Community Intelligence
Live Threat Insights
Aggregated from 38 email header analyses submitted over the past 90 days. Updated hourly. No individual analysis data is exposed.
Last updated: 4 July 2026, 12:26 pm
30-Day Risk Trend
Daily volume of analyses by risk level over the past 30 days.
Threat Intelligence
Risk distribution, high-threat domains, and IP reputation signals across all analyses.
Critical
24
63% of all analyses
High
1
3% of all analyses
Medium
2
5% of all analyses
Low
11
29% of all analyses
Risk Distribution
High + Critical emails
25
66% of total
Reply-To mismatches
15
39% — primary BEC indicator
IPs on blocklists
13
across 8 unique IPs
Top High-Threat Sender Domains (last 90 days)
| Domain | Total | Critical | High | Threat % |
|---|---|---|---|---|
| paypal.com | 10 | 10 | — | 100% |
| gmail.com | 4 | 2 | 1 | 75% |
| evil-bank-alerts.com | 2 | 2 | — | 100% |
| aol.com | 2 | 2 | — | 100% |
| evil-test-123.com | 1 | 1 | — | 100% |
| newblgwrti-03btrm5k.firebaseapp.com | 1 | 1 | — | 100% |
| notifications-paypal.net | 1 | 1 | — | 100% |
| bankofamerica.com | 1 | 1 | — | 100% |
| vicyzu.efag49.d4uy1x.us | 1 | 1 | — | 100% |
| suspicious-domain.ru | 1 | 1 | — | 100% |
Blacklisted IPs Seen in Analyses
Authentication Posture
SPF, DKIM, and DMARC pass rates, enforcement policy distribution, and DNS record adoption across analyzed domains.
SPF pass rate
42%
16 of 38 analyses
DKIM pass rate
32%
12 of 38 analyses
DMARC pass rate
34%
13 of 38 analyses
SPF Results
DKIM Results
DMARC Results
DMARC Published Policy Distribution
Policy read from DMARC header result — reflects what the sending domain enforces
DNS Record Adoption
Live DNS lookups run at analysis time — 12 domains checked
Traffic Patterns
Sender geography, top domains analyzed, and routing complexity across all submissions.
ARC headers present
21%
8 forwarded email analyses
Most common hop count
0
hops per email (most frequent)
Most Analyzed Sender Domains
Routing Hop Count Distribution
All data is aggregated from community submissions. No individual email content, sender identity, or recipient information is exposed. Data covers the past 90 days and refreshes hourly.