We identified another false positive on the OpenPhish feed yesterday.
A domain used in a content delivery network was erroneously added. The domain in question, responsys.net, is used by Oracle's Responsys marketing product and is safe.
We whitelisted this domain and it is no longer generating alerts.
Posted Apr 29, 2020 - 10:23 EDT
We have disabled the ISC feed and continue to audit the OpenPhish Premium feed.
We will continue to update this incident as we learn more.
Posted Mar 04, 2020 - 21:27 EST
Multiple benign domains have been erroneously blocked by DNSWatch recently, leading to an increase in false positive alerts.
The domains in question were added to either the Internet Storm Center or OpenPhish feeds. We are mitigating this issue by temporarily disabling the Internet Storm Center feed as well as further investigating OpenPhish.