Treat with caution
The domain appears on one or more DNS blocklists used for spam filtering.
MalwareTips analyst · message material
legitimateLegitimate newsletter from Rituals Cosmetics notifying subscribers about a potential data issue with membership information.
- Screenshot shows no visible From field or subject, likely due to cropped image.
- URIBL DNSBL hit detected on domain.
- Visual flags claim of unauthorized data download affecting personal info.
- Screenshot advises extra phishing vigilance and contact via email only.
- One link uses plain HTTP to www.w3.org.
- Email headers show future date of April 2026.
This email is authenticated and from Rituals' official newsletter domain using a legitimate ESP; no action required unless you want to review their FAQ. Delete if you didn't subscribe or mark as read.
Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.
Why this verdict
skippedThis report was generated before the per-signal breakdown was available. Rescan this address to see the full score log.
Display name, domain reputation, and authentication checks for the From address.
Display-name impersonation
NO BRAND CLAIMThe display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.
Brand-lookalike radar
okNo typosquat or homoglyph match against the top 50 phished brands.
Domain age
okno RDAP record found
Signals extracted from the message body, embedded URLs, and uploaded screenshot.
Links extracted from this email
4 shownEach link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.
- click.c.rituals.com/?qs=ABB7InYiOjEsImQiOjQ4NTR9ADIAAAAAAB8pBoZE9oX5Va19WV2uQrP0UV27Bhr7qAMuRN_aZLwkhBi6U6zEI710DyB-87oVgclf9ewnUb6KFzCnIvOD47rhdD1QLHvQKLL5V5wlY3o5HoK8Host uses multiple subdomainsSuspicion5
- www.w3.org/TR/REC-html40Link uses plain HTTP, not HTTPSSuspicion5
- image.c.rituals.com/lib/fe2e11717564047a731278/m/1/99d456fc-b4b0-4219-b3eb-4e03954c5749.pngHost uses multiple subdomainsSuspicion5
- www.rituals.com/nl-nl/faq/data/Suspicion0
Screenshot vision analysis
VISUAL · 60/100Email claims a data breach involving Rituals membership data and personal info, underlining no immediate action needed but urging phishing awareness and email contact. Suspicious due to absent sender details and subject, though Rituals branding appears authentic.
- No From field visible
- No subject visible
- Claims unauthorized data download affecting personal info
- Advises extra phishing vigilance
- Contact via email only
- Styled brand logo prominent
MX records, deliverability probe, provider classification, and DNS blocklists.
Deliverability
ok- RFC 5322 syntax valid
- 1 MX record publishedreply.s50.exacttarget.com
- SMTP probe · unknown — SMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)
Provider classification
okNot on our disposable-provider list and not a recognised consumer freemail (Gmail / Outlook / Yahoo etc.) — likely a custom domain.
DNS blocklists
okListed by 1 of 3 blocklists:
Breach history for this address and the structural identity of the sending domain.
Breach exposure (HIBP)
okHIBP_API_KEY not configured