Is reverb.com legit?
Reverb.com appears to be a mixed bag, leaning towards 'Mostly Safe' despite some significant red flags. While it boasts a substantial online presence and a long-standing domain, the lack of crucial legal pages and contact information raises concerns about its accountability and user protection. Proceed with caution and verify alternative means of contact if considering a transaction.
Marketplace average: 74/100 · based on 15 sites
Checked: April 18, 2026 at 8:21 AM UTC · Refresh
Is reverb.com a scam? Here's what we found.
The security infrastructure is robust, with a valid SSL certificate ensuring encrypted connections and modern TLS 1.3 protocol. Google Web Risk found no threats, indicating a clean bill of health from a major security assessment.
With a domain age of over 23 years, reverb.com has an established online identity. The domain expiry being over 200 days away and the visible WHOIS information (despite registrar) are positive signs of longevity and ownership transparency.
The website holds a very high Tranco rank, indicating significant traffic and recognition. It's clean on DNS blacklists, which is a good indicator, though the 403 error is a puzzling intermittent disruption for a site of this scale.
Transparency is a significant weak point. The site returned a 403 error upon access, and critical contact information, as well as social media links, are missing from the homepage, making it hard to engage with or reach the business.
Compliance is severely lacking. The absence of both a privacy policy and terms of service is a major red flag, leaving users unprotected and the business exposed to legal and ethical questions.
The site benefits from a fast page load time and well-configured DNS and email authentication (SPF, DMARC), pointing to a professionally managed backend. However, the absence of a sitemap, while not critical, is an oversight for a site of this size.
Signals Detected
This is a well-known, high-traffic website
No structured data markup found
This business has no Trustpilot presence — not unusual for smaller or newer companies
Domain created 2002-11-25T19:02:33Z (23 years, 8 months ago)
Registered through NameCheap, Inc.
Expires in 221 days
DNSSEC status from WHOIS
Valid certificate, expires in 84 days
Certificate issued by Let's Encrypt
Connection uses TLS 1.3
robots.txt has 1212 directives and references a sitemap
Site has a favicon but no social sharing metadata
X-Frame-Options: SAMEORIGIN
Web server: cloudflare
No threats detected by Google Web Risk
No sitemap found — common for smaller sites
Website returned status 403
No obvious contact information found on homepage
No privacy policy or terms of service found
No social media links found on homepage
Not found on any DNS blacklists
Resolves to: 2a06:98c1:58::73, 2606:4700:7::73, 162.159.140.117, 172.66.0.115
Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., alt3.aspmx.l.google.com., alt4.aspmx.l.google.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: ns-279.awsdns-34.com., ns-710.awsdns-24.net., ns-1408.awsdns-48.org., ns-1635.awsdns-12.co.uk.
Could not query Wayback Machine
Could not query certificate transparency logs
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.