We want to keep this light, and legalese-free.
Contact us if you have any queries about the terms.


Phish5 must only be used against victims for whom you have explicit written and valid permission to target. Failure to adhere to this could result in your account being suspended or banned. We ensure that your email domain matches that of the victim, but this is simply a basic technical check; the onus rests with you to ensure you are allowed to send phishing mails to the victims.

Complaint handling

In the event that we receive complaints about a phishing campaign, we will identify the source of the campaign to the complainant.

Email delivery

Our system will do its darndest to ensure that the mails are sent, but we have no control over the receiving end. We can't guarantee delivery to the target mailbox; what we can guarantee is that an email either failed to leave our servers or that it was accepted for delivery by a registered MX for the victim.

Victim credentials

We do not store any data posted by victims to phishing sites hosted on Phish5. Furthermore, we insert Javascript into all phishing pages that clears any forms before submission. It is not possible to see whether victims submitted valid credentials, only that they submitted data.

Address count limits

There is a 10,000 address limit for every phishing campaign. If you need to include more addresses than that, please contact us.

System priority

We reserve the right to de-prioritise larger phishing campaigns.

Terms changes

Circumstances change, and we may need to update these terms in the future. If so, we'll let you know.