Bananas was interested in rpz zones which nothing to do with car parking or planning regulations but dns zones, they look quite simple until you try and get one.
However with a bit searching rpz zones could be manually created and work but then its a little out of date, most threat zones are small rather than large so having a good mail server is way more important than a rpz zone blocking a specific url sent in a scammy email say.
bank.barclays.co.uk.olb-auth-loginlink.action. asdasd45.as4d56asdas.da 4s65d46asdasdsd. ta77lia. com _b
Whois says Egypt owner and hosted in DE and I guess it depends on how dumb your network users are, how money grabbing and unethical an ssl certificate provider is and how long it takes them to ignore abuse emails to the hosting provider to shutdown something.
Getting bad site data is quite easy once you start but making it rpz friendly is another Theme and user content directories are popular for bad permissions and like the link above look shady.
Some malware domains just use an ip address so whether or not an rpz zone would work is a little more questionable. A general and unscientific match of mail server abuse to phlishing domains (a grep) seems that these are tasked to one job only so there is no overlap by domain name.
rpz’s sound great but with freshness and everybody playing catch up perhaps its best that there left as something that just cisco users have.