- 10 Jul 2024
- 1 Minute to read
- Print
- DarkLight
Use the email impersonation query
- Updated on 10 Jul 2024
- 1 Minute to read
- Print
- DarkLight
The Silent Push Email Impersonation query allows users to locate domains that are being used to target organisations through MX record manipulation.
MX (Mail Exchange) records are essentially DNS instructions that dictate which mail server is responsible for receiving emails for a specific domain.
By manipulating these records, attackers can make it appear as though their emails are coming from a legitimate sender's mail server, even though they originate from a malicious source.
Executing an Email Impersonation query
Navigate to
Brand Impersonation > Email Impersonation
Enter a domain name in the
Domain Name
box (wildcards are not supported)(Optional) Click the
Save
button on the top right, to save the query for future useClick
Search
Working with Email Impersonation results
Email Impersonation results are populated on an 'Explore' table across 9 categories:
- 'Query' - Domain that the result pertains to
- 'Risk score' - Silent Push Risk Score
- 'Answer' - MX record
- 'First Seen' - The date and time the MX record was first seen on the Internet
- 'Last Seen' - The date and time the MX record was last seen on the Internet
- 'MX Hash' - Hash value generated from the MX record in the 'Answer' field
- 'MX Server Density'
- 'WHOIS Created Date'
Monitoring changes
Once you've received a set of results, Silent Push allows you to monitor the data, alerting you of changes via email every 24 hours.
- Click the
Monitor
button on the top right of the results screen - Enter a
Monitor name
- Enter a
Description
- Click
Save
Saving results to a feed
You can also save any result generated from an Email Impersonation query to a collection or a feed.
Left-click a result, or multiple results
Select
Save to
in the top-right of the results screenUse the contextual menus to either save to an existing collection or feed, or to a new collection or feed