Japan's electronics giant Toshiba Corporation recently announced that starting next month, it will begin migrating all employees' email addresses to @mail.toshiba, starting with the group's parent company Toshiba Corporation, which currently uses @toshiba.co.jp.
Toshiba stated that this move is aimed at "preventing phishing emails from impersonating Toshiba Group employees, unauthorized use of email addresses, and reducing security risks." For an unspecified period, emails sent to the current .jp addresses will be automatically forwarded to .toshiba, but this backward compatibility will eventually be turned off to achieve full replacement.
Phishing attacks are a common form of cyber fraud, where attackers forge emails, websites, or links to impersonate trusted institutions or individuals, inducing victims to provide personal information, login credentials, or financial data. According to relevant statistics, phishing attacks account for a high proportion of global cybersecurity incidents, and attack methods are becoming increasingly complex.
Corporate email systems are often the main target of attackers, as employees may mistake phishing emails for internal communications and thus lower their vigilance.
Currently, global enterprises rely heavily on the Internet for daily operations, from website displays and email communications to identity verification, customer portals, and various applications. However, this also makes them the most vulnerable to external attacks.
Entering the AI era, the use of AI technology not only creates more complex and multilingual phishing content but also automatically generates counterfeit domain names highly similar to brands in batches, making anti-phishing efforts more complicated. Potential phishing risks faced by domain names include:
Domain name similarity phishing: Registering variant domain names similar to the target domain by replacing, adding, or deleting characters, or using words with similar pronunciation or spelling to confuse users.
Malicious redirection phishing: Attackers tamper with domain name resolution records or use DNS cache poisoning to redirect domains to phishing websites.
Wildcard domain resolution phishing: Abusing the wildcard domain resolution function to conduct phishing with a large number of subdomains by setting wildcard records.
New domain suffix phishing: Taking advantage of users' unfamiliarity with numerous newly emerged top-level domains, combining well-known brands with them to create misleading domain names for phishing.
Top-level domains can effectively reduce phishing risks. Experts from the National Engineering Research Center for the Internet Domain Name System (ZDNS) analyzed that brand top-level domains have the following advantages:
High application thresholds and strict approval: Compared with second-level domains, the application threshold for top-level domains is much higher, and the approval process is extremely strict, greatly reducing phishing risks.
Autonomous formulation of registration rules: After successfully applying for its own top-level domain, an enterprise can fully independently formulate registration rules, effectively eliminating malicious registration behavior from the source and significantly reducing anti-phishing risks.
Independent control of authoritative resolution systems: By owning its own top-level domain, an enterprise can independently control the entire authoritative resolution system, greatly reducing reliance on third parties, thereby lowering technical and management risks and ensuring the stability and security of the enterprise's network operation.
Therefore, establishing an enterprise domain name management system centered on brand top-level domains can achieve independent control, effectively reduce the risk of domain names being abused for phishing, and provide solid protection for enterprise cybersecurity.
Since the birth of the Internet, there has only been one open application for top-level domains. In 2012, when the Internet Corporation for Assigned Names and Numbers (ICANN) opened applications, Toshiba successfully applied for ".toshiba". Since then, Toshiba has been using global.toshiba as its main website domain. Now, Toshiba is fully promoting the comprehensive use of .toshiba to further strengthen its brand identity and influence in cyberspace.
Currently, 86 Fortune Global 500 companies worldwide operate a total of 165 top-level domains. These companies include many global industry giants such as Amazon (.aws), Microsoft (.microsoft), Google (.google), Apple, Samsung, and BMW. CITIC Group is the first domestic enterprise to successfully apply for and operate brand top-level domains (.citic/. 中信). By owning exclusive top-level domains, they have established unique brand images in the online world, while also improving cybersecurity protection capabilities and brand management efficiency.
With the continuous development of the Internet, the second round of top-level domain applications will open in April 2026. As a leader in core technologies in the field of Internet infrastructure services and an authoritative institution with "full licenses and qualifications" in the domain name industry, ZDNS will give full play to its advantages to provide Chinese enterprises with comprehensive professional support:
International Expert Consulting Services
ZDNS's international expert team deeply participates in ICANN international conferences and policy formulation, pays close attention to the dynamics of top-level domain applications, provides detailed application guidance for enterprises, and helps them successfully complete the top-level domain application process.
Rich Successful Experience
It has assisted 22 top-level domains in successful application and operation, providing services for 27 registry operators and 60 top-level domains worldwide, accumulating rich practical experience.
One-Stop Service
It has built Asia's largest new top-level domain service platform, realizing one-stop services for application, hosting, and operation, simplifying enterprise operation processes and improving efficiency.
