select Reconnaissance > Email Impersonation.
Enter a domain name in the Domain Name box (wildcards are not supported).
(Optional) Click Save to store the query for future use.
Click Search.
Understand Email Impersonation Results
Results are displayed in an Explore table with the following columns:
Query: Domain the result pertains to.
Risk Score: Silent Push Risk Score.
Answer: MX record.
First Seen: Date and time the MX record was first observed.
Last Seen: Date and time the MX record was last observed.
MX Hash: Hash value of the MX record.
MX Server Density: Density of the MX server.
WHOIS Created Date: Domain creation date.
WHOIS Registrar: Registrar of the domain.
Monitor and Save Results
Monitoring
Click Monitor on the results screen, enter a Monitor name and Description, then click Save to receive daily email alerts.
Save to a Feed
Left-click one or multiple results.
Select Save to in the top-right of the results screen.
Use the contextual menu to save to an existing or new collection/feed.