ICANN Contractual Compliance’s enforcement of DNS Abuse requirements for October 2024
DNS Abuse Complaints Received Against Registrars
Monthly Average of Complaints Received by DNS Abuse Type
One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.
This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.
Due to rounding, percentages may not always appear to add up to 100%.
Monthly Trend of Complaints Received by DNS Abuse Type
Monthly Detail of Complaints Received by DNS Abuse Type
DNS Abuse Type | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RAA: Phishing | 608 | 287 | 235 | 245 | 295 | 218 | 281 | 310 | |||||
DNS Abuse RAA: Malware | 354 | 38 | 24 | 36 | 37 | 24 | 58 | 82 | |||||
DNS Abuse RAA: Botnets | 324 | 18 | 8 | 12 | 18 | 7 | 18 | 58 | |||||
DNS Abuse RAA: Pharming | 360 | 72 | 33 | 42 | 31 | 21 | 39 | 85 | |||||
DNS Abuse RAA: Spam (vector) | 465 | 99 | 78 | 89 | 91 | 74 | 109 | 144 | |||||
Total | 2,111 | 514 | 378 | 424 | 472 | 344 | 505 | 678 |
DNS Abuse RAA: Phishing
DNS Abuse RAA: Botnets
DNS Abuse RAA: Spam (vector)
DNS Abuse RAA: Malware
DNS Abuse RAA: Pharming
Number of Compliance Notifications Sent to Registrars Under DNS Abuse Requirements by DNS Abuse Type
DNS Abuse Type | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RAA: Phishing | |||||||||||||
1st Inquiry/Notice | 18 | 33 | 23 | 26 | 24 | 37 | 29 | 27.1 | |||||
2nd Inquiry/Notice | - | 7 | 5 | 6 | 4 | 4 | 5 | 4.4 | |||||
3rd Inquiry/Notice | - | 1 | 1 | 3 | 1 | - | 1 | 1.0 | |||||
Escalated Notice | 1 | 1 | - | - | - | 2 | 3 | 1.0 | |||||
Breach Notice | - | - | - | - | - | 1 | - | 0.1 | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RAA: Malware | |||||||||||||
1st Inquiry/Notice | 2 | 1 | - | 3 | 3 | - | 4 | 1.9 | |||||
2nd Inquiry/Notice | - | - | - | 1 | 2 | 1 | 2 | 0.9 | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | 1 | - | - | 0.1 | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RAA: Botnets | |||||||||||||
1st Inquiry/Notice | 1 | - | - | 1 | 1 | 1 | 1 | 0.7 | |||||
2nd Inquiry/Notice | - | - | - | 1 | - | 2 | 1 | 0.6 | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RAA: Pharming | |||||||||||||
1st Inquiry/Notice | 2 | 6 | 2 | 2 | 1 | 1 | 2 | 2.3 | |||||
2nd Inquiry/Notice | - | 1 | - | 1 | 1 | - | 2 | 0.7 | |||||
3rd Inquiry/Notice | - | - | 1 | - | - | - | - | 0.1 | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RAA: Spam (vector) | |||||||||||||
1st Inquiry/Notice | 7 | 3 | 7 | 4 | 7 | 5 | 8 | 5.9 | |||||
2nd Inquiry/Notice | - | 2 | - | 1 | 1 | 2 | 1 | 1.0 | |||||
3rd Inquiry/Notice | - | - | 1 | - | - | - | 1 | 0.3 | |||||
Escalated Notice | 1 | - | - | - | - | - | - | 0.1 | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.
Number of Compliance Notifications Sent to Registrars under 3.18.3 of the RAA
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction
DNS Abuse Type | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Abuse Report RAA provision: under 3.18.3 RAA | |||||||||||||
1st Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Suspension Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - |
Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
DNS Abuse RAA: Phishing Average Closed Per Month
DNS Abuse RAA: Malware Average Closed Per Month
DNS Abuse RAA: Botnets Average Closed Per Month
DNS Abuse RAA: Pharming Average Closed Per Month
DNS Abuse RAA: Spam (vector) Average Closed Per Month
Reasons why cases were resolved - action taken by the registrar or reasons why no action was taken | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RAA: Phishing | |||||||||||||
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | 2 | 17 | 16 | 10 | 9 | 17 | 18 | 12.7 | |||||
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | 7 | 6 | 7 | 10 | 3 | 4.7 | |||||
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | 4 | 3 | - | 6 | - | 1.9 | |||||
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | - | - | 1 | 2 | 1 | - | 5 | 1.3 | |||||
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report. | 3 | 5 | - | - | - | 1 | - | 1.3 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | 4 | - | - | - | 1 | - | 0.7 | |||||
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | 1 | - | - | 1 | 3 | - | 0.7 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | 1 | 1 | - | - | - | - | - | 0.3 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Phishing Total | 6 | 29 | 28 | 21 | 18 | 38 | 26 | 23.7 | |||||
DNS Abuse RAA: Malware | |||||||||||||
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | 1 | - | - | 1 | 3 | 2 | 1.0 | |||||
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | - | 1 | - | - | - | 0.1 | |||||
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | 1 | - | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Malware Total | - | 2 | - | 1 | 1 | 3 | 2 | 1.3 | |||||
DNS Abuse RAA: Botnets | |||||||||||||
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | - | - | - | - | 2 | - | 0.3 | |||||
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | - | 1 | - | - | - | 0.1 | |||||
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | 1 | - | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Botnets Total | - | 1 | - | 1 | - | 2 | - | 0.6 | |||||
DNS Abuse RAA: Pharming | |||||||||||||
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | 1 | - | 1 | - | - | 1 | 1 | 0.6 | |||||
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | 1 | 1 | - | - | - | 0.3 | |||||
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | 1 | - | - | - | - | 0.1 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | 1 | - | - | - | - | - | 0.1 | |||||
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | - | - | - | 1 | - | - | - | 0.1 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | - | - | - | - | 0.1 | |||||
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report. | 1 | - | - | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Pharming Total | 2 | 2 | 3 | 2 | - | 1 | 1 | 1.6 | |||||
DNS Abuse RAA: Spam (Vector) | |||||||||||||
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | 1 | 4 | 5 | - | 2 | 5 | 5 | 3.1 | |||||
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | - | 2 | 1 | - | - | 0.4 | |||||
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | 1 | - | - | - | 2 | - | 0.4 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | 2 | - | - | - | - | - | 0.3 | |||||
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | 1 | 1 | - | - | - | 0.3 | |||||
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | - | - | - | 1 | - | - | 1 | 0.3 | |||||
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report. | 1 | - | - | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Spam (Vector) Total | 2 | 7 | 6 | 4 | 3 | 7 | 6 | 5.0 | |||||
Grand Total | 10 | 41 | 37 | 29 | 22 | 51 | 35 | 32.1 |
Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction
DNS Abuse Type / Resolved Code | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Abuse Report RAA provision: under 3.18.3 RAA | |||||||||||||
- | - | - | - | - | - | - | - | ||||||
Abuse Report RAA provision: under 3.18.3 RAA Total | - | - | - | - | - | - | - | - |
DNS Abuse cases resolved with registrars involving maliciously registered vs. compromised domains
APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RAA: Maliciously Registered Domain | 3 | 16 | 16 | 11 | 11 | 21 | 21 | 14 | |||||
DNS Abuse RAA: Compromised Domain | 1 | 1 | 5 | 4 | 2 | 6 | - | 3 | |||||
Grand Total | 4 | 17 | 21 | 15 | 13 | 27 | 21 | 17 |
Invalid or Unactionable Complaints Received Against Registrars by DNS Abuse Type
Reason why complaint was deemed invalid | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RAA: Phishing | |||||||||||||
The complaint is out of scope because the complainant did not provide the requested information. | 13 | 42 | 77 | 79 | 59 | 87 | 55 | 58.9 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 286 | 8 | 5 | 5 | 38 | 7 | 5 | 50.6 | |||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 27 | 25 | 49 | 64 | 32 | 83 | 63 | 49.0 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 11 | 22 | 45 | 64 | 47 | 49 | 56 | 42.0 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | 43 | 22 | 32 | 16 | 23 | 18 | 26 | 25.7 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | 1 | 43 | - | - | - | - | - | 6.3 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | 6 | 3 | 5 | 2 | 7 | 3 | - | 3.7 | |||||
The complaint is out of scope because the domain is not registered. | 2 | 2 | 3 | 5 | - | 5 | 2 | 2.7 | |||||
The complaint is out of scope because it is a duplicate of a closed complaint. | 1 | 1 | 2 | 3 | 3 | - | - | 1.4 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 4 | 5 | - | 1 | - | 1.4 | |||||
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | 1 | - | - | - | - | 2 | 0.4 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | 1 | 1 | - | - | 0.3 | |||||
The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | 1 | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is not about an ICANN contracted party. | - | - | 1 | 1 | - | - | - | 0.3 | |||||
The required abuse contact is displayed on the contracted party’s website and/or other designated place. | - | - | 1 | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Phishing Total | 390 | 169 | 225 | 245 | 210 | 253 | 210 | 243.1 | |||||
DNS Abuse RAA: Malware | |||||||||||||
The complaint is out of scope because it is a duplicate of an open complaint. | 286 | - | - | 1 | - | - | - | 41.0 | |||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 16 | 3 | 13 | 14 | 7 | 21 | 11 | 12.1 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 5 | 6 | 9 | 5 | 5 | 13 | 9 | 7.4 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | 17 | 2 | 4 | 3 | 2 | 2 | 6 | 5.1 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 4 | 3 | 7 | 4 | 3 | 3 | 5 | 4.1 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | 1 | 1 | 1 | - | 1 | 2 | - | 0.9 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | 5 | - | - | - | - | - | 0.7 | |||||
The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | 1 | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 2 | - | - | - | - | 0.3 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | 1 | - | - | 0.1 | |||||
DNS Abuse RAA: Malware Total | 329 | 20 | 37 | 27 | 19 | 41 | 32 | 72.1 | |||||
DNS Abuse RAA: Botnets | |||||||||||||
The complaint is out of scope because it is a duplicate of an open complaint. | 286 | - | - | 1 | - | - | - | 41.0 | |||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 10 | 2 | 9 | 3 | 4 | 10 | 5 | 6.1 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | 18 | 1 | - | 1 | 1 | 2 | 1 | 3.4 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 1 | 4 | 1 | 3 | - | 4 | 3 | 2.3 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 2 | - | 1 | 3 | 1 | - | 3 | 1.4 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | 1 | - | 1 | - | - | 1 | - | 0.4 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | 1 | - | - | 0.1 | |||||
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | 0.1 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 1 | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Botnets Total | 318 | 7 | 13 | 11 | 7 | 17 | 13 | 55.1 | |||||
DNS Abuse RAA: Pharming | |||||||||||||
The complaint is out of scope because it is a duplicate of an open complaint. | 286 | - | 4 | 1 | - | - | - | 41.6 | |||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 12 | 4 | 17 | 11 | 13 | 16 | 9 | 11.7 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 4 | 6 | 16 | 12 | 9 | 14 | 7 | 9.7 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | 26 | 9 | 5 | 3 | 4 | 2 | 4 | 7.6 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 1 | 1 | 5 | 12 | 3 | 3 | 7 | 4.6 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | - | 1 | 4 | - | 1 | 1 | - | 1.0 | |||||
The complaint is out of scope because the domain is not registered. | - | 3 | 2 | - | - | - | - | 0.7 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 2 | 1 | - | - | 1 | 0.6 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | 1 | - | - | 0.1 | |||||
The complaint is out of scope because it is not about an ICANN contracted party. | - | - | - | 1 | - | - | - | 0.1 | |||||
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | 0.1 | |||||
The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Pharming Total | 329 | 24 | 56 | 41 | 31 | 36 | 29 | 78.0 | |||||
DNS Abuse RAA: Spam (Vector) | |||||||||||||
The complaint is out of scope because it is a duplicate of an open complaint. | 286 | 3 | 2 | 1 | 2 | 1 | 2 | 42.4 | |||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 16 | 12 | 27 | 31 | 11 | 43 | 30 | 24.3 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 9 | 20 | 23 | 20 | 19 | 24 | 18 | 19.0 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 4 | 7 | 12 | 23 | 11 | 14 | 13 | 12.0 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | 33 | 7 | 10 | 5 | 10 | 11 | 5 | 11.6 | |||||
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | 47 | - | - | - | - | - | 6.7 | |||||
The domain is suspended and suspension is a reasonable response to the abuse report. | 5 | - | 1 | - | 2 | 3 | - | 1.6 | |||||
The complaint is out of scope because the domain is not registered. | 2 | 2 | 1 | - | - | - | 2 | 1.0 | |||||
The complaint is out of scope because it is a duplicate of a closed complaint. | - | 2 | 1 | 1 | 1 | - | 1 | 0.9 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 2 | 1 | - | 1 | 1 | 0.7 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | 1 | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | 1 | - | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is not about an ICANN contracted party. | - | - | 1 | 1 | - | - | - | 0.3 | |||||
The required abuse contact is displayed on the contracted party’s website and/or other designated place. | - | - | 1 | - | - | - | - | 0.1 | |||||
The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | 1 | - | - | - | - | 0.1 | |||||
DNS Abuse RAA: Spam (Vector) Total | 355 | 101 | 83 | 83 | 56 | 97 | 74 | 121.3 | |||||
Grand Total | 1,721 | 321 | 414 | 407 | 323 | 444 | 358 | 569.7 |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.
DNS Abuse Complaints Received Against Registry Operators
Monthly Average of Complaints Received by DNS Abuse Type
One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.
This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.
Due to rounding, percentages may not always appear to add up to 100%.
Monthly Trend of Complaints Received by DNS Abuse Type
Monthly Detail of Complaints Received by DNS Abuse Type
DNS Abuse Type | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RA: Phishing | 16 | 17 | 13 | 17 | 15 | 15 | 24 | 17 | |||||
DNS Abuse RA: Malware | 7 | 8 | 2 | 8 | 7 | 7 | 11 | 7 | |||||
DNS Abuse RA: Botnets | 3 | 3 | - | 2 | 1 | 6 | 4 | 3 | |||||
DNS Abuse RA: Pharming | 7 | 4 | 2 | 4 | 2 | 5 | 8 | 5 | |||||
DNS Abuse RA: Spam (vector) | 9 | 19 | 13 | 11 | 10 | 9 | 15 | 12 | |||||
Total | 42 | 51 | 30 | 42 | 35 | 42 | 62 | 43 |
DNS Abuse RA: Phishing
DNS Abuse RA: Botnets
DNS Abuse RA: Spam (vector)
DNS Abuse RA: Malware
DNS Abuse RA: Pharming
Number of Compliance Notifications Sent to Registry Operators Under DNS Abuse Requirements by DNS Abuse Type
DNS Abuse Type | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RA: Phishing | |||||||||||||
1st Inquiry/Notice | 2 | - | - | 2 | - | 1 | - | 0.7 | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | 1 | - | - | - | - | - | 0.1 | |||||
Breach Notice | - | - | - | 1 | - | - | - | 0.1 | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Malware | |||||||||||||
1st Inquiry/Notice | 1 | - | - | - | - | 2 | 1 | 0.6 | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Botnets | |||||||||||||
1st Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Pharming | |||||||||||||
1st Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Spam (vector) | |||||||||||||
1st Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
2nd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
3rd Inquiry/Notice | - | - | - | - | - | - | - | - | |||||
Escalated Notice | - | - | - | - | - | - | - | - | |||||
Breach Notice | - | - | - | - | - | - | - | - | |||||
Termination Notice | - | - | - | - | - | - | - | - |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.
Monthly Detail of Reasons for Resolving Cases with Registry Operators by DNS Abuse Type
DNS Abuse RA: Phishing Average Closed Per Month
DNS Abuse RA: Malware Average Closed Per Month
DNS Abuse RA: Botnets Average Closed Per Month
DNS Abuse RA: Pharming Average Closed Per Month
DNS Abuse RA: Spam (vector) Average Closed Per Month
Reasons why cases were resolved - action taken by the registry or reasons why no action was taken | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RA: Phishing | |||||||||||||
The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse. | - | - | - | 1 | 1 | 1 | - | 0.4 | |||||
DNS Abuse RA: Phishing Total | - | - | - | 1 | 1 | 1 | - | 0.4 | |||||
DNS Abuse RA: Malware | |||||||||||||
The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse. | - | - | - | - | 1 | 1 | 1 | 0.4 | |||||
DNS Abuse RA: Malware Total | - | - | - | - | 1 | 1 | 1 | 0.4 | |||||
DNS Abuse RA: Botnets | |||||||||||||
- | - | - | - | - | - | - | - | ||||||
DNS Abuse RA: Botnets Total | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Pharming | |||||||||||||
- | - | - | - | - | - | - | - | ||||||
DNS Abuse RA: Pharming Total | - | - | - | - | - | - | - | - | |||||
DNS Abuse RA: Spam (Vector) | |||||||||||||
- | - | - | - | - | - | - | - | ||||||
DNS Abuse RA: Spam (Vector) Total | - | - | - | - | - | - | - | - | |||||
Grand Total | - | - | - | 1 | 2 | 2 | 1 | 0.9 |
DNS Abuse cases resolved with registry operators involving maliciously registered vs. compromised domains
APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RA: Maliciously Registered Domain | - | - | - | 1 | 1 | 1 | 1 | 0.6 | |||||
DNS Abuse RA: Compromised Domain | - | - | - | - | - | - | - | - | |||||
Grand Total | - | - | - | 1 | 1 | 1 | 1 | 0.6 |
Invalid or Unactionable Complaints Received Against Registry Operators by DNS Abuse Type
Reason why complaint was deemed invalid | APR 2024 | MAY 2024 | JUN 2024 | JUL 2024 | AUG 2024 | SEP 2024 | OCT 2024 | NOV 2024 | DEC 2024 | JAN 2025 | FEB 2025 | MAR 2025 | Average |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DNS Abuse RA: Phishing | |||||||||||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 4 | 10 | 6 | 11 | 12 | 8 | 18 | 9.9 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | - | 4 | 1 | 3 | - | 1 | 6 | 2.1 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | 2 | 2 | 1 | 3 | 1.3 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 4 | - | - | - | - | 1 | - | 0.7 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | - | - | 1 | - | - | 1 | 1 | 0.4 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 1 | 1 | - | - | - | 0.3 | |||||
The complaint is out of scope because the domain is not registered. | - | - | - | 1 | - | - | - | 0.1 | |||||
The reported TLD does not have Specification 6 in its registry agreement; therefore, DNS Abuse requirements are not applicable. | - | 1 | - | - | - | - | - | 0.1 | |||||
The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | - | - | 1 | - | - | - | 0.1 | |||||
DNS Abuse RA: Phishing Total | 8 | 16 | 9 | 19 | 14 | 12 | 28 | 15.1 | |||||
DNS Abuse RA: Malware | |||||||||||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 1 | 7 | - | 5 | 3 | 4 | 9 | 4.1 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 3 | - | - | - | - | 1 | 1 | 0.7 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | 1 | 1 | - | 1 | 0.6 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | - | 1 | - | 2 | - | - | - | 0.4 | |||||
The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse. | - | - | - | - | - | - | 1 | 0.1 | |||||
The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | - | - | - | 1 | - | - | 0.1 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | 1 | - | - | 0.1 | |||||
The reported TLD does not have Specification 6 in its registry agreement; therefore, DNS Abuse requirements are not applicable. | - | - | 1 | - | - | - | - | 0.1 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 1 | - | - | - | - | - | - | 0.1 | |||||
DNS Abuse RA: Malware Total | 5 | 9 | 1 | 8 | 6 | 5 | 12 | 6.6 | |||||
DNS Abuse RA: Botnets | |||||||||||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 1 | 2 | - | 1 | 1 | 5 | 3 | 1.9 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | - | 1 | - | 1 | - | - | - | 0.3 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 1 | - | - | - | - | - | - | 0.1 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | - | - | 1 | 0.1 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | - | - | - | - | - | 1 | 0.1 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 1 | - | - | - | - | - | - | 0.1 | |||||
DNS Abuse RA: Botnets Total | 3 | 3 | - | 2 | 1 | 5 | 5 | 2.7 | |||||
DNS Abuse RA: Pharming | |||||||||||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 2 | 4 | 2 | 2 | 1 | 3 | 7 | 3.0 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 1 | - | - | - | - | 1 | - | 0.3 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | - | 1 | - | - | - | 1 | - | 0.3 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 1 | - | - | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | - | - | - | 1 | - | - | - | 0.1 | |||||
The complaint is out of scope because the domain is not registered. | - | - | - | 1 | - | - | - | 0.1 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | - | - | 1 | 0.1 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | - | 1 | - | - | - | 0.1 | |||||
DNS Abuse RA: Pharming Total | 4 | 5 | 2 | 5 | 1 | 5 | 9 | 4.4 | |||||
DNS Abuse RA: Spam (Vector) | |||||||||||||
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 2 | 15 | 8 | 9 | 6 | 4 | 12 | 8.0 | |||||
The complaint is out of scope because it is regarding a country-code top-level domain. | - | 1 | 1 | 2 | 2 | - | 2 | 1.1 | |||||
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | 2 | 1 | - | 2 | 0.9 | |||||
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | 1 | - | - | - | 1 | - | 2 | 0.6 | |||||
The complaint is out of scope because it is a duplicate of an open complaint. | 2 | - | - | - | - | 1 | - | 0.4 | |||||
The complaint is out of scope because the complainant did not provide the requested information. | 1 | - | - | - | - | - | 1 | 0.3 | |||||
The complaint is out of scope because it is incomplete or broad. | - | - | 1 | - | - | - | - | 0.1 | |||||
The complaint is out of scope because ICANN is not a registrar. | 1 | - | - | - | - | - | - | 0.1 | |||||
DNS Abuse RA: Spam (Vector) Total | 7 | 17 | 10 | 13 | 10 | 5 | 19 | 11.6 | |||||
Grand Total | 27 | 50 | 22 | 47 | 32 | 32 | 73 | 40.4 |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.