9
Jan 17

Subdomain Management Changes

As many of you may have noticed, there have recently been some changes to the UI regarding subdomains. After talking with people about how subdomains were being used and abused across the internet, we decided to spend some time rethinking how dmarcian process, sorts and displays subdomains. These new changes allow our system to handle large quantities of subdomains more efficiently and accurately.

Why Change?

Occasionally, when a domain comes under abuse, massive numbers of fake subdomains are used by spammers to attempt to deliver junk email. For instance, spammers will target example.com using large quantities of fake, arbitrary subdomains such as 1z4b3.example.com. This causes DMARC reports to be generated for each fake subdomain, and each subdomain to be created in the Domain Overview. The excessive quantity of domain data makes it difficult to determine which subdomains are legitimate and which are not. These are often one-time spoofed subdomains and hold little value to remain in your domain catalogue, causing unnecessary clutter and larger load times.

What We’ve Done

To prevent spammers from filling your domain catalogue with, well, spam, we’ve now started wrapping up any subdomains under a *.domain.com style rollup. Users can now choose which subdomains are valuable to them by pulling subdomains out of the *.domain.com rollup. This is achieved by either clicking the up arrow next to the subdomain, or selecting subdomains and choosing the Treat as Top Level option from the dropdown. All subdomains added into the system manually will be treated as “top level” (that is, not part of a rollup).

This change also means that data for domain.com will no longer contain any of its subdomain’s data, creating a more accurate readout for all domains. Finally, users under heavy abuse won’t have to wait for 50,000 fake subdomains to load in the Domain Overview (getting spoofed is bad enough!).

The Changes

  1. “Top level” domains stay the same; their functionality and view has not changed.
  2. If domain.com has subdomains, a *.domain.com rollup row is created to contain the subdomains. Subdomains are collapsed inside the *.domain.com row.
  3. If you wish to actively monitor a subdomain, it should be marked Treat as Top Level. You can do this by clicking the up arrow next to the subdomain. This will pull the subdomain out of the subdomain rollup to be managed just like any other domain.
  4. If you move subdomains into another domain group, they will automatically be treated as “top level” domains. If you wish to keep the subdomains collapsed but in a different group, simply add the parent domain to the desired group.
  5. *.domain.com subdomains that are treated as “top level” will no longer appear in the *.domain.com rollup.