Community Intelligence

Live Threat Insights

Aggregated from 38 email header analyses submitted over the past 90 days. Updated hourly. No individual analysis data is exposed.

Last updated: 4 July 2026, 12:26 pm

30-Day Risk Trend

Daily volume of analyses by risk level over the past 30 days.

Threat Intelligence

Risk distribution, high-threat domains, and IP reputation signals across all analyses.

Critical

24

63% of all analyses

High

1

3% of all analyses

Medium

2

5% of all analyses

Low

11

29% of all analyses

Risk Distribution

Critical
2463%
High
13%
Medium
25%
Low
1129%

High + Critical emails

25

66% of total

Reply-To mismatches

15

39% — primary BEC indicator

IPs on blocklists

13

across 8 unique IPs

Top High-Threat Sender Domains (last 90 days)

DomainTotalCriticalHighThreat %
paypal.com1010100%
gmail.com42175%
evil-bank-alerts.com22100%
aol.com22100%
evil-test-123.com11100%
newblgwrti-03btrm5k.firebaseapp.com11100%
notifications-paypal.net11100%
bankofamerica.com11100%
vicyzu.efag49.d4uy1x.us11100%
suspicious-domain.ru11100%

Blacklisted IPs Seen in Analyses

185.220.101.45
3
185.220.101.47
3
41.57.105.219
2
54.240.8.195
1
156.70.22.41
1
51.255.195.57
1
170.203.21.39
1
209.85.128.1
1

Authentication Posture

SPF, DKIM, and DMARC pass rates, enforcement policy distribution, and DNS record adoption across analyzed domains.

SPF pass rate

42%

16 of 38 analyses

DKIM pass rate

32%

12 of 38 analyses

DMARC pass rate

34%

13 of 38 analyses

SPF Results

pass
42%
fail
39%
unknown
8%
neutral
5%
none
5%

DKIM Results

pass
32%
none
29%
fail
24%
unknown
8%
pass (icloud.com); fail (roborock.com — expected due to icloud relay rewriting)
3%
permerror
3%
pass (dual-signed: crm.indiacircus.in and amazonses.com)
3%

DMARC Results

fail
37%
pass
34%
none
16%
unknown
8%
fail (policy=reject)
3%
pass (p=reject)
3%

DMARC Published Policy Distribution

Policy read from DMARC header result — reflects what the sending domain enforces

reject
1129%
none
718%
quarantine
25%

DNS Record Adoption

Live DNS lookups run at analysis time — 12 domains checked

SPF
975%
DMARC
975%
MTA-STS
18%
TLS-RPT
18%
BIMI
433%

Traffic Patterns

Sender geography, top domains analyzed, and routing complexity across all submissions.

ARC headers present

21%

8 forwarded email analyses

Most common hop count

0

hops per email (most frequent)

Most Analyzed Sender Domains

paypal.com
1026%
gmail.com
411%
evil-bank-alerts.com
25%
crm.indiacircus.in
25%
aol.com
25%
628hzgtj.us
13%
hello.myphdweightloss.com
13%
usyouthsoccer.org
13%
suspicious-domain.ru
13%
substack.com
13%

Routing Hop Count Distribution

0 hops
1026%
1 hop
924%
2 hops
1026%
3 hops
616%
4 hops
13%
8 hops
13%
9 hops
13%

All data is aggregated from community submissions. No individual email content, sender identity, or recipient information is exposed. Data covers the past 90 days and refreshes hourly.