These are the most popular domains mentioned in the Collections 1-5, ANTIPUBLIC, MYR, and Zabugor breach compilations, sorted by most to least references. I computed these to effectively hunt for mailservers whose domains had expired (so I could register them, protecting innocent former customers) - but you might also find this useful if you’re interested in:

  • Rough data about what email servers are most popular (see Biases, below),
  • Studying what typos people are likely to make, and security implications of such, or
  • Maybe something else!


File Tree

Most Popular Email Domains in Collections 1-5 & ANTIPUBLIC & MYR & Zabugor/

Example contains email_domains_by_popularity.txt, a text file containing lines in the format:

count1 domain1
count2 domain2
count3 domain3

Where count is the number of times that domain appeared across the Collections 1-5, ANTIPUBLIC, MYR, and Zabugor breaches. All lines are ‘clean’ and contain no other data, the domains are confirmed to be valid, etc.

For example, the first ten lines (“top ten email domains”) are:




To generate this list all of these breach compilations were read, valid domains were extracted, and then counted. 1 domain = 1 mention of that domain. I did no other filtering, no aggregation by username associated with each domain, etc.


This dataset is heavily biased because of the various sources used.

  • Some domains are overrepresented compared to their real-world popularity:
    • ex. Yahoo’s entire customer base from when they were breached
    • ex. Some lines and files were repeated by the breach compilers
    • ex. A single highly-online user being counted many times across many breaches
  • Some domains are underrepresented.
    • Newer domains are likely underrepresented because of the age of these breaches/compilations.
    • Breached companies are not uniformly distributed grographically.
  • Some domains never really existed in the first place.
    • Spammers, bots, etc. might try signing up with an automated email server.
    • Anonymous people might try signing up with a nonexistent email server.
  • Many domains were typoed.
    • ex. instead of
  • Some data was corrupted, and had to be discarded.
    • All breaches in breach compilations are rarely pristine.

Etc. It is not a definitive measure of “this email provider is the most popular” or anything like that - it only tells you that these domains were the most popular as found in this breached data.

HTTPS Download

If you cannot use a torrent client, you can download from my GetRight server, though this is limited to 500 KB/s per client.