If there is a domain that could be useful as a phishing site (a domain the original company allowed to expire, one that just looks right enough, etc) but is on the common blacklists, isn't that useful. If it dropped of the blacklists when registration expired then another nefarious type (or the same nefarious person if they are lucky) could re-register it and use it as a freshly useful phishing location until it once again got on the lists.
Though given how carefully people often don't check domains, or in some cases how easily they are hidden, which is why many phishing attacks work, this might not make a big difference overall.
For "just right", the domain also has to look more "just right" than the many unregistered names that are very close. And an aggressive filter trying to block on that basis should be doing it preemptively and not very much based on domain history.
A domain that used to be tied to the company has different considerations, but ideally it would also be blocked based on ownership changes and not wait for content.
If there is a domain that could be useful as a phishing site (a domain the original company allowed to expire, one that just looks right enough, etc) but is on the common blacklists, isn't that useful. If it dropped of the blacklists when registration expired then another nefarious type (or the same nefarious person if they are lucky) could re-register it and use it as a freshly useful phishing location until it once again got on the lists.
Though given how carefully people often don't check domains, or in some cases how easily they are hidden, which is why many phishing attacks work, this might not make a big difference overall.