Hello there, first of all: Excellent read, great PoC! Very informative.
I decided to test how the domain name interacts with emails and will post my results below:
(By "Nickname" I am referring to the "Name" you could select, in this example it would be "[email protected]", the supposed email of the actual domain owner.)
- Preview shows the "Nickname" eg: [email protected] (non-unicode, the 'actual owner' of the domain)
- Actual mail shows the "Nickname" and the Unicode email eg: [email protected] (unicode)
- Preview shows the "Nickname"
- Actual mail shows the "Nickname" and the translated email eg: [email protected]
-Preview shows the "Nickname"
- Actual mail shows the "Nickname", when you press "Show details" it displays the translated mail eg: [email protected]
- http://i.imguʀ.com actually displays the url correctly, you can even click on it directly
- The URL displays correctly, and when your unicode domain, redirects to the original domain in the DNS records, the preview lists the preview of the original domain
(When the DNS records do not redirect to the original site, it displays the spoofed preview, for example the i.imguʀ.com preview, displays pry0cc's preview page)
Edit: Added Discord results.
(I hope I wasn't too confusing, if anything is unclear, feel free to ask me for more info!)