Hi @tbehling,
There are very few of these "transient" domain names (like the EC2 case you mention). 99% of the entries are for large financial institutions and brands you would expect to find on the Alexa top 100 list.
Can you expand on your use-case? Why is it problematic to find out at the time of the new-authz request that the domain doesn't meet the issuance policy requirements?
The new-authz endpoint is an API that you can use to check the domain if you are cognizant of pending authorization limits (this only matters for cases where the domain is allowed and a pending authz is created. None will be created for a domain that the policy blocks).
We do not presently make the list of high-value domain names blocked by the issuance policy public. I don't expect this will change in the short term.
Thanks!