Security Boulevard has published its August 2025 Fraudulent Email Domain Tracker, drawing on Fraudmarc data to identify more than 2,000 disposable, throwaway, and abuse-prone domains frequently linked to spam, phishing, and fake registrations. This data set, while significant, is one of many available; for comparison, the service throwaway.cloud provides a dataset listing over 30,000 domains.
The list covers both temporary mailbox providers and mainstream domains with limited anti-abuse safeguards. Importantly, the report stresses the dataset is a risk signal rather than a prescriptive blocklist. Businesses are advised to incorporate it into verification workflows alongside device fingerprinting and adjusted sign-up thresholds, rather than applying blanket suppression.
Why it matters:
- Heavy use of disposable domains can distort engagement metrics, inflate bounce rates, and increase abuse complaints, creating downstream deliverability risks.
- Fraudulent sign-ups drive cost and resource overheads, skew performance analytics, and expose platforms to account abuse.
- Some legitimate users rely on disposable addresses, meaning rigid blocking introduces false positives.
Recommendations for senders and platforms:
- Integrate domain intelligence into risk-weighted scoring models.
- Correlate bounce and complaint rates with disposable provider usage to fine-tune thresholds.
- Train support teams for manual review of flagged cases.
- Pair domain signals with behavioural analysis and potentially consider device fingerprinting for higher detection accuracy. Organisations like e-Hawk can help with that.
