diff --git a/requirements/main.txt b/requirements/main.txt
index 5e5374bfd8a9..a2a08860c59e 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -2267,9 +2267,9 @@ text-unidecode==1.3 \
     --hash=sha256:1311f10e8b895935241623731c2ba64f4c455287888b18189350b67134a822e8 \
     --hash=sha256:bad6603bb14d279193107714b288be206cac565dfa49aa5b105294dd5c4aab93
     # via python-slugify
-tldextract==5.2.0 \
-    --hash=sha256:59509cbf99628c9440f4d19d3a1fd8488d50297ea23879c136576263c5a04eba \
-    --hash=sha256:c3a8c4daf2c25a57f54d6ef6762aeac7eff5ac3da04cdb607130be757b8457ab
+tldextract==5.3.0 \
+    --hash=sha256:b3d2b70a1594a0ecfa6967d57251527d58e00bb5a91a74387baa0d87a0678609 \
+    --hash=sha256:f70f31d10b55c83993f55e91ecb7c5d84532a8972f22ec578ecfbe5ea2292db2
     # via -r requirements/main.in
 transaction==5.0 \
     --hash=sha256:106e7bd782bcc0cb5119fc9225b0c9a71dfc53adb938be905223adaef22b1174 \
diff --git a/warehouse/accounts/forms.py b/warehouse/accounts/forms.py
index 0d3eb0b16959..b3cbf5a82d2e 100644
--- a/warehouse/accounts/forms.py
+++ b/warehouse/accounts/forms.py
@@ -292,12 +292,12 @@ def validate_email(self, field):
 
         # Check if the domain is valid
         extractor = TLDExtract(suffix_list_urls=())  # Updated during image build
-        domain = extractor(resp.domain.lower()).registered_domain
+        domain = extractor(resp.domain.lower()).top_domain_under_public_suffix
 
         mx_domains = set()
         if hasattr(resp, "mx") and resp.mx:
             mx_domains = {
-                extractor(mx_host.lower()).registered_domain
+                extractor(mx_host.lower()).top_domain_under_public_suffix
                 for _prio, mx_host in resp.mx
             }
             mx_domains.update({mx_host.lower() for _prio, mx_host in resp.mx})
@@ -315,7 +315,7 @@ def validate_email(self, field):
                 mx_ptr = dns.resolver.resolve_address(mx_ip[0].address)
                 mx_ptr_domain = extractor(
                     mx_ptr[0].target.to_text().lower()
-                ).registered_domain
+                ).top_domain_under_public_suffix
                 all_mx_domains.add(mx_ptr_domain)
 
         # combine both sets
diff --git a/warehouse/admin/views/prohibited_email_domains.py b/warehouse/admin/views/prohibited_email_domains.py
index 73c4d9852aee..d03dfa4ba238 100644
--- a/warehouse/admin/views/prohibited_email_domains.py
+++ b/warehouse/admin/views/prohibited_email_domains.py
@@ -69,7 +69,7 @@ def add_prohibited_email_domain(request):
         raise HTTPSeeOther(request.route_path("admin.prohibited_email_domains.list"))
     # validate that the domain is valid
     extractor = TLDExtract(suffix_list_urls=())  # Updated during image build
-    registered_domain = extractor(email_domain).registered_domain
+    registered_domain = extractor(email_domain).top_domain_under_public_suffix
     if not registered_domain:
         request.session.flash(f"Invalid domain name '{email_domain}'", queue="error")
         raise HTTPSeeOther(request.route_path("admin.prohibited_email_domains.list"))