{"id":13912,"date":"2026-07-17T08:00:59","date_gmt":"2026-07-17T15:00:59","guid":{"rendered":"https:\/\/www.infoblox.com\/blog\/?p=13912"},"modified":"2026-07-17T05:06:10","modified_gmt":"2026-07-17T12:06:10","slug":"the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/","title":{"rendered":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room"},"content":{"rendered":"<p><em>800 people. 460 organizations. Governments, banks, telecoms, platforms, law enforcement and consumer groups, all in the same room in Lisbon. And yet the conversation about scam infrastructure kept circling an intervention point nobody explicitly named.<\/em><\/p>\n<p>Earlier this month, the Global Anti-Scam Alliance (GASA) hosted its <a href=\"https:\/\/gasa.org\/knowledge-base\/blog\/public-private-partnerships-in-action-key-takeaways-from-the-global-anti-scam-summit-europe-2026\" target=\"_blank\"><strong>Global Anti-Scam Summit Europe 2026<\/strong><\/a> under the theme Europe Against Scams: Public-Private Partnerships in Action. The key takeaways make for essential reading, not just for fraud teams and financial institutions, but for every security professional who thinks seriously about where threats originate and where they can be stopped.<\/p>\n<p>The central argument of the summit was elegant and urgent: scams don\u2019t operate inside single systems, so defense can\u2019t either. A single fraud event might begin with a fake advertisement, move through a messaging app, convert via a phone call and end with funds transferred through a mule account in a different country. No single organization sees the whole chain. Nobody catches it alone.<\/p>\n<p>What struck us reading the summit summary was not what was said, but what was conspicuously absent from the conversation. Every scam that crosses the internet begins with the same invisible step. Before the fake website loads, before the phishing page renders, before the malicious payload drops, there is a DNS lookup. And in that lookup lies one of the most powerful, most underutilized intervention points in the modern anti-scam stack.<\/p>\n<h3>The Scam Chain Has a First Link<\/h3>\n<p>The summit\u2019s framing of the \u201cfull scam chain\u201d is analytically useful precisely because it forces each sector to ask: where do I enter this chain, and what can I see from that position?<\/p>\n<p>Banks see transactions and payment behavior. Telecoms see number abuse, spoofing and suspicious call patterns. Platforms see fake accounts, coordinated inauthentic behavior and fraudulent advertising. Law enforcement sees the connected criminal networks behind repeat campaigns.<\/p>\n<p>DNS sits upstream of all of them.<\/p>\n<p>When a victim clicks a scam link, whether delivered via SMS, email, social media or a compromised search result, their device makes a DNS query before anything else happens. The domain is resolved. The connection is established. Only then does the application layer take over.<\/p>\n<p>This means DNS infrastructure has visibility into scam activity at the moment of intent, not after the fact. It sees the scam domain being queried before the page loads, before credentials are entered, before a payment is initiated. For CISOs and network defenders, this is not an abstract observation\u2014it is an operational advantage. The closer to the origin you can intervene, the more harm you can prevent, and the less you depend on users making the right decision under pressure.<\/p>\n<h3>\u201cScam Domains\u201d Are Intelligence Signals\u2014DNS Is Where They Live<\/h3>\n<p>One of the summit\u2019s strongest themes was the push to move intelligence sharing from principle to practice. The Global Signal Exchange was highlighted as a working example of how high-confidence scam signals can be distributed to partners that are able to act on them. The summary lists the types of signals that matter: \u201cscam domains, phone numbers, account indicators, behavioral patterns, typologies, infrastructure signals.\u201d<\/p>\n<p>Notice what leads that list.<\/p>\n<p>DNS threat intelligence is one of the richest, most actionable sources of scam-related signals available to defenders. Scam operators are prolific domain registrants. Phishing campaigns rotate through newly registered domains to evade blocklists. Investment fraud sites use lookalike domains engineered to visually mimic legitimate financial institutions. Pig butchering operations build out infrastructure across clusters of related domains weeks before a campaign activates.<\/p>\n<p>The DNS layer sees all of this. Recursive resolvers process billions of queries daily, and within that data, patterns emerge that are invisible at the endpoint, the inbox or the payment rail. Domain generation algorithm (DGA) activity, fast-flux DNS configurations, suspicious subdomain patterns, anomalous query volumes\u2014these are the fingerprints of scam infrastructure, and they appear at the DNS layer long before a victim reports a loss.<\/p>\n<p>For security teams operating at scale, this is the signal that can move detection upstream. Not after a transaction is flagged. Not after a user complains. Before.<\/p>\n<h3>What DNS Threat Intelligence Already Knows About the Scam Ecosystem<\/h3>\n<p>The GASA summit called for better intelligence about scam infrastructure: the domains, networks, actor profiles and behavioral patterns that sustain fraud operations at scale. Infoblox\u2019s threat intelligence team has been building exactly that picture, from the DNS layer up. The findings from their most recent research are worth examining in detail, because they tell a story the anti-fraud community urgently needs to hear.<\/p>\n<p>The industrialization of scam infrastructure is visible in DNS, if you know where to look.<\/p>\n<p>The Infoblox 2025 DNS Threat Landscape Report, derived from analysis of hundreds of billions of DNS queries, found that more than one in four of the 100.8 million newly observed domains registered over a 12-month period were malicious or suspicious. Nearly 500,000 of those domains were directly linked to traffic distribution systems (TDS), the hidden routing infrastructure that powers scam delivery at industrial scale. These are not isolated criminal experiments. They are organized, automated operations that register and weaponize domains faster than traditional blocklist-based defenses can respond.<\/p>\n<p>Traffic distribution systems are the backbone of the modern scam chain. TDS networks act as intelligent routers for criminal campaigns, profiling visitors by geography, device type and browser behavior, then directing victims to whichever scam is most likely to succeed: investment fraud, tech support scams, credential theft, fake antivirus, cryptocurrency schemes. Infoblox has tracked threat actor clusters such as Vigorish Viper, a TDS network operating across more than 443,000 domains, and Vextrio Viper, which delivers malware, scams and phishing across a similarly vast infrastructure. In competitive testing environments, Infoblox threat intelligence identified and blocked TDS-related threats that other tools, including next-generation firewalls and secure access service edge (SASE) platforms, failed to detect. TDS infrastructure is specifically engineered to evade detection by appearing benign, resolving through legitimate-looking domains, routing through multiple redirect layers and changing infrastructure faster than signature-based tools can update. DNS-layer intelligence, built on behavioral analysis of domain registration patterns rather than static indicators, is one of the few detection approaches that keeps pace.<\/p>\n<p>Scam compounds and their domain infrastructure are now documented research. In April 2026, Infoblox Threat Intel published <a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers\/\"><strong>Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia\u2019s Scam Centers<\/strong><\/a>\u2014research that connected a sophisticated Android banking trojan to the industrialized scam operations documented by the United Nations and human rights organizations across Southeast Asia. The research began with an unusual spike in DNS query volumes and an increase in domain registrations using randomized domain generation algorithms (RDGAs). From that single DNS signal, the team traced an entire malware-as-a-service operation targeting victims across more than 20 countries, with malicious DNS queries linked to the campaign rising from 400,000 in one month to 1.8 million the next. The research was subsequently covered by The Economist as part of their Scam Inc series. The GASA summit\u2019s day-2 plenary on scam compounds\u2014the overlap between online fraud, organized crime, human trafficking and forced labor\u2014maps precisely to what Infoblox\u2019s research had already documented from the DNS layer. The domain infrastructure powering these operations is observable, trackable and, critically, blockable.<\/p>\n<p>Lookalike domains and trusted channel abuse are measurable threats. In May 2026, Infoblox published <a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lookalike-domains-expose-the-iphone-theft-economy\/\"><strong>Lookalike Domains Expose the iPhone Theft Economy<\/strong><\/a>, exposing a large-scale underground economy built around stolen iPhone monetization. Investigators traced more than 10,000 domains linked to phishing kits, Telegram-based tooling and Apple lookalike sites designed to steal Apple ID credentials from theft victims. Traffic to those domains had grown by 350 percent year over year. The research illustrates the precise challenge the GASA summit identified\u2014trusted channels becoming scam infrastructure\u2014but from the perspective of the DNS layer. The Apple brand, the \u201cFind My\u201d service, the account recovery flow: all of it abused through lookalike domains that are detectable via DNS registration fingerprinting long before users ever encounter them. This research was covered by WIRED and demonstrates how DNS-derived intelligence translates directly into actionable indicators for defenders.<\/p>\n<p>The detection advantage is measurable and significant.<\/p>\n<p>Across the 12-month period covered by Infoblox\u2019s most recent research, approximately 90 percent of threat-related domains were identified before any customer network interaction, with an average lead time of 68 days before the first observed connection. The intelligence platform tracks more than 204,000 near\u2013real-time threat actor clusters and maintains over 660 named threat actor profiles. The false positive rate in production deployments is 0.0002 percent. These are not theoretical capabilities. They represent what DNS-layer threat intelligence delivers when applied at scale\u2014the kind of early, high-confidence signal that the GASA summit\u2019s intelligence sharing frameworks are designed to distribute.<\/p>\n<p>All of this research is publicly available at <a href=\"https:\/\/www.infoblox.com\/threat-intel\"><strong>infoblox.com\/threat-intel<\/strong><\/a> and is updated continuously as new actor infrastructure is identified and tracked.<\/p>\n<h3>Shared Defense Needs Infrastructure, Not Just Intent<\/h3>\n<p>The summit\u2019s most operationally concrete workshop came from an unlikely sponsor. The Linux Foundation\u2019s session was titled Europe Doesn\u2019t Need Another Fraud Tool: It Needs Shared Defence, and the argument cut to the heart of why public-private partnerships so often underdeliver.<\/p>\n<p>Organizations talk about sharing intelligence. They agree on frameworks. They sign memoranda of understanding. And then the gap between principle and action proves wider than anyone expected, because collaboration requires common infrastructure, not just common intent.<\/p>\n<p>The summit pointed to standardized data models, privacy-preserving signal exchange and federated detection as the components of genuine shared defense. It also identified a structural weakness that security professionals will recognize immediately: If intelligence remains fragmented, criminals can exploit the weakest link.<\/p>\n<p>This is exactly the challenge that DNS-layer defense is architecturally suited to address. Protective DNS operates at the recursive resolution layer, which means every device on a network, regardless of operating system, endpoint agent, security budget or organizational maturity, receives the same protection. A small financial services firm without a dedicated threat intelligence team benefits from the same domain-based blocking as a Tier 1 bank with a fully staffed SOC.<\/p>\n<p>The summit described this goal explicitly: a public-private partnership model that \u201callows partners to detect patterns that may not be visible inside one organization.\u201d DNS infrastructure, by virtue of its position in the network stack, already does this. The question is whether defenders are using it.<\/p>\n<h3>Trusted Channels Are Being Weaponized\u2014and DNS Anomalies Reveal It<\/h3>\n<p>Bitdefender\u2019s workshop, Trusted Channels, Hidden Threats, put a finer point on one of the most technically challenging aspects of modern scam defense: attackers don\u2019t just build malicious infrastructure, they abuse legitimate infrastructure to make fraud appear credible.<\/p>\n<p>Homograph attacks use visually similar Unicode characters to construct domains that look, to the human eye, like familiar brands. Domain shadowing hijacks legitimate registrant accounts to create malicious subdomains beneath trusted parent domains. Subdomain abuse exploits free hosting and URL shortening services. In each case, the scam succeeds not because the channel is obscure, but because it carries the visual or technical hallmarks of legitimacy.<\/p>\n<p>DNS anomaly detection is where these techniques break down. Regardless of how convincing a lookalike domain appears visually, its DNS registration metadata, query patterns, hosting infrastructure and certificate history tell a different story. Detection at the resolution layer doesn\u2019t rely on a user recognizing the deception. It acts on signals the user never sees.<\/p>\n<p>This has direct implications for how security architects design layered defense. Email security, web proxies and endpoint protection all contribute to reducing scam exposure, but they operate further down the chain, closer to the moment of interaction. DNS-layer controls operate earlier, before trust is even established.<\/p>\n<h3>Enforcement Depends on Infrastructure Actors Moving Quickly<\/h3>\n<p>The summit\u2019s enforcement discussions deserve particular attention from defenders who interact with law enforcement or government stakeholders. Operation Confrontation Ghost was cited as a model of coordinated disruption\u2014one that required \u201claw enforcement, financial institutions, social media platforms and other partners contributing different capabilities to identify suspects, freeze suspicious activity, close fake accounts, block scam websites.\u201d<\/p>\n<p>Blocking scam websites at the DNS layer is one of the fastest, most scalable enforcement tools available. It requires no access to the hosting provider, no cooperation from the registrar and no modification of the attacker\u2019s infrastructure. It can be deployed across millions of endpoints in hours. For organizations with Protective DNS controls in place, acting on a law enforcement takedown signal is a straightforward operational task, not a multi-week coordination challenge.<\/p>\n<p>The summit noted that effective partnerships require \u201cclarity and trust\u201d and that \u201cprivate-sector partners are often first to see suspicious activity.\u201d DNS infrastructure is often the earliest visibility point of all. That visibility is only useful if it feeds into the broader response ecosystem.<\/p>\n<h3>What This Means for Security Teams<\/h3>\n<p>The GASA summit was not a cybersecurity conference. It was a cross-sector gathering of fraud fighters, regulators, banks and consumer advocates\u2014people who think primarily in terms of financial harm, victim impact and enforcement coordination. That is precisely why its conclusions matter so much for security professionals.<\/p>\n<p>When a community that broad, with that many perspectives, converges on the idea that scam prevention requires upstream infrastructure-level intervention, earlier detection, shared intelligence signals and community-level defense, they are describing, from the outside, exactly what DNS security provides.<\/p>\n<p>For CISOs and security architects, the implications are clear:<\/p>\n<p>DNS is not a utility. It is an intelligence layer that sits at the origin of every internet-based threat, including the scam campaigns that are now causing billions of pounds in annual harm to individuals, businesses and institutions.<\/p>\n<p>The signals available at the DNS layer\u2014malicious domains, lookalike infrastructure, newly registered campaign domains, DGA patterns\u2014are among the highest-value inputs to any threat intelligence program. They are also among the most underexploited.<\/p>\n<p>Network defenders have an intervention point that operates before user interaction, before application-layer controls and before financial exposure. Using it effectively requires treating DNS as a security control, not just a routing mechanism.<\/p>\n<p>The anti-fraud community is building the frameworks, partnerships and shared infrastructure it needs to fight scams across the full chain. DNS threat intelligence belongs in those frameworks, as a signal source, as a blocking layer and as a first line of defense that operates where scams actually begin.<\/p>\n<p>The room in Lisbon was full of people fighting the same adversary. The DNS layer was watching long before any of them arrived.<\/p>\n<p><em>Infoblox provides DNS threat intelligence and Protective DNS capabilities that help organizations detect and block malicious domains at the network layer. To learn more about how DNS security fits into a layered defense strategy, visit <a href=\"https:\/\/www.infoblox.com\">infoblox.com<\/a>.<\/em><\/p>\n<style>\n.code-format {\nfont-family: 'Courier New';}.image-caption {    font-size: 12px;}.list-spacing li{margin-bottom:20px}ol.list-spacing > li::marker {    font-weight: 700;}.entry-content ul.list-spacing ul > li {    list-style-type: square;}h3.footnotes{font-size:18px;}.footnotes-listing{font-size:14px;}<\/style>\n<p><script>\njQuery('.single h1').html('<span class=\"gradient\">The Missing Link in the Anti-Scam Chain<\/span>: Why DNS Belongs in the Room');\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>800 people. 460 organizations. Governments, banks, telecoms, platforms, law enforcement and consumer groups, all in the same room in Lisbon. And yet the conversation about scam infrastructure kept circling an intervention point nobody explicitly named. Earlier this month, the Global Anti-Scam Alliance (GASA) hosted its Global Anti-Scam Summit Europe 2026 under the theme Europe Against [&hellip;]<\/p>\n","protected":false},"author":177,"featured_media":13914,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[1040,1346,1037,740,1786,1787],"class_list":{"0":"post-13912","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-dns-threat-intelligence","9":"tag-fraud","10":"tag-scams","11":"tag-protective-dns","12":"tag-gasa","13":"tag-global-anti-scam-alliance","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)<\/title>\n<meta name=\"description\" content=\"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it&#039;s absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it&#039;s advantage.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)\" \/>\n<meta property=\"og:description\" content=\"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it&#039;s absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it&#039;s advantage.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-17T15:00:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Craig Sanderson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)\" \/>\n<meta name=\"twitter:description\" content=\"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it&#039;s absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it&#039;s advantage.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Craig Sanderson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/\"},\"author\":{\"name\":\"Craig Sanderson\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/01dc95aed5cb12cffacb64848b7f24ca\"},\"headline\":\"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room\",\"datePublished\":\"2026-07-17T15:00:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/\"},\"wordCount\":2413,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\",\"keywords\":[\"DNS Threat Intelligence\",\"fraud\",\"scams\",\"Protective DNS\",\"GASA\",\"Global Anti-Scam Alliance\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/\",\"name\":\"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\",\"datePublished\":\"2026-07-17T15:00:59+00:00\",\"description\":\"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it's absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it's advantage.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg\",\"width\":612,\"height\":408},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/01dc95aed5cb12cffacb64848b7f24ca\",\"name\":\"Craig Sanderson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"caption\":\"Craig Sanderson\"},\"description\":\"Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/craig-sanderson\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)","description":"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it's absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it's advantage.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/","og_locale":"en_US","og_type":"article","og_title":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)","og_description":"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it's absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it's advantage.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/","og_site_name":"Infoblox Blog","article_published_time":"2026-07-17T15:00:59+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","type":"image\/jpeg"}],"author":"Craig Sanderson","twitter_card":"summary_large_image","twitter_title":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)","twitter_description":"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it's absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it's advantage.","twitter_image":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","twitter_misc":{"Written by":"Craig Sanderson","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/"},"author":{"name":"Craig Sanderson","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/01dc95aed5cb12cffacb64848b7f24ca"},"headline":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room","datePublished":"2026-07-17T15:00:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/"},"wordCount":2413,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","keywords":["DNS Threat Intelligence","fraud","scams","Protective DNS","GASA","Global Anti-Scam Alliance"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/","url":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/","name":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","datePublished":"2026-07-17T15:00:59+00:00","description":"The Global Anti-Scam Alliance (GASA) is an industry forum for tackling online fraud and scams that are a high priority for governments, high value brands and tech platforms. There is consensus that action is needed and a focus on systemic responses but DNS is conspicuous by it's absence. Protective DNS, as deployed by various nations has proven extraordinarily effective in combating scams but it remains the exception rather than the rule. DNS Threat intelligence provides systemic insight into the threat actors who are delivering industrial scale fraud and cyber crime. As Infoblox Threat Intelligence proves, DNS lies at the heart of this infrastructure and holds the key to understanding the dynamics and operations of the cyber crime industry offering both a means to disrupt but also provide actionable intelligence that the anti-fraud community can use to it's advantage.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room-thumbnail.jpeg","width":612,"height":408},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-missing-link-in-the-anti-scam-chain-why-dns-belongs-in-the-room\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/01dc95aed5cb12cffacb64848b7f24ca","name":"Craig Sanderson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","caption":"Craig Sanderson"},"description":"Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions","url":"https:\/\/www.infoblox.com\/blog\/author\/craig-sanderson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/177"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=13912"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13912\/revisions"}],"predecessor-version":[{"id":13916,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13912\/revisions\/13916"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/13914"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=13912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=13912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=13912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}