PhishTank is operated by Cisco Talos Intelligence Group.

For the current Cisco privacy policy applicable to Phishtank, please see Cisco Online Privacy Statement.

Archived Privacy Policy

Phishing is a fraudulent attempt to get you to provide personal information including, but not limited to, account information.

OpenDNS ("OpenDNS"), operates ("PhishTank"), a free community website for submitting and verifying suspected phishing websites and emails and sharing this information with the community via a free API. It is OpenDNS's policy to respect your privacy regarding any information we may collect while operating PhishTank.

Website Visitors

PhishTank collects non-personally-identifying information including the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. PhishTank's purpose in collecting non-personally identifying information is to better understand how PhishTank's visitors use its website.

From time to time, PhishTank may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of PhishTank.

API Users

For those users who complete the free PhishTank registration and use the Application Programming Interface (API) to programmatically submit information to or request information from PhishTank, additional information is recorded, including the screen name ("User ID"), the API key, the action, the parameters, and the IP address used to make the request. API usage is not limited, and it is free, but PhishTank may use this data to identify overuse of PhishTank resources via the API. PhishTank may also solicit feedback from API users via their registered email address about how the API is used, and how it might be improved.

From time to time, PhishTank may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of the PhishTank API. PhishTank does not disclose personally-identifying information about API usage other than as described below.

Submission of Suspected Phish Emails

PhishTank collects suspected phish emails ("phishes") which are submitted by registered members of its community. Phishes may include personal information, including email addresses and names, whether in the body or headers of emails. For this reason, PhishTank makes reasonable effort not to display anything on the website about submitted phishes which may identify the submitter beyond the PhishTank User ID. Similarly, PhishTank does not share personal information via its API. PhishTank goes to reasonable lengths to protect or remove any personally-identifying information in the suspected phishes. However, PhishTank cannot guarantee that its measures will be successful. PhishTank and OpenDNS cannot be held responsible for any failure or inability to protect your information. Submitting phishes does incur some risk, and you agree to accept this risk in your use of PhishTank.

Gathering of Personally-Identifying Information

Certain visitors to PhishTank choose to interact with PhishTank in ways that require PhishTank to gather personally-identifying information. The amount and type of information that PhishTank gathers depends on the nature of the interaction. For example, we ask customers who want to submit or verify potential phishing websites and emails to register with a User ID and email address on the PhishTank website. The same information is required to use the PhishTank API. Those who engage in transactions with PhishTank are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, PhishTank collects such information only insofar as is necessary or appropriate to fulfill the purpose of the customer's interaction with PhishTank. PhishTank does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain activities.

Aggregated Statistics

PhishTank may collect statistics which may be comprised of aggregated personally-identifying information about the behavior of visitors to PhishTank. For instance, PhishTank may describe which companies are most often the target of community-verified phish, or the total number of registered users. PhishTank may display this statistical information publicly or provide it to others. However, PhishTank does not disclose personally-identifying information other than as described below.

Protection of Certain Personally-Identifying Information

PhishTank discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on PhishTank's behalf or to provide services available at PhishTank's websites and services, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using the PhishTank website, you consent to the transfer of such information to them. PhishTank will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, PhishTank discloses potentially personally-identifying and personally-identifying information only when required to do so by law, court order, or when PhishTank believes in good faith that disclosure is reasonably necessary to protect the property or rights of PhishTank, third parties or the public at large.


If you are a registered member of PhishTank and have supplied your email address, PhishTank may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with PhishTank. We primarily use the PhishTank blog and website to communicate this type of information, so we expect to keep this type of email to a minimum. If you are a registered member of PhishTank and do not wish to receive such emails, please follow the instructions included in each email sent. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. PhishTank takes measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.


A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. PhishTank uses cookies to help PhishTank identify and track visitors, their usage of the PhishTank website, and their website access preferences. PhishTank visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using PhishTank, with the drawback that certain features of PhishTank may not function properly without the aid of cookies.

Privacy Policy Changes

PhishTank may change its Privacy Policy from time to time, and in PhishTank's sole discretion. PhishTank encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of our sites and services after any change in this Privacy Policy will constitute your acceptance of such change.


Full contact information, including location, may be found on our Contact page.

Creative Commons

Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.