Tip: Microsoft Defender for Endpoint's Web Content Filtering has an option to block traffic to newly-registered domains.
Vaporize a category of spear-phishers in their tracks.
@Ericlaw Anybody wants 10-15 year old domains? Got plenty
@Ericlaw as a simple note, occasionally CDNs register new domains to get around traffic management or blocking on certain networks, this may prove useful if weird things should happen...
@Ericlaw Not to be argumentative but pretty much every firewall does that.
@systemadminihater *CitationNeeded
@Ericlaw Systems I have personally used that have done this for years. Watchguard Firewalls, McAfee/Trellix, Fortinet... there are probably 4-5 more that I forgot about. Its called 'newly registered websites'
@systemadminihater @Ericlaw Add checkpoint and Palo alto networks to the list of those that can. I'm not sure about Cisco/Fire-power (haven't used it in years)
@Ericlaw Also Windows could have been doing that this whole time... Its just another example of Microsoft selling companies a burning building and also selling 20oz bottles of water.
@Ericlaw Does this actually work now? It did not work for most of 2023 while I was trying to use it.
Had a 6month+ ticket open with MS. Just gave up eventually - they didn't seem to have the capability or intention to get it working.
@ISO8601 A major improvement launched last Thursday
@Ericlaw As long as you're prepared for vaporizing Marketing's last-minute domain registrations for new urgent product launches at the same time :-)
Whitelist email from your domain registrars, at the very least ...