가이드
이상하게 보이는 도메인이 Punycode인지 확인하는 방법
낯선 도메인 문자열이 실제 Punycode인지 빠르게 판별하는 실무 절차입니다.
이상해 보인다고 모두 Punycode는 아닙니다. 차단·신뢰·신고 전에 형식을 먼저 확인하면 오판을 줄일 수 있습니다.
Start with the xn-- prefix check
Punycode labels usually start with xn--.
If no label has this prefix, the domain may still be ASCII, Unicode, or another token format.
Validate label structure
Each label should follow normal domain constraints such as no empty segments and no leading/trailing hyphens.
Invalid structure often means the string is malformed, not valid Punycode.
Decode in a trusted tool
Decode the candidate label and inspect the Unicode output.
If decoding fails cleanly, it is likely not valid Punycode.
- Normalize full-width dots first.
- Test the full domain, not one fragment.
- Keep the original raw value for audit trail.
Compare against expected destination
After decoding, compare the result with known legitimate domains.
For sensitive actions, confirm certificate info or official registrar records.
Document the outcome clearly
Record whether the domain was valid Punycode, malformed input, or unrelated encoding.
Clear notes reduce repeated investigation across teams.
Helpful for
- Security triage of suspicious links.
- Support tickets about unreadable domains.
- QA checks on redirect destinations.
- Reviewing logs with mixed domain formats.
Verify format before action
Check structure first, decode second, then validate ownership and intent. This avoids overreacting to harmless IDN encoding.