Bailiwick is the situation that exists when a company registers the domain example.com and then lists the email addresses [email protected] and [email protected] in the domain name's WHOIS.
Attackers who gain control of a domain name in the bailiwick can redirect email by replacing the legitimate name servers with name servers that they operate. They can then add an MX record that directs email to a mail server that they also operate. Or they can turn off email entirely by deleting the domain's MX record, in which case no email will be sent to or received by the company that registered the affected domain.
An extra layer of difficulty is added when the registrar cannot communicate with the affected company, as it has no access to its corporate email. This situation requires out-of-band communication and proof to the registrar that the company is indeed the affected registrant.
Read more: ICANN
![good-practices-dns-492x280-30may17-en.png](https://www.icann.org/uploads/blog_article/image/9441/good-practices-dns-492x280-30may17-en.png)
Attackers who gain control of a domain name in the bailiwick can redirect email by replacing the legitimate name servers with name servers that they operate. They can then add an MX record that directs email to a mail server that they also operate. Or they can turn off email entirely by deleting the domain's MX record, in which case no email will be sent to or received by the company that registered the affected domain.
An extra layer of difficulty is added when the registrar cannot communicate with the affected company, as it has no access to its corporate email. This situation requires out-of-band communication and proof to the registrar that the company is indeed the affected registrant.
Read more: ICANN
Last edited: