The Dangers of Dangerous Domains

March 30, 2023
By AtData

We all know the internet is full of potential dangers. As consumers, we avoid the obvious pitfalls by not clicking on the unknown, following up directly when we see something suspicious, and not sending out our banking information to a long-lost prince who is in a bind. But, there are land mines hiding in plain sight in the form of dangerous domains, and AtData assists in protecting companies from allowing them into their databases. 

Many of our clients use our API to clean, correct, and protect their data. As we regularly process our thousands of clients’ email data, our system identifies unusual and anomalous behavior across billions of monthly data points. Our engineering team will then further research this activity and flag accordingly. The information then becomes a part of our knowledge base for our network.

What exactly are dangerous domains?

That boils down to what exactly a domain is, and how it can be used for malicious intent. The domain is the portion of the email address to the right of the @ symbol, and it can be thought of as a building or town that groups a set of mailboxes. Some domains are very large, such as or, and some are very small, like the domain of a small company. 

So, what makes them potentially dangerous? The problem is there are organizations and individuals that create and utilize domains for malicious intent. It is much easier for a bad actor to create a domain with 100 email addresses than it is for them to register 100 new gmail addresses. Websites for these domains could contain phishing, malware, or unwanted software. Emails sent from these dangerous domains attempt to gather personal or banking information. And as marketers, we have additional concerns coming from spamtraps and honeypots – tools that blocklist operators utilize to catch non-compliant spammers.

Let’s Dig Into Some Potentially Dangerous Domain Uses

  • Phishing: Phishing sites are designed to steal personal information, such as usernames, passwords, credit card numbers, and more. They often use deceptive tactics, such as mimicking legitimate websites, to trick users into entering their information. Because of the very high likelihood of money being involved, gambling sites are often used in attempts to scam people.
  • Malware: Malware sites are designed to spread malicious software, such as viruses, spyware, and adware. They can also be used to install malicious programs on your computer without your knowledge. Dark web sites are often used to spread malware, viruses, and other malicious software.
  • Bots: Websites and emails can be created rather rapidly utilizing bots as a means to disperse messaging or attempt access through web forms. The bots will look for vulnerabilities and often use email addresses containing dangerous domains or will originate from them.
  • Spamtraps, Honeypots: While these are not considered malicious, you don't want to get them in your database or email lists. Spamtraps are ways for email service providers (ESPs) and anti-spam organizations to identify emails senders abusing mail systems or sending unsolicited mail. Honeypots are essentially email addresses published onto websites somewhere or in a list to catch companies gathering information improperly.

There are, unfortunately, new dangerous domains created regularly, and old safe domains that get taken over and become unsafe. By avoiding dangerous domains, you can help protect yourself, your company, and your data from potential threats.

Examples of How AtData Stopped Dangerous Domains 

For example, a large FinTech client experienced over 1,200 calls to our API originating from a single domain in an unusual timeframe. Our system was flagged the activity, which was corroborated by our engineering team. The offending domain and IP addresses were blocked, avoiding further damage to our clients.

Another example was a specific domain that we first saw on August 15th, 2022. Within 15 days we processed 3,216 validations of the domain from a variety of customers across our network and saw 2,225 unique usernames tied to the domain. The sudden appearance with a high velocity of activity tends to point to bot behavior. We were able to identify the malicious activity, flag, and block accordingly, so all of our clients benefit.

How is AtData Able to Confidently Identify Dangerous Domains

  • Over 20 years of archived original source data.
  • Proprietary alerts, patterning, and anomaly detection built on the intellectual property from the merger of two email-centric data companies, TowerData and FreshAddress.
  • Billions of monthly activity signals processed across our proprietary network of thousands of businesses.
  • Experienced engineering research team that investigates anomalies for further improvements to our systems ability to identify activity.
  • Client services team that rapidly responds and coordinates with clients to become an extension of their business.

AtData’s strength is in working closely with our client base. Our robust, historical dataset across thousands of partners and clients has allowed us to fine tune monitoring for unusual behavior patterns or anomalies. Where activity would not be apparent to a single organization, we are able to detect across the entirety of our network and data.

Want to learn how AtData can help you? Contact us today to start the conversation!