Like several technologies and systems developed for the Internet, disposable email addresses have both good and negative uses. Some people use them for privacy protection, primarily to keep spam messages away from their official email accounts. These email addresses may also be quite helpful for professional purposes. Software developers, for instance, use disposable emails to test the workflows of their products.
However, disposable email domains also figure in email-based cyber attacks, such as phishing and spam campaigns. In such cases, their purpose is often to deliver malicious links or files, so it won’t really matter if the email address is blocked, as the attackers can use another throwaway email.
The use of disposable emails when signing up for online services could also be prone to abuse. Software-as-a-service (SaaS (News - Alert)) companies are pretty familiar with this scenario: User A, for example, can use a throwaway email address to take advantage of a SaaS freemium plan. When User A reaches the free plan limit, he or she can sign up again using another disposable email address. As a result, the company could find it challenging to convert User A into a paying customer.
Whatever your organization is trying to avoid when it comes to email security, you can keep an eye out on these types of disposable email domains.
3 Types of Disposable Email Domains to Avoid
We downloaded WhoisXML API’s disposable email domains list containing 130,152 domains. The list was last updated on 22 April 2021. The list was analyzed, and these are a few of the types of disposable email domains that stood out.
Finance-Related Email Domains
First on the list are disposable email domains that contain finance-related terms, such as “bank,” “loan,” “pay,” and “credit.” These types of domains drew our attention because they raise several questions. Among them is: Why would financial institutions send emails using a throwaway email address?
The database we downloaded contained 860 email domains that have the finance-related words mentioned above. Among them:
- 167 domains containing the text string “bank”
- 201 domains containing the text string “loan”
- 397 domains containing the string “pay”
- 95 domains containing the string “credit.”
Moreover, 158 disposable email domains included the text string “insur,” which could be used to imitate insurance agents and companies.
Furthermore, we found 137 domains that contain the text string “finan,” which relates to financial institutions. Some examples are certifiedfinancialeducation[.]com, countryfinanncial[.]com, and financementor[.]ru.
Random-Looking Email Domains
Domains that use random characters could be machine-generated, and are primarily associated with malware distribution. And even when these random-looking disposable email domains are not machine-generated, they could seem suspicious, as they don’t make sense. A reputable email sender would use domains that are understandable.
Below are some examples of random-looking email domains found on the database we downloaded:
Numeric
- 00043015[.]com
- 13929973100[.]xyz
- 650489632148[.]xyz
- 5200001[.]top
Alphabetic
- zzjbfwqi[.]shop
- zzqaau[.]rest
- mwgwqe[.]us
- gfdrwqwex[.]com
Alphanumeric
- nfovhqwrto1hwktbup[.]cf
- 00082aa[.]com
- 1xy86py[.]top
- zzv6p9j8b[.]xyz
Typosquatting Email Domains
Typosquatting domains or those that mimic reputable brands and companies are usually seen in phishing campaigns. Threat actors may find these email domains effective in luring victims since they are made to look like the official domains of the imitated companies.
This whitepaper, for one, looked at the subdomain surface of the 10 most spoofed brands in the world—Amazon, Apple, Bank of America, CIBC, Desjardins, Facebook (News - Alert), Microsoft, Netflix, PayPal, and WhatsApp. Some 8.3% of the subdomains were found on PhishTank, but only 99.83% could be publicly attributed to the imitated companies.
We also looked for these 10 brands in the disposable email domains database. Below are our findings.
|
Company Name
|
Search String
|
Number of Disposable Email Domains
|
|
Apple (News - Alert)
|
“appl”
|
102
|
|
Facebook
|
“facebo”
|
25
|
|
Amazon
|
“amazo”
|
22
|
|
Netflix
|
“netfl”
|
10
|
|
Microsoft (News - Alert)
|
“icrosof”
|
9
|
|
PayPal (News - Alert)
|
”paypa”
|
9
|
|
Bank of America
|
“banof” or “boa”
|
3
|
|
WhatsApp
|
“whatsap”
|
1
|
|
CIBC
|
“cibc”
|
1
|
|
Desjardins
|
“desjardins”
|
0
|
Trustworthiness of the Disposable Email Domains
We can’t discount the fact that disposable emails have legitimate uses, too. But how trustworthy are they? We subjected some of the email domains on the database to VirusTotal checks and found some tagged as phishing and spam domains, rendering them suspicious. Some of them are:
- zzv6p9j8b[.]xyz
- 0-z[.]xyz
- apple-web[.]tk
- apple-account[.]app
- microsoftarticles[.]info
- microsoftopedia[.]com
- microsotft[.]org
- via-paypal[.]com
---
Given the ever-evolving cybersecurity landscape, it’s crucial to stay updated on digital assets and systems that threat actors might weaponize. These three types of disposable email domains could be just some of the domain names that cybersecurity teams must watch out for.
