The Silent Push Email Impersonation query allows users to locate domains that are being used to target organisations through MX record manipulation.

MX (Mail Exchange) records are essentially DNS instructions that dictate which mail server is responsible for receiving emails for a specific domain.

By manipulating these records, attackers can make it appear as though their emails are coming from a legitimate sender's mail server, even though they originate from a malicious source.

Executing an Email Impersonation query

Working with Email Impersonation results

Email Impersonation results are populated on an 'Explore' table across 9 categories:

• 'Query' - Domain that the result pertains to
• 'Risk score' - Silent Push Risk Score
• 'Answer' - MX record
• 'First Seen' - The date and time the MX record was first seen on the Internet
• 'Last Seen' - The date and time the MX record was last seen on the Internet
• 'MX Hash' - Hash value generated from the MX record in the 'Answer' field
• 'MX Server Density'
• 'WHOIS Created Date'

Monitoring changes

Once you've received a set of results, Silent Push allows you to monitor the data, alerting you of changes via email every 24 hours.

Saving results to a feed

You can also save any result generated from an Email Impersonation query to a collection or a feed.