Domain Name Manipulation in Phishing Emails | Stewart Title Blog

This week’s phishing example is nothing out of the ordinary — another poorly written email attempting to steal personal information. Most recipients likely deleted or reported it immediately. However, the sender’s email address caught my attention, making it a good opportunity to explain how domain naming works.

Our domain is stewart.com, so an email like name@stewart.com belongs to that domain. Most of us recognize the original top-level domains (TLDs):

• .com — commercial
• .gov — government
• .mil — military
• .edu — education
• .org — nonprofit organization

In recent years, there’s been an explosion of new TLDs such as .info, .tv, and .local. There are also country code domains, identified by two letters that represent specific countries. These can replace or extend standard domains. For example:

• .ru — Russia
• .br — Brazil

Why is this important? Email addresses can be spoofed, but they often reveal clues about the sender’s origin. Paying attention to the domain can help identify suspicious emails. If you’re interested in a deeper dive into how domain naming works, Wikipedia offers a good overview.

In our line of work, we rarely deal with foreign buyers or sellers — and when we do, we typically know about it ahead of time.

If you received an unexpected email from pagios@leopoldina.com.br (a domain based in Brazil), it’s best to delete it immediately.

Think before you click.