LazyPhish has some IT security concepts to ensure that this tool is used only for testing purposes on correct domains and that the test results can not be misused.

Domains used for Campaigns

Any domain that is planned to be used in testing phishing campaign must be validated before use. This ensures that only domains that are under control of the owner are used.

...

Domain blacklist is introduced in LazyPhish to block any free mail domains which can not be used for Testing Phishing Campaings.

Sensitive Data

Credentials submitted by users in Testing Phishing Campaign

...