Security Glossary
Clear definitions for the link risk and trust signals you see around CheckLink.
Attack surface
The set of links, domains, channels, and workflows that attackers could abuse or imitate.
BEC
Short for Business Email Compromise.
Blacklist
A list of known risky domains, URLs, senders, or indicators.
Brand impersonation
Pretending to represent a known brand online.
Business Email Compromise
A scam where an attacker impersonates a trusted business contact to trigger money movement, credential sharing, or process changes.
Campaign link
A URL used in email, SMS, QR, ad, social, affiliate, or other campaigns.
Customer-facing link
A URL sent to customers or public audiences.
Disposable email
A temporary email address used for short-term communication.
DKIM
DomainKeys Identified Mail, an email authentication method that signs messages with a domain key.
DMARC
Domain-based Message Authentication, Reporting, and Conformance, an email policy signal built on SPF and DKIM alignment.
Domain impersonation
Using a domain that appears related to a brand without being official.
Domain spoofing
Making a domain or sender identity appear to belong to someone else.
Dynamic QR code
A QR code whose destination can be changed after the code is created.
Email authentication
DNS-based signals that help receivers evaluate whether mail is authorized for a domain.
Email header
Technical metadata attached to an email message.
Explainability
The ability to understand why a tool produced a signal or result.
False negative
A risky or malicious link that is not flagged.
False positive
A safe or acceptable link that is flagged as risky.
Feature engineering
Turning raw details into useful signals for review or scoring.
Free webmail risk
A caution signal when a business-looking request uses a free mailbox unexpectedly.
Gift card scam
A request to buy gift cards and send codes to someone pretending to be trusted.
Homoglyph
A character that looks similar to another character.
HTTPS
An encrypted connection between a browser and a website.
Human-in-the-loop
A workflow where a person reviews or interprets automated signals.
Lookalike domain
A domain designed to resemble another brand, product, or official website.
Malware link
A URL that leads to a malicious download, exploit, or installation prompt.
Manual review
Human review of a link, report, or listing context.
Message-ID
A unique identifier header usually generated by the sending mail system.
Official link
A URL a business recognizes as one of its real customer-facing destinations.
Official Links page
A public page that lists a business's reviewed customer-facing destinations.
Payroll diversion
A scam that tries to redirect salary or payroll deposits to an attacker-controlled account.
Phishing
A deceptive attempt to steal information or money by pretending to be a trusted person or service.
Punycode
An encoded form used for internationalized domain names.
QR phishing
Using QR codes to hide phishing links.
QR shortener
A shortened or tracking URL used behind a QR code.
Quick report
A printable summary generated from automated scanner results.
Quishing
QR phishing that uses a QR code to send people to a risky destination.
Redirect chain
A sequence of one or more redirects between the first URL and the final destination.
Reply-To
The email header that tells mail clients where replies should be sent.
Reputation signal
Context about whether a URL, domain, or sender is known or trusted elsewhere.
Return-Path
The email address used for bounce handling and delivery feedback.
Risk score
A numeric estimate based on available signals.
Security signal
A single clue that helps estimate risk.
Smishing
Phishing delivered through SMS or text messages.
Social engineering
Manipulating people into taking an action through pressure, trust, or deception.
SPF
Sender Policy Framework, an email authentication signal that checks whether a sending server is authorized for a domain.
SSL certificate
A certificate used to support encrypted HTTPS connections.
Suspicious link
A URL that has signals or context that make it worth checking before clicking.
Trust page
A public page that explains listing, ownership, or link context for a product or business.
Trust signal
A clue that helps users judge whether a link, site, or listing deserves more confidence.
Typosquatting
Registering domains that look like misspellings of real brands.
URL redirect
A server instruction that sends a browser from one URL to another.
URL shortener
A service that turns a long URL into a shorter redirecting URL.
User reporting loop
A process for collecting, reviewing, and acting on suspicious link reports from users or customers.
Vishing
Voice-based phishing or scam calls.
Wire transfer scam
A request that pressures a person or business to send funds to an attacker-controlled destination.