Reg, great idea.

 

Happy to contribute our data.

 

Over the 2025 period, Netcraft submitted 261,995 confirmed domains involved in Phishing activity to registrars and registries across the domain industry. This figure does not include the reports that were not valid. Of this figure, the vast majority has been actioned with only 0.34% outstanding. I’d be happy to provide further examples or data as needed, including specific domain examples and or how Netcraft operate, similar to previous SME presentations.

 

Kind Regards,

The Netcraft Logo

Luke Wood

Global Infrastructure Partnerships Lead

LinkedIn: https://www.linkedin.com/in/luke-wood-netcraft/

Book time with Luke Wood: Service Provider Call - 30 Minutes

+44 (0) 1225 447500 www.netcraft.com

 

 

 

 

From: Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Sent: 03 April 2026 20:10
To: Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Subject: [Gnso-dnsabuse-pdp] SME, weighing in (fork)

 

I’d like to respond to Ching’s request for data:

 

It would be very helpful if the SMEs (such as NetBeason or NetCraft) & the Registrars could kindly share the following information (i.e. as required by by RAA 3.18.4) which will help ascertain to the level of effort that will actually be needed to conduct ADC:

o   Number of complaints received in 2025

o   Number of complaints that were valid

o   Number of complaints that were actioned

 

I would submit that the number of complaints received by reporters is less relevant than those received by registrars, since we are the ones acting (and upon whom the onus of the new policy or best practices will fall). I’d also like to note that we are required to maintain records but not create them; what follows should not be understood to be readily available to any registrar and is only available to me because of an unrelated internal project.

 

In 2025, IANA 69, one of the four registrars my team manages, received just under 100k abuse complaints marked as “phishing” through our online forms. Note that this does not include any other type of DNS Abuse or other abuse and does not include phishing reported through different means. Fewer than 10,000 were legitimate phishing complaints. We have to sift through 90% chaff to even get to the phishing reports—and that doesn’t look at the validity of the reports in the first place.

 

   
            Category           Tickets 
  
   TOTAL                       98,212  
  
      Noise                    39,267  
  
      Legitimate (all others)  58,945  
  
  
   MISROUTED REQUESTS          12,298  
  
      Support request           6.142  
  
      Sales inquiry             3,133  
  
      Technical support         1,569  
  
      Complaint, all other      1,454  
  
  
   DOMAIN DISPUTES             13,609  
  
      Domain ownership          6,120  
  
      Registry compliance       4,243  
  
      UDRP                      1,828  
  
      Whois issues                841  
  
      Whois inaccuracy            577  
  
  
   CONTENT CONCERNS            15,062  
  
      Hosting (non-DMCA)        7,833  
  
      DMCA                      3,888  
  
      Law enforcement           3,341  
  
  
   Phishing                     8,291  
  

 

I hope this is helpful context for the conversation.

 

Servus,

Reg

 

--
Reg Levy | Associate General Counsel – Domains
+1 (323) 880-0831
Tucows #MakingTheInternetBetter

UTC -7