Someone is probably
receiving your email
right now.

Not through a hack. Not through malware. Through something far simpler: a domain that looks almost exactly like yours.

The Problem

Every organisation with a meaningful online presence is exposed to domain confusion.

Users mistype URLs. Employees fat-finger email addresses. Autocomplete makes wrong guesses. Mobile keyboards substitute characters. The result: sensitive communications, credentials, and traffic end up at domains that look right but aren't.

Most organisations don't know this is happening. The emails that go to the wrong domain never bounce — they just disappear into someone else's inbox.

TLD confusion

yourcompany.org.nz instead of .co.nz

The most common confusion. A client types the right name but the wrong suffix — and their email lands in a stranger's inbox.

Finger slips

yourcmopany.co.nz — one wrong key

Transposed characters, doubled letters, missed keystrokes. For long or unfamiliar domain names, this happens constantly.

Missing dots

yourcompanyco.nz — dot dropped

When the dot between the name and suffix disappears, the whole domain changes. It's easy to register these variants.

Visual tricks

y0urcompany.co.nz — zero for O

Homoglyph attacks swap characters that look identical in many fonts. l→1, o→0, rn→m. Often invisible to the human eye.

What We Look For

Not all lookalike domains are equally dangerous. We check what matters.

MX Records

Critical

If a lookalike domain accepts email, someone is receiving mail intended for you. This is the single most dangerous signal.

DNS Resolution

High

A resolving domain means it's active. It could be serving content, redirecting traffic, or hosting a phishing page.

WHOIS Registration

Medium

Who registered it? When? If it's not your organisation, someone else has claimed a piece of your identity.

Web Content

Variable

What does the domain serve? A parking page is suspicious. Content mimicking your brand is an active threat.

Try It Now

See your domain's exposure in seconds.

Enter your primary domain below. We'll generate every realistic lookalike variant, probe each one for DNS, MX, and WHOIS data, and classify the risk.

Your organisation's primary domain

✓ 7+ generation strategies✓ DNS & MX probing✓ WHOIS intelligence✓ Instant risk classification

Classification

Every domain gets a verdict.

Active Threat

MX records active, content mimicking your brand, or clear typosquatting. Immediate action required.

Suspicious

Registered by a third party with some active signals. Warrants investigation.

Parked

Registered but showing a generic placeholder. Likely speculative registration.

Held by Org

Registered and controlled by your organisation. Defensive registration working as intended.

Unregistered

Available for anyone to register. An opportunity to secure it proactively — or a gap waiting to be exploited.

This scan is a starting point.

Fuzz Security provides comprehensive domain security assessments, penetration testing, and ongoing monitoring. We help organisations across New Zealand and Australia secure their digital perimeter.

Talk to Fuzz Security Learn about our services →

Someone is probablyreceiving your emailright now.