UserCheck
Signup Protection Pricing Documentation Sign up Log in

Spam Domain Checker

Check if a domain has been flagged for spam or abuse, before it reaches your signup form or sending list.

Try
For developers

REST API

All of UserCheck's email and domain intelligence in a fast and simple API. 

$ curl https://api.usercheck.com/domain/spambox.xyz
{
  "spam": true
}
Get your API key Read the docs

1,000 free credits each month · no credit card required.

What the spam flag means

The spam check answers one question: has UserCheck flagged this domain for spam or abuse? It's a binary signal, spam: true or false, not a 0-100 reputation grade or a Sender Score, and it isn't a sweep across public DNS blacklists. It tells you whether the domain has turned up in abusive activity that UserCheck tracks.

In practice it's a first-pass filter. A flag on a signup is a reason to reject or add verification; on an inbound contact or a marketing list, it's a reason to check further before you send. It works best alongside other signals like domain age, disposable, and MX, rather than as a verdict on its own.

How a domain gets flagged

A domain gets flagged for its own behavior: sending spam in volume, hosting an abusive service, or turning up repeatedly in the fraud activity UserCheck sees across its traffic. The flag is conservative: a borderline domain is left unflagged rather than risk a false positive on a legitimate one.

Checking it from your code

Both the /domain and /email endpoints return spam: true or false. Use it as one input to your risk logic, not the whole decision. See the API documentation for examples.

Frequently asked

Common questions

What does "spam domain" mean here?

A domain UserCheck has flagged for spam or abuse: sending spam, hosting abusive services, or showing up in fraud activity. The spam field is about the domain's own behavior, not the contents of any one message, and it's a yes/no flag rather than a graded score.

Is a spam domain the same as a disposable one?

No, though they overlap. Disposable services often get flagged for spam because their inboxes are used in bulk for abuse. UserCheck keeps the two as separate fields so you can act on whichever one matters for your flow.

Can a legitimate business domain end up flagged?

Occasionally, usually after a compromise, where a hijacked mail server starts sending spam, or after aggressive cold-email campaigns. The flag is conservative and gets revisited as new data comes in, so it isn't permanent.

How do I dispute a false positive?

Submit the domain through the data correction form. We re-review it and adjust the classification when it's warranted.

Should I block all spam-flagged domains?

For signup flows where account quality matters, blocking or stepping up verification on a flag is reasonable. For inbound email or contact forms, routing them through extra scrutiny usually beats dropping them outright. Treat it as one signal among several.

Can I check the spam flag from my code?

Yes. Both /domain/{domain} and /email/{email} return spam: true|false. Feed it into your risk logic alongside the other fields. The API documentation has examples.