ICANN Contractual Compliance’s enforcement of DNS Abuse requirements for May 2024

DNS Abuse Complaints Received Against Registrars

Monthly Average of Complaints Received by DNS Abuse Type

One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.

This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.

Due to rounding, percentages may not always appear to add up to 100%.

Monthly Trend of Complaints Received by DNS Abuse Type

Monthly Detail of Complaints Received by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing608287448
DNS Abuse RAA: Malware35438196
DNS Abuse RAA: Botnets32418171
DNS Abuse RAA: Pharming36072216
DNS Abuse RAA: Spam (vector)46599282
Total2,1115141,313

DNS Abuse RAA: Phishing

DNS Abuse RAA: Botnets

DNS Abuse RAA: Spam (vector)

DNS Abuse RAA: Malware

DNS Abuse RAA: Pharming

Number of Compliance Notifications Sent to Registrars Under DNS Abuse Requirements by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
1st Inquiry/Notice183325.5
2nd Inquiry/Notice-73.5
3rd Inquiry/Notice-10.5
Escalated Notice111.0
Breach Notice---
Suspension Notice---
Termination Notice---
DNS Abuse RAA: Malware
1st Inquiry/Notice211.5
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Suspension Notice---
Termination Notice---
DNS Abuse RAA: Botnets
1st Inquiry/Notice1-0.5
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Suspension Notice---
Termination Notice---
DNS Abuse RAA: Pharming
1st Inquiry/Notice264.0
2nd Inquiry/Notice-10.5
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Suspension Notice---
Termination Notice---
DNS Abuse RAA: Spam (vector)
1st Inquiry/Notice735.0
2nd Inquiry/Notice-21.0
3rd Inquiry/Notice---
Escalated Notice1-0.5
Breach Notice---
Suspension Notice---
Termination Notice---

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.

Number of Compliance Notifications Sent to Registrars under 3.18.3 of the RAA
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
Abuse Report RAA provision: under 3.18.3 RAA
1st Inquiry/Notice---
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Suspension Notice---
Termination Notice---

Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type

DNS Abuse RAA: Phishing Average Closed Per Month

DNS Abuse RAA: Malware Average Closed Per Month

DNS Abuse RAA: Botnets Average Closed Per Month

DNS Abuse RAA: Pharming Average Closed Per Month

DNS Abuse RAA: Spam (vector) Average Closed Per Month

Reasons why cases were resolved - action taken by the registrar or reasons why no action was taken APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.2179.5
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.354.0
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-42.0
The domain is suspended and suspension is a reasonable response to the abuse report.111.0
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-10.5
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-10.5
DNS Abuse RAA: Phishing Total62917.5
DNS Abuse RAA: Malware
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.-10.5
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-10.5
DNS Abuse RAA: Malware Total-21.0
DNS Abuse RAA: Botnets
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-10.5
DNS Abuse RAA: Botnets Total-10.5
DNS Abuse RAA: Pharming
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.1-0.5
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.1-0.5
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-10.5
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-10.5
DNS Abuse RAA: Pharming Total222.0
DNS Abuse RAA: Spam (Vector)
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.142.5
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-21.0
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.1-0.5
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-10.5
DNS Abuse RAA: Spam (Vector) Total274.5
Grand Total104125.5

Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction

DNS Abuse Type / Resolved Code APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
Abuse Report RAA provision: under 3.18.3 RAA
---
Abuse Report RAA provision: under 3.18.3 RAA Total---

DNS Abuse cases resolved with registrars involving maliciously registered vs. compromised domains

APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Maliciously Registered Domain31610
DNS Abuse RAA: Compromised Domain111
Grand Total41711

Invalid or Unactionable Complaints Received Against Registrars by DNS Abuse Type

Reason why complaint was deemed invalid APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
The complaint is out of scope because it is a duplicate of an open complaint.2868147
The complaint is out of scope because it is regarding a country-code top-level domain.432233
The complaint is out of scope because the complainant did not provide the requested information.134228
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.272526
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.14322
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.112217
The domain is suspended and suspension is a reasonable response to the abuse report.635
The complaint is out of scope because the domain is not registered.222
The complaint is out of scope because it is a duplicate of a closed complaint.111
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority.-11
DNS Abuse RAA: Phishing Total390169280
DNS Abuse RAA: Malware
The complaint is out of scope because it is a duplicate of an open complaint.286-143
The complaint is out of scope because it is regarding a country-code top-level domain.17210
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.16310
The complaint is out of scope because the complainant did not provide the requested information.566
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.434
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-53
The domain is suspended and suspension is a reasonable response to the abuse report.111
DNS Abuse RAA: Malware Total32920175
DNS Abuse RAA: Botnets
The complaint is out of scope because it is a duplicate of an open complaint.286-143
The complaint is out of scope because it is regarding a country-code top-level domain.18110
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.1026
The complaint is out of scope because the complainant did not provide the requested information.143
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.2-1
The domain is suspended and suspension is a reasonable response to the abuse report.1-1
DNS Abuse RAA: Botnets Total3187163
DNS Abuse RAA: Pharming
The complaint is out of scope because it is a duplicate of an open complaint.286-143
The complaint is out of scope because it is regarding a country-code top-level domain.26918
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.1248
The complaint is out of scope because the complainant did not provide the requested information.465
The complaint is out of scope because the domain is not registered.-32
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.111
The domain is suspended and suspension is a reasonable response to the abuse report.-11
DNS Abuse RAA: Pharming Total32924177
DNS Abuse RAA: Spam (Vector)
The complaint is out of scope because it is a duplicate of an open complaint.2863145
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-4724
The complaint is out of scope because it is regarding a country-code top-level domain.33720
The complaint is out of scope because the complainant did not provide the requested information.92015
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.161214
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.476
The domain is suspended and suspension is a reasonable response to the abuse report.5-3
The complaint is out of scope because the domain is not registered.222
The complaint is out of scope because it is a duplicate of a closed complaint.-21
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority.-11
DNS Abuse RAA: Spam (Vector) Total355101228
Grand Total1,7213211,021

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.

DNS Abuse Complaints Received Against Registry Operators

Monthly Average of Complaints Received by DNS Abuse Type

One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.

This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.

Due to rounding, percentages may not always appear to add up to 100%.

Monthly Trend of Complaints Received by DNS Abuse Type

Monthly Detail of Complaints Received by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing161717
DNS Abuse RA: Malware788
DNS Abuse RA: Botnets333
DNS Abuse RA: Pharming746
DNS Abuse RA: Spam (vector)91914
Total425147

DNS Abuse RA: Phishing

DNS Abuse RA: Botnets

DNS Abuse RA: Spam (vector)

DNS Abuse RA: Malware

DNS Abuse RA: Pharming

Number of Compliance Notifications Sent to Registry Operators Under DNS Abuse Requirements by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
1st Inquiry/Notice2-1.0
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice-10.5
Breach Notice---
Termination Notice---
DNS Abuse RA: Malware
1st Inquiry/Notice1-0.5
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Termination Notice---
DNS Abuse RA: Botnets
1st Inquiry/Notice---
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Termination Notice---
DNS Abuse RA: Pharming
1st Inquiry/Notice---
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Termination Notice---
DNS Abuse RA: Spam (vector)
1st Inquiry/Notice---
2nd Inquiry/Notice---
3rd Inquiry/Notice---
Escalated Notice---
Breach Notice---
Termination Notice---

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.

Monthly Detail of Reasons for Resolving Cases with Registry Operators by DNS Abuse Type

DNS Abuse RA: Phishing Average Closed Per Month

DNS Abuse RA: Malware Average Closed Per Month

DNS Abuse RA: Botnets Average Closed Per Month

DNS Abuse RA: Pharming Average Closed Per Month

DNS Abuse RA: Spam (vector) Average Closed Per Month

Reasons why cases were resolved - action taken by the registry or reasons why no action was taken APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
---
DNS Abuse RA: Phishing Total---
DNS Abuse RA: Malware
---
DNS Abuse RA: Malware Total---
DNS Abuse RA: Botnets
---
DNS Abuse RA: Botnets Total---
DNS Abuse RA: Pharming
---
DNS Abuse RA: Pharming Total---
DNS Abuse RA: Spam (Vector)
---
DNS Abuse RA: Spam (Vector) Total---
Grand Total---

DNS Abuse cases resolved with registry operators involving maliciously registered vs. compromised domains

APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Maliciously Registered Domain---
DNS Abuse RAA: Compromised Domain---
Grand Total---

Invalid or Unactionable Complaints Received Against Registry Operators by DNS Abuse Type

Reason why complaint was deemed invalid APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.4107
The complaint is out of scope because it is a duplicate of an open complaint.4-2
The complaint is out of scope because it is regarding a country-code top-level domain.-42
The reported TLD does not have Specification 6 in its registry agreement; therefore, DNS Abuse requirements are not applicable.-11
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-11
DNS Abuse RA: Phishing Total81612
DNS Abuse RA: Malware
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.174
The complaint is out of scope because it is a duplicate of an open complaint.3-2
The complaint is out of scope because the complainant did not provide the requested information.1-1
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-11
The complaint is out of scope because it is regarding a country-code top-level domain.-11
DNS Abuse RA: Malware Total597
DNS Abuse RA: Botnets
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.122
The complaint is out of scope because it is regarding a country-code top-level domain.-11
The complaint is out of scope because the complainant did not provide the requested information.1-1
The complaint is out of scope because it is a duplicate of an open complaint.1-1
DNS Abuse RA: Botnets Total333
DNS Abuse RA: Pharming
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.243
The complaint is out of scope because the complainant did not provide the requested information.-11
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.1-1
The complaint is out of scope because it is a duplicate of an open complaint.1-1
DNS Abuse RA: Pharming Total455
DNS Abuse RA: Spam (Vector)
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.2159
The complaint is out of scope because it is a duplicate of an open complaint.2-1
The complaint is out of scope because the complainant did not provide the requested information.1-1
The complaint is out of scope because ICANN is not a registrar.1-1
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-11
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.1-1
The complaint is out of scope because it is regarding a country-code top-level domain.-11
DNS Abuse RA: Spam (Vector) Total71712
Grand Total275039

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.