I have this specific rule turned on in NextDNS. It’s sometimes annoying, but seems like a reasonable policy to block any newly registered domains as extra protection against phishing attempts.
Spamhaus et al. (corporate subscription), but same thing. If there's a noteworthy new domain, we'll check and whitelist it but otherwise silently disables phishing attempts. The one we have (which I don't know which specific lists) also detect new GitHub, AWS (S3), Azure (Windows Blob), and Google (Appspot et al.) subdomains.
As a former red-teamer, we would have long registered but otherwise dormant domains that did usual activities that is expected, like get TLS certs, and show some mail and whatnot...
