Service abuse: Domains By Proxy sender

calendar Mar 18, 2026  ยท
Share on: linkedin copy

Message originates from a sender using Domains By Proxy's domain privacy service, commonly used to hide domain ownership information.

Sublime rule (View on GitHub)

 1name: "Service abuse: Domains By Proxy sender"
 2description: "Message originates from a sender using Domains By Proxy's domain privacy service, commonly used to hide domain ownership information."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and sender.email.domain.root_domain == 'domainsbyproxy.com'  
 8
 9attack_types:
10  - "Spam"
11  - "Credential Phishing"
12  - "BEC/Fraud"
13tactics_and_techniques:
14  - "Evasion"
15  - "Social engineering"
16detection_methods:
17  - "Header analysis"
18  - "Sender analysis"
19id: "d069b183-18f4-5a49-8205-ff2f1f62a130"
to-top