ICANN Contractual Compliance’s enforcement of DNS Abuse requirements for February 2026
DNS Abuse Complaints Received Against Registrars
Monthly Average of Complaints Received by DNS Abuse Type
One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.
This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.
Due to rounding, percentages may not always appear to add up to 100%.
Monthly Trend of Complaints Received by DNS Abuse Type
Monthly Detail of Complaints Received by DNS Abuse Type
| DNS Abuse Type | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RAA: Phishing | 294 | 287 | 375 | 854 | 699 | 376 | 504 | 837 | 634 | 855 | 337 | 555 | 551 |
| DNS Abuse RAA: Malware | 28 | 72 | 104 | 57 | 43 | 71 | 114 | 64 | 73 | 65 | 60 | 63 | 68 |
| DNS Abuse RAA: Botnets | 12 | 25 | 25 | 12 | 12 | 19 | 43 | 19 | 23 | 26 | 30 | 17 | 22 |
| DNS Abuse RAA: Pharming | 23 | 26 | 28 | 35 | 24 | 40 | 49 | 37 | 37 | 52 | 21 | 40 | 34 |
| DNS Abuse RAA: Spam (vector) | 77 | 95 | 111 | 104 | 91 | 134 | 131 | 105 | 99 | 106 | 85 | 85 | 102 |
| Total | 434 | 505 | 643 | 1,062 | 869 | 640 | 841 | 1,062 | 866 | 1,104 | 533 | 760 | 777 |
DNS Abuse RAA: Phishing
DNS Abuse RAA: Botnets
DNS Abuse RAA: Spam (vector)
DNS Abuse RAA: Malware
DNS Abuse RAA: Pharming
Number of Compliance Notifications Sent to Registrars Under DNS Abuse Requirements by DNS Abuse Type
| DNS Abuse Type | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RAA: Phishing | |||||||||||||
| 1st Inquiry/Notice | 17 | 17 | 20 | 20 | 10 | 19 | 12 | 25 | 8 | 11 | 16 | 13 | 15.7 |
| 2nd Inquiry/Notice | 5 | 1 | 5 | 4 | 2 | 3 | 1 | 4 | 1 | 2 | 1 | 4 | 2.8 |
| 3rd Inquiry/Notice | 3 | 1 | - | 2 | 1 | 1 | 1 | - | - | - | - | - | 0.8 |
| Escalated Notice | - | 1 | - | 3 | 1 | - | - | 3 | 2 | - | 2 | - | 1.0 |
| Breach Notice | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RAA: Malware | |||||||||||||
| 1st Inquiry/Notice | - | - | 7 | 3 | 1 | - | - | 1 | 1 | - | 3 | 1 | 1.4 |
| 2nd Inquiry/Notice | - | - | 1 | 1 | - | 1 | - | - | - | - | - | - | 0.3 |
| 3rd Inquiry/Notice | - | - | - | 1 | - | - | 1 | - | - | - | - | - | 0.2 |
| Escalated Notice | - | - | - | 1 | - | - | - | - | - | - | - | 1 | 0.2 |
| Breach Notice | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RAA: Botnets | |||||||||||||
| 1st Inquiry/Notice | - | - | 1 | 1 | - | - | - | 1 | - | - | 3 | - | 0.5 |
| 2nd Inquiry/Notice | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RAA: Pharming | |||||||||||||
| 1st Inquiry/Notice | 2 | 2 | 1 | 1 | 2 | - | - | 1 | - | - | 1 | 1 | 0.9 |
| 2nd Inquiry/Notice | 1 | - | - | - | - | - | - | 1 | - | - | - | - | 0.2 |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| Breach Notice | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RAA: Spam (vector) | |||||||||||||
| 1st Inquiry/Notice | 1 | 1 | 2 | 4 | 1 | 3 | - | 3 | 1 | 1 | 1 | 1 | 1.6 |
| 2nd Inquiry/Notice | 1 | - | 1 | 1 | - | - | - | - | - | - | - | - | 0.3 |
| 3rd Inquiry/Notice | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| Escalated Notice | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| Breach Notice | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.
Number of Compliance Notifications Sent to Registrars under 3.18.3 of the RAA
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction
| DNS Abuse Type | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Abuse Report RAA provision: under 3.18.3 RAA | |||||||||||||
| 1st Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 2nd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Suspension Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
DNS Abuse RAA: Phishing Average Closed Per Month
DNS Abuse RAA: Malware Average Closed Per Month
DNS Abuse RAA: Botnets Average Closed Per Month
DNS Abuse RAA: Pharming Average Closed Per Month
DNS Abuse RAA: Spam (vector) Average Closed Per Month
| Reasons why cases were resolved - action taken by the registrar or reasons why no action was taken | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RAA: Phishing | |||||||||||||
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | 11 | 9 | 10 | 11 | 11 | 11 | 12 | 6 | 6 | 9 | 11 | 11 | 9.8 |
| The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | 7 | 6 | 2 | 2 | 1 | 4 | 1 | 7 | 4 | 3 | 6 | 1 | 3.7 |
| The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | 1 | - | 1 | - | - | 2 | - | - | - | - | 0.3 |
| The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | - | - | - | - | 1 | 2 | 1 | - | - | - | 0.3 |
| The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | 1 | - | - | 1 | - | - | - | - | - | 1 | - | - | 0.3 |
| The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | - | - | - | - | 1 | - | - | 1 | - | - | - | 0.2 |
| The matter has been withdrawn due to an ICANN issue. | 1 | - | - | - | - | - | 1 | - | - | - | - | - | 0.2 |
| The registrar requested the registrant and/or reseller to act on an abusive activity. This is an appropriate mitigation action to disrupt the use of the domain name for DNS Abuse. | - | - | - | - | - | - | - | 1 | - | - | - | - | 0.1 |
| The registrar demonstrated compliance. | - | - | - | - | - | - | - | 1 | - | - | - | - | 0.1 |
| The registrar published the required abuse contact. This contact provides a confirmation receipt to any party submitting an abuse report. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RAA: Phishing Total | 20 | 15 | 13 | 14 | 13 | 16 | 15 | 19 | 13 | 13 | 17 | 12 | 15.0 |
| DNS Abuse RAA: Malware | |||||||||||||
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | - | 1 | 2 | 1 | - | 1 | - | - | 1 | 1 | 1 | 0.7 |
| The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | 1 | - | - | - | - | - | - | 1 | - | - | - | - | 0.2 |
| The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RAA: Malware Total | 1 | - | 1 | 2 | 1 | - | 1 | 1 | 1 | 1 | 1 | 1 | 0.9 |
| DNS Abuse RAA: Botnets | |||||||||||||
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | - | - | 1 | - | - | - | 1 | - | - | - | - | 0.2 |
| DNS Abuse RAA: Botnets Total | - | - | - | 1 | - | - | - | 1 | - | - | - | - | 0.2 |
| DNS Abuse RAA: Pharming | |||||||||||||
| The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | 1 | - | 1 | - | 1 | - | - | - | - | - | - | 1 | 0.3 |
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | 1 | - | - | 1 | - | - | - | - | - | - | - | 0.2 |
| The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | - | - | - | - | 1 | - | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Pharming Total | 1 | 1 | 1 | 1 | 2 | 1 | - | - | - | - | - | 1 | 0.7 |
| DNS Abuse RAA: Spam (Vector) | |||||||||||||
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | - | 1 | 3 | 1 | 1 | 1 | 1 | - | 1 | 2 | - | 0.9 |
| The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse. | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report. | - | - | - | - | - | 1 | - | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Spam (Vector) Total | - | - | 1 | 4 | 1 | 2 | 1 | 1 | 1 | 1 | 2 | - | 1.2 |
| Grand Total | 22 | 16 | 16 | 22 | 17 | 19 | 17 | 22 | 15 | 15 | 20 | 14 | 17.9 |
Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction
| DNS Abuse Type / Resolved Code | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Abuse Report RAA provision: under 3.18.3 RAA | |||||||||||||
| - | - | - | - | - | - | - | - | - | - | - | - | - | |
| Abuse Report RAA provision: under 3.18.3 RAA Total | - | - | - | - | - | - | - | - | - | - | - | - | - |
DNS Abuse cases resolved with registrars involving maliciously registered vs. compromised domains
| MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RAA: Maliciously Registered Domain | 12 | 9 | 9 | 12 | 8 | 11 | 12 | 9 | 5 | 10 | 11 | 12 | 10 |
| DNS Abuse RAA: Compromised Domain | - | - | 2 | 1 | 3 | - | - | 2 | 1 | - | - | - | 1 |
| Grand Total | 12 | 9 | 11 | 13 | 11 | 11 | 12 | 11 | 6 | 10 | 11 | 12 | 11 |
Invalid or Unactionable Complaints Received Against Registrars by DNS Abuse Type
| Reason why complaint was deemed invalid | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RAA: Phishing | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 122 | 102 | 118 | 72 | 62 | 164 | 428 | 195 | 145 | 115 | 154 | 280 | 163.1 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 70 | 83 | 87 | 189 | 332 | 95 | 142 | 119 | 30 | 177 | 195 | 102 | 135.1 |
| The complaint is out of scope because the complainant did not provide the requested information. | 52 | 68 | 71 | 77 | 68 | 50 | 66 | 58 | 40 | 33 | 36 | 51 | 55.8 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 28 | 20 | 39 | 62 | 42 | 32 | 55 | 21 | 34 | 46 | 17 | 27 | 35.3 |
| The complaint is out of scope because it is a duplicate of an open complaint. | 7 | 6 | 8 | 39 | 23 | 21 | 16 | 9 | 2 | 2 | 3 | 6 | 11.8 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | 2 | 3 | 1 | - | 72 | 10 | 4 | 3 | 2 | 4 | 1 | 10 | 9.3 |
| The complaint is out of scope because the domain is not registered. | 5 | 4 | 1 | 13 | - | 3 | 1 | 1 | - | - | - | - | 2.3 |
| The domain is suspended and suspension is a reasonable response to the abuse report. | 2 | - | 1 | - | 1 | 7 | 3 | - | - | - | - | - | 1.2 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | 2 | - | - | - | 1 | - | - | 1 | 1 | - | 0.4 |
| The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | - | - | - | 1 | 2 | 1 | - | - | - | - | 0.3 |
| The complaint is out of scope because it is incomplete or broad. | - | - | - | - | 1 | 1 | - | 1 | - | - | - | - | 0.3 |
| The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse. | - | - | - | - | - | - | 2 | - | - | - | - | - | 0.2 |
| The required abuse contact is displayed on the contracted party’s website and/or other designated place. | - | - | - | - | - | - | - | 1 | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Phishing Total | 288 | 286 | 328 | 452 | 601 | 384 | 721 | 409 | 253 | 378 | 407 | 476 | 415.3 |
| DNS Abuse RAA: Malware | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 17 | 26 | 36 | 18 | 9 | 27 | 55 | 54 | 13 | 11 | 10 | 15 | 24.3 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 5 | 9 | 15 | 11 | 20 | 7 | 18 | 11 | - | 4 | 5 | 8 | 9.4 |
| The complaint is out of scope because the complainant did not provide the requested information. | 8 | 9 | 7 | 24 | 19 | 7 | 5 | 6 | 4 | 4 | 9 | 6 | 9.0 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 6 | 5 | 7 | 3 | 8 | 11 | 14 | 7 | 11 | 15 | 4 | 5 | 8.0 |
| The complaint is out of scope because it is a duplicate of an open complaint. | 4 | 1 | 2 | 1 | - | 2 | 3 | 1 | 2 | - | - | 1 | 1.4 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | 1 | 3 | 1 | 3 | 1 | - | 1 | - | 1 | 1.0 |
| The complaint is out of scope because the domain is not registered. | 2 | - | - | 5 | - | - | - | - | - | - | - | - | 0.6 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | 2 | - | - | - | - | - | - | 1 | - | - | 0.3 |
| The domain is suspended and suspension is a reasonable response to the abuse report. | 2 | - | - | - | - | - | - | - | - | - | - | - | 0.2 |
| The complaint is out of scope because it is incomplete or broad. | - | - | - | - | - | 1 | - | 1 | - | - | - | - | 0.2 |
| The complaint will not be addressed because it contains offensive and/or abusive language. | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Malware Total | 44 | 50 | 71 | 63 | 59 | 56 | 99 | 81 | 30 | 36 | 28 | 36 | 54.4 |
| DNS Abuse RAA: Botnets | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 7 | 13 | 11 | 3 | 3 | 6 | 19 | 17 | 3 | 4 | 5 | 7 | 8.2 |
| The complaint is out of scope because the complainant did not provide the requested information. | 2 | 4 | 6 | 10 | 4 | 5 | - | 2 | - | 2 | 4 | 1 | 3.3 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 1 | 1 | 2 | 1 | 3 | 3 | 5 | 1 | 4 | 10 | 2 | - | 2.8 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | 4 | - | 6 | 2 | 3 | 4 | - | - | 3 | - | 1.9 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | - | 1 | 1 | - | - | - | - | - | 1 | 0.3 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | - | 1 | - | - | - | 1 | - | - | - | - | 1 | 0.3 |
| The domain is suspended and suspension is a reasonable response to the abuse report. | 1 | - | - | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is incomplete or broad. | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | 1 | - | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Botnets Total | 11 | 20 | 25 | 14 | 18 | 17 | 29 | 24 | 7 | 16 | 14 | 10 | 17.1 |
| DNS Abuse RAA: Pharming | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 15 | 12 | 7 | 10 | 2 | 12 | 25 | 18 | 6 | 8 | 5 | 10 | 10.8 |
| The complaint is out of scope because the complainant did not provide the requested information. | 10 | 9 | 2 | 11 | 6 | 9 | 4 | 6 | 5 | 3 | 2 | 3 | 5.8 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 4 | 6 | 4 | 6 | 3 | 5 | 8 | 8 | - | 1 | 4 | 3 | 4.3 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 3 | 1 | 4 | 2 | 4 | 4 | 4 | 5 | 3 | 11 | 3 | 5 | 4.1 |
| The complaint is out of scope because it is a duplicate of an open complaint. | 5 | - | 1 | 2 | - | - | 3 | - | 2 | - | - | - | 1.1 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | 1 | - | 2 | 1 | - | 1 | 1 | - | - | 0.6 |
| The domain is suspended and suspension is a reasonable response to the abuse report. | 2 | - | - | - | - | 3 | - | - | - | - | - | - | 0.4 |
| The complaint is out of scope because the domain is not registered. | 1 | 2 | - | - | - | - | - | - | - | - | - | - | 0.3 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Pharming Total | 40 | 30 | 19 | 32 | 15 | 35 | 46 | 37 | 17 | 24 | 14 | 21 | 27.5 |
| DNS Abuse RAA: Spam (Vector) | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 37 | 51 | 52 | 32 | 15 | 38 | 72 | 74 | 18 | 23 | 17 | 25 | 37.8 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 14 | 12 | 16 | 22 | 25 | 23 | 40 | 22 | 4 | 6 | 10 | 17 | 17.6 |
| The complaint is out of scope because the complainant did not provide the requested information. | 15 | 17 | 17 | 16 | 17 | 11 | 19 | 17 | 8 | 4 | 12 | 10 | 13.6 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 9 | 12 | 13 | 11 | 13 | 14 | 12 | 7 | 10 | 21 | 6 | 8 | 11.3 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | - | 5 | 5 | 4 | 2 | 1 | - | 3 | 6 | 2.3 |
| The complaint is out of scope because it is a duplicate of an open complaint. | 1 | 1 | 1 | - | - | 2 | 2 | 1 | 2 | - | 1 | - | 0.9 |
| The complaint is out of scope because the domain is not registered. | 3 | 2 | - | 4 | - | - | - | 1 | - | - | - | - | 0.8 |
| The domain is suspended and suspension is a reasonable response to the abuse report. | 2 | - | 1 | - | - | 2 | - | - | - | - | - | - | 0.4 |
| The complaint is out of scope because it is incomplete or broad. | 1 | 1 | - | - | - | 1 | - | - | - | - | - | - | 0.3 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | 2 | - | - | - | - | - | 0.2 |
| The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | - | - | - | - | 1 | - | - | - | 1 | - | 0.2 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | - | - | - | 1 | - | - | - | - | 0.1 |
| The complaint will not be addressed because it contains offensive and/or abusive language. | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| DNS Abuse RAA: Spam (Vector) Total | 82 | 96 | 102 | 85 | 75 | 96 | 152 | 125 | 43 | 54 | 50 | 66 | 85.5 |
| Grand Total | 465 | 482 | 545 | 646 | 768 | 588 | 1,047 | 676 | 350 | 508 | 513 | 609 | 599.8 |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.
DNS Abuse Complaints Received Against Registry Operators
Monthly Average of Complaints Received by DNS Abuse Type
One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.
This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.
Due to rounding, percentages may not always appear to add up to 100%.
Monthly Trend of Complaints Received by DNS Abuse Type
Monthly Detail of Complaints Received by DNS Abuse Type
| DNS Abuse Type | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RA: Phishing | 42 | 27 | 37 | 24 | 31 | 29 | 34 | 18 | 30 | 33 | 23 | 17 | 29 |
| DNS Abuse RA: Malware | 13 | 10 | 13 | 5 | 10 | 14 | 12 | 2 | 11 | 15 | 12 | 2 | 10 |
| DNS Abuse RA: Botnets | 3 | 4 | 3 | 3 | 5 | 11 | 5 | - | 4 | 7 | 5 | - | 4 |
| DNS Abuse RA: Pharming | 8 | 9 | 8 | 4 | 6 | 11 | 10 | 2 | 7 | 10 | 7 | 5 | 7 |
| DNS Abuse RA: Spam (vector) | 19 | 14 | 23 | 12 | 20 | 18 | 17 | 9 | 15 | 16 | 16 | 11 | 16 |
| Total | 85 | 64 | 84 | 48 | 72 | 83 | 78 | 31 | 67 | 81 | 63 | 35 | 66 |
DNS Abuse RA: Phishing
DNS Abuse RA: Botnets
DNS Abuse RA: Spam (vector)
DNS Abuse RA: Malware
DNS Abuse RA: Pharming
Number of Compliance Notifications Sent to Registry Operators Under DNS Abuse Requirements by DNS Abuse Type
| DNS Abuse Type | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RA: Phishing | |||||||||||||
| 1st Inquiry/Notice | - | 2 | 3 | - | 2 | 1 | - | 2 | 1 | - | - | - | 0.9 |
| 2nd Inquiry/Notice | - | 1 | - | - | - | - | - | - | - | - | - | - | 0.1 |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RA: Malware | |||||||||||||
| 1st Inquiry/Notice | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| 2nd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RA: Botnets | |||||||||||||
| 1st Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 2nd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RA: Pharming | |||||||||||||
| 1st Inquiry/Notice | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| 2nd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| DNS Abuse RA: Spam (vector) | |||||||||||||
| 1st Inquiry/Notice | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| 2nd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 3rd Inquiry/Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Escalated Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Breach Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Termination Notice | - | - | - | - | - | - | - | - | - | - | - | - | - |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.
Monthly Detail of Reasons for Resolving Cases with Registry Operators by DNS Abuse Type
DNS Abuse RA: Phishing Average Closed Per Month
DNS Abuse RA: Malware Average Closed Per Month
DNS Abuse RA: Botnets Average Closed Per Month
DNS Abuse RA: Pharming Average Closed Per Month
DNS Abuse RA: Spam (vector) Average Closed Per Month
| Reasons why cases were resolved - action taken by the registry or reasons why no action was taken | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RA: Phishing | |||||||||||||
| The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse. | - | - | - | 1 | 1 | 1 | - | 1 | - | - | - | - | 0.3 |
| The registry published the required abuse contact. This contact provides a confirmation receipt to any party submitting an abuse report. | - | - | - | - | - | - | - | - | 2 | - | - | - | 0.2 |
| The registry referred the domain and evidence to the sponsoring registrar. This is an appropriate mitigation action to contribute to disrupting the use of the domain name for DNS Abuse. | - | - | - | - | - | - | - | 1 | - | - | - | - | 0.1 |
| The registry corrected its noncompliance. | - | - | - | 1 | - | - | - | - | - | - | - | - | 0.1 |
| The registry referred the domain and evidence to the sponsoring registrar. The registrar then took action that resulted in the abusive activity being stopped. The registry took appropriate mitigation action to contribute to disrupting the use of the domain name for DNS Abuse. | - | - | - | - | - | 1 | - | - | - | - | - | - | 0.1 |
| DNS Abuse RA: Phishing Total | - | - | - | 2 | 1 | 2 | - | 2 | 2 | - | - | - | 0.8 |
| Grand Total | - | - | - | 2 | 1 | 2 | - | 2 | 2 | - | - | - | 0.8 |
DNS Abuse cases resolved with registry operators involving maliciously registered vs. compromised domains
| MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RA: Maliciously Registered Domain | - | - | - | 1 | 1 | 2 | - | 2 | - | - | - | - | 0.5 |
| DNS Abuse RA: Compromised Domain | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Grand Total | - | - | - | 1 | 1 | 2 | - | 2 | - | - | - | - | 0.5 |
Invalid or Unactionable Complaints Received Against Registry Operators by DNS Abuse Type
| Reason why complaint was deemed invalid | MAR 2025 | APR 2025 | MAY 2025 | JUN 2025 | JUL 2025 | AUG 2025 | SEP 2025 | OCT 2025 | NOV 2025 | DEC 2025 | JAN 2026 | FEB 2026 | Average |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DNS Abuse RA: Phishing | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 26 | 14 | 14 | 19 | 16 | 10 | 25 | 12 | 13 | 15 | 23 | 9 | 16.3 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 7 | 2 | 3 | 3 | 8 | 7 | 2 | 1 | 7 | 9 | 2 | 3 | 4.5 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 2 | 5 | 15 | 1 | - | 1 | 6 | 4 | - | 2 | 3 | 1 | 3.3 |
| The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | 2 | 1 | - | - | - | 1 | 1 | 4 | - | - | - | 0.8 |
| The complaint is out of scope because the complainant did not provide the requested information. | 3 | - | - | - | - | - | 2 | - | 1 | - | - | - | 0.5 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | 1 | 1 | 1 | - | 1 | - | 1 | - | - | - | 0.4 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | 2 | - | - | 2 | - | 1 | - | - | - | - | - | 0.4 |
| The complaint is out of scope because the domain is not registered. | - | 1 | - | - | 1 | - | - | - | - | - | 1 | - | 0.3 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | 1 | - | - | - | - | - | 1 | - | - | - | 0.2 |
| The reported activity is not DNS Abuse (phishing, pharming, botnets, malware or spam as a delivery mechanism for the other four types of DNS Abuse.) Therefore, DNS Abuse requirements are not applicable. | - | - | - | - | - | - | - | 2 | - | - | - | - | 0.2 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is not about an ICANN contracted party. | - | - | - | - | - | - | - | - | - | - | 1 | - | 0.1 |
| DNS Abuse RA: Phishing Total | 38 | 26 | 35 | 24 | 29 | 18 | 38 | 20 | 27 | 26 | 30 | 13 | 27.0 |
| DNS Abuse RA: Malware | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 9 | 7 | 4 | 5 | 6 | 4 | 15 | 1 | 8 | 7 | 12 | 1 | 6.6 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 2 | - | 1 | - | 3 | 2 | 1 | - | 1 | 3 | 2 | 1 | 1.3 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 1 | 3 | 7 | - | - | 1 | - | - | - | - | - | - | 1.0 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | - | - | - | - | 1 | 1 | - | - | - | - | 0.2 |
| The complaint is out of scope because the domain is not registered. | - | 1 | - | - | - | - | - | - | - | - | 1 | - | 0.2 |
| The complaint is out of scope because the complainant did not provide the requested information. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | - | - | - | 1 | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RA: Malware Total | 12 | 11 | 12 | 5 | 10 | 8 | 17 | 2 | 11 | 10 | 15 | 2 | 9.6 |
| DNS Abuse RA: Botnets | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 2 | 4 | 1 | 3 | 3 | 3 | 9 | - | 3 | 2 | 6 | - | 3.0 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | - | - | 1 | - | 1 | 2 | 1 | - | - | 2 | - | - | 0.6 |
| The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because customer service issues are outside of ICANN's contractual authority. | - | - | - | - | - | - | - | - | - | 1 | - | - | 0.1 |
| The complaint is out of scope because the domain is not registered. | - | 1 | - | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| The required abuse contact is displayed on the contracted party’s website and/or other designated place. | - | - | - | - | - | - | - | - | - | - | 1 | - | 0.1 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | - | - | - | 1 | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RA: Botnets Total | 2 | 5 | 3 | 3 | 5 | 5 | 11 | - | 4 | 5 | 7 | - | 4.2 |
| DNS Abuse RA: Pharming | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 7 | 5 | 5 | 2 | 4 | 4 | 13 | 2 | 3 | 4 | 10 | 3 | 5.2 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | - | 1 | 2 | 2 | 1 | 1 | 1 | - | 1 | - | - | - | 0.8 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | - | 1 | - | - | - | - | - | - | - | 1 | 1 | - | 0.3 |
| The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | 2 | - | - | - | - | - | - | 1 | - | - | - | 0.3 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | - | - | - | 1 | - | 1 | - | - | - | - | - | 0.2 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | - | - | - | - | 1 | - | - | - | - | - | 0.1 |
| The complaint is out of scope because the domain is not registered. | - | 1 | - | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RA: Pharming Total | 7 | 10 | 7 | 4 | 6 | 5 | 16 | 2 | 6 | 5 | 11 | 3 | 6.8 |
| DNS Abuse RA: Spam (Vector) | |||||||||||||
| The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry. | 10 | 10 | 10 | 11 | 15 | 9 | 17 | 7 | 10 | 10 | 12 | 5 | 10.5 |
| The complaint is out of scope because it is regarding a country-code top-level domain. | 6 | - | 3 | - | 4 | 1 | 2 | - | 3 | 3 | 2 | 3 | 2.3 |
| The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse. | 1 | 4 | 7 | 1 | - | 1 | 2 | 1 | - | 1 | 2 | - | 1.7 |
| The complaint is out of scope because it is a duplicate of an open complaint. | - | - | - | - | 1 | - | - | - | - | - | 2 | - | 0.3 |
| The complaint is out of scope because it is a duplicate of a closed complaint. | - | - | - | - | - | - | 1 | 1 | - | - | - | - | 0.2 |
| The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case. | - | - | 1 | - | 1 | - | - | - | - | - | - | - | 0.2 |
| The complaint is out of scope because ICANN does not process complaints regarding website content. | - | - | - | - | - | 1 | - | 1 | - | - | - | - | 0.2 |
| The complaint is out of scope because the domain is not registered. | - | 1 | - | - | - | - | - | - | - | - | - | - | 0.1 |
| The reported activity is not DNS Abuse (phishing, pharming, botnets, malware or spam as a delivery mechanism for the other four types of DNS Abuse.) Therefore, DNS Abuse requirements are not applicable. | - | - | 1 | - | - | - | - | - | - | - | - | - | 0.1 |
| The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority. | - | - | - | - | - | - | - | - | 1 | - | - | - | 0.1 |
| DNS Abuse RA: Spam (Vector) Total | 17 | 15 | 22 | 12 | 21 | 12 | 22 | 10 | 14 | 14 | 18 | 8 | 15.4 |
| Grand Total | 76 | 67 | 79 | 48 | 71 | 48 | 104 | 34 | 62 | 60 | 81 | 26 | 63.0 |
One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.