Guest blogger: Unofficial Vista Blog Tour, Day 3: Punycode protects against spoofing in IE7

Derek Torres and Stuart Mudie have just co-written a book entitled The Unofficial Guide to Windows Vista, which is due to be published by Wiley in February. Stuart lives in Paris and, since he also is a French to English translator, we have traded clients from time to time. When he asked me if he could guest blog on Naked Translations as part of the “virtual blog tour” he and Derek are organising to promote their book, how could I say no?

Internet Explorer 7 supports Internationalized Domain Names (IDN), which are domain names that may contain characters from non-Latin scripts such as Arabic and Chinese, or letters with diacritics as used in many European languages.

While this is an important breakthrough in opening up the web to other languages, it does mean that the browser is now more vulnerable to look-alike attacks in which one domain pretends to be another (such as instead of, almost invariably for nefarious purposes. This is possible within the basic ASCII character set, but supporting IDN extends the range of characters available to many thousands.

In order to protect you from such attacks, IE7 restricts which scripts can be displayed in the browser’s address bar, based on your language settings. If a domain name contains characters from outside your chosen languages, it is displayed in Punycode form. This may not be the prettiest solution, but names like (the Punycode version of Bü do provide a highly visible clue when things are not what they may seem.

Domain names are also displayed in Punycode if they contain characters that are not part of any language, if they contain a mix of scripts that do not appear together within a single language, or if any of their constituent parts contain characters that appear only in languages other than your list of chosen languages.

Those of us who surf the web in languages other than English may be surprised when we first encounter a Punycode URL like “”, but it’s good to see Microsoft doing something to make its browser more secure for a change.

– Stuart Mudie, co-author of The Unofficial Guide to Windows Vista

By | 2016-10-18T15:50:11+00:00 November 29th, 2006|Guests|2 Comments

About the Author:

I am Céline Graciet, a freelance English to French translator. Since 2003 I’ve been writing on all sorts of areas linked to translation and the life of a translator.


  1. Stuart Mudie November 29, 2006 at 10:20 am

    Thanks for being such a wonderful host, Céline.

  2. Martin December 2, 2006 at 6:54 am

    Very interesting. I learn something new every day following your tour! Thanks, Martin

Comments are closed.