At Melissa, we’re always on the lookout for ways to enhance our products in meaningful ways. These days, staying informed about who’s reaching out to you—especially by email—is more important than ever. With scams, phishing and shady links just a click away, it pays to know what you’re dealing with before you open a message.
Approximately 3.4 billion phishing emails are sent globally each day, making phishing the most prevalent form of cybercrime. About 96% of phishing attacks are delivered via email, and email remains the primary delivery vector for malware.
To combat the threat of email attacks, we are excited to introduce 4 new result codes coming to both our on-premise Email Object and Global Email Web Service solutions. These result codes will help businesses and individuals identify potentially harmful domains before they can pose a risk to their infrastructure or their operations.
|
Code
|
Short Description
|
Long Description
|
|
ES32
|
Phishing Domain
|
This domain has been flagged for phishing attacks. Emails from this domain may be part of an attempt to harvest your users’ personal information.
|
|
ES33
|
Scam Domain
|
This domain has been linked to scam activity. Emails from this domain may be part of an attempt to swindle funds or securities from your users.
|
|
ES34
|
Malware Domain
|
This domain was identified as being used in malware attacks. Emails from this domain may attempt to trick your users into installing malicious software such as viruses, spyware, ransomware or adware.
|
|
ES35
|
Malicious Domain
|
The domain has been listed for malicious activity. Emails from this domain may be used by bad actors for nefarious purposes.
|
Our malicious domain data is aggregated from multiple well-known blacklists and updated monthly. Depending on the type of activity or activities the domain is associated with, one or more of the above result codes will be appended to the ‘result codes’ response field.
Interpreting Results
Result Codes
Interacting with malicious domains not only puts you and your enterprise at risk of a cyber-attack, it also wastes precious resources and can potentially have a negative impact on your email sender reputation.
Domains flagged for malicious activity (ES35) have indicated a history of suspicious activity and may carry one or more specific risks depending on the lists they appear on. It’s advised to avoid interaction with these emails to minimize risk to you or your business.
Domains associated with phishing and scams (ES32 and ES33) are likely not tied to a real user. Furthermore, making yourself known to them may add you to their list of targets for future attacks. Incoming messages from a domain associated with malware attacks (ES34) should be treated as a serious danger. The payload from a successful malware attack can cripple infrastructure and expose you or your clients’ data.
DCS (Deliverability Confidence Score)
Malicious activity is one of the factors considered when calculating the Deliverability Confidence Score (DCS) for an email address. DCS reflects the likelihood that your message will be delivered to a valid, active mailbox without risk.
Email addresses associated with malicious activity will fall below our recommended threshold for safely sending messages. For guidance on Melissa’s DCS recommendations, please refer to the following documentation:
Why Understanding Domain Threats Matters
Turning insight into action is how you stay one step ahead—because in email security, what you don’t know can hurt you. The more visibility you have into potential threats, the better equipped you are to block them before they reach your users, disrupt workflows or compromise data. Awareness provided by Melissa’s email validation tools is the first step—but decisive action is what makes the difference.
Examples
Global Email Web Service Request: https://globalemail.melissadata.net/v4/WEB/GlobalEmail/doGlobalEmail?t=”DomainWarning_Example”&id=&format=json&email=test@agoracompostelae.com
Response:
{
"Version": "9.4.1.4346",
"TransmissionReference": "DomainWarning_Example",
"TransmissionResults": "",
"TotalRecords": "1",
"Records": [
{
"RecordID": "1",
"DeliverabilityConfidenceScore": "40",
"Results": "ES03,ES32,ES34,ES35",
"EmailAddress": "test@agoracompostelae.com",
"MailboxName": "test",
"DomainName": "agoracompostelae",
…
}
]
}
Email Object Validation:
================================ INPUTS =================================
Email: test@agoracompostelae.com
================================ OUTPUT ================================
Email: test@agoracompostelae.com
Mailbox Name: test
Domain Name: agoracompostelae
Top-Level Domain: com
Top-Level Domain Description: Commercial
Result Codes: ES03,ES32,ES34,ES35
- ES03: The domain name was not confirmed as valid by either DatabaseLookup, but it was not found on the list of invalid domain names.
- ES32: This domain has been flagged for phishing attacks. Emails from this domain may be part of an attempt to harvest your users’ personal information.
- ES34: This domain was identified as being used in malware attacks. Emails from this domain may attempt to trick your users into installing malicious software such as viruses, spyware, ransomware or adware.
- ES35: The domain has been listed for malicious activity. Emails from this domain may be used by bad actors for nefarious purposes.
========================================================================
Thank you for your attention to this update. If you have any questions or concerns, please contact Tech Support at tech@melissa.com or call 1 (800) 800-6245 x4.