Added
Fraudulent email domain signal
29 days ago by Johan Brissmyr
Castle now detects email domains that have been confirmed as actively used in fraud and abuse campaigns. Unlike disposable email services (Mailinator, TempMail), these are domains registered specifically for fraud that appear legitimate but exist solely for bot signups and fake accounts.
- High confidence: Flagged domains remain fraudulent. Permanent state like Disposable Email Domain.
- Research-backed: Identified through Castle's network-wide behavioral analysis and manual review
- Attack-focused: Catches coordinated campaigns, not just suspicious patterns
Example response
{
"policy": {
"action": "deny",
...
},
"signals": ["fraudulent_email_domain"],
"email": {
"address": "[email protected]",
"domain": "nemomo.org"
...
}
...
}Block with confidence
Use Fraudulent email domain in your Policies to confidently block confirmed fraud domains without false positives.
Spot attack patterns
Filter by Fraudulent email domain in Explore to quickly identify and analyze coordinated fraud campaigns
