Boneyard Tools

Punycode Converter (IDN to ASCII)

Paste a Unicode domain or email to convert it to its ASCII Punycode (xn--) form, or paste an xn-- domain to decode it back to readable Unicode. Each DNS label is converted on its own, so the rest of the address stays intact.

How to convert Punycode

  1. Paste a domain or email into the box.
  2. Choose Encode to go from Unicode to xn--, or Decode to go back.
  3. Copy the converted result.

Examples

Encode an IDN to Punycode

mรผnchen.de
xn--mnchen-3ya.de

Decode Punycode back to Unicode

xn--bcher-kva.example
bรผcher.example

Encode the domain of an email

user@mรผnchen.de
user@xn--mnchen-3ya.de

Frequently asked questions

What is Punycode?

Punycode (RFC 3492) is a way to represent Unicode domain labels using only ASCII letters, digits and hyphens. Browsers use it so internationalized domain names work in the DNS, which only allows ASCII. Encoded labels start with the xn-- prefix.

Why does the output start with xn--?

xn-- is the ACE (ASCII Compatible Encoding) prefix that marks a label as Punycode. A decoder sees the prefix, strips it, and decodes the rest back to Unicode. Plain ASCII labels never get the prefix.

Does it convert email addresses?

Yes. If the input contains an @, only the domain part after it is converted. The mailbox (local) part is left exactly as you typed it.

Does it apply IDNA normalization like lowercasing or NFC?

No. This is a direct Punycode transcoder, so encode then decode round-trips your text exactly. It does not lowercase, apply Unicode NFC normalization or run Nameprep, so it will not silently change your characters.

Does it handle emoji and astral characters?

Yes. Code points above the Basic Multilingual Plane, including emoji, are handled correctly through proper surrogate pair decoding.

Why are people warned about Punycode and phishing?

Look-alike Unicode letters can be encoded into domains that visually resemble a trusted brand (a homograph attack). Decoding an xn-- domain here reveals the real Unicode characters so you can spot a spoof.

Is my input private?

Yes. Everything runs in your browser and nothing is uploaded.

Related tools