Phishing tactics are evolving with threat actors now exploiting the .arpa domain and IPv6 reverse DNS to bypass traditional email security controls. The .arpa domain, used for technical internet infrastructure tasks like reverse DNS lookups, is rarely flagged by automated filters, making it ideal for attacker concealment. IPv6’s vast address space further enables adversaries to evade detection more easily compared to IPv4. Crafting misleading or excessively long hostnames within .arpa on IPv6, attackers can pass undetected through allowlists and threat intelligence feeds, delivering phishing emails directly to inboxes. This development highlights the urgency for IT and security teams to review email filtering strategies, scrutinise unconventional DNS activity, and reassess whether defences are prepared for these emerging threats.
Phishing Tactics Evolve: Threat Actors Exploit .arpa Domain and IPv6 to Bypass Email Defences
