Skip to content

jkerai1/TLD-TABL-Block

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

InfoSecCA-TLDBlockScript.ps1

InfoSecCA-TLDBlockScript.ps1

 
 

README.md

README.md

 
 

Spamhaus-TLD-Block.ps1

Spamhaus-TLD-Block.ps1

 
 

Repository files navigation

GitHub stars GitHub forks GitHub issues GitHub pulls

TLD-TABL-Block

Prevent emails containing URLs with abused TLDs with Tenant Allow Block List

Microsoft Documentation describing TLD blocking:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide#scenario-top-level-domain-blocking

Example

image

Lists

Spamhaus List: https://github.com/cyb3rmik3/Hunting-Lists/ (original Source: https://www.spamhaus.org/statistics/tlds/)

InfoSec CA List: https://www.info-sec.ca/tld-block.txt

KQLs

https://www.kqlsearch.com/query/Topleveldomains&clmnymyzs00225i4sooju29dz

EmailUrlInfo | extend FQDN = trim_end("(:|\?).*", tostring(split(trim_start('http(.|)://', UrlDomain), "/")[0])) //| project-reorder FQDN, UrlDomain | where FQDN contains "." // exclude singular hostnames used in local name resolution | extend TLD = tostring(split(FQDN, ".")[-1]) | summarize count() by TLD

About

Block abused TLDs in Tenant Allow BlockList

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages