This list contains domain names that have been identified being used in spam, phishing or malware.

It can be used to check the domain name used in rDNS, SMTP HELO/EHLO, From domain (either envelope or header), Message-ID header domain and any domains found in the email message body.

This list contains all the domains that were newly observed within the last 25 hours meaning that we don't have any reputation data for them yet.

This data comes from Farsight Security's extensive network of Passive DNS sensors rather than using WHOIS data, so this means that if the domain was registered previously but not used, then it will not appear on this list until it is first used and observed.

Being listed here doesn't necessarily mean the domains are bad, just they they are very 'new' - however receving mail containing these domains should be treated with high suspicion as it is typical for spam, phishing and malware to register domains and use them immediately as a means of avoiding detection.

Due to the nature of this list, we do not allow any delistings from it as entries auto-expire 25 hours after first observation.