When one or more email addresses on a verified domain appear in a data breach, a notification is sent to the email address used to enrol the domain. The message is sent from noreply@haveibeenpwned.com, DKIM-signed, and delivered via HIBP’s dedicated SendGrid IP address (167.89.85.8). A sample notification email is shown below.