Dear Reg and Owen, Thank you very much for sharing these statistics. To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering* account, registrant, host, payment information, etc., *the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant. If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden. Any thoughts or comments would be greatly appreciated. Best, Ching On Fri, Apr 10, 2026 at 8:29 PM trachtenbergm--- via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org> wrote:
I would note that this appears to be just phishing domains and to not include domain names reported for other types of DNS Abuse (i.e., malware, botnets, pharming, and spam).
Additionally, while the number of domains reported for phishing is low as a percentage of total DUMS, 116,871 being used for phishing is high as an absolute number, and this is *just one registrar* and *only phishing domains and not all types of DNS Abuse at this registrar*. Doing some quick “back of the napkin” math and extracting those numbers out to the rest of the registrars based the percentage of DUMS under management vs total DUMS across registrars, this means that there are likely of 1,000,000 valid phishing reports submitted.
This is a staggering number and keep in mind that it *only includes one type of DNS Abuse* and *only includes DNS Abuse actually reported*! Do we think that this is a million separate bad actors? It is much more likely that this speaks to organized networks and reiterates the need for a meaningful ADC framework to tackle this abuse proactively.
Best regards,
*Marc H. Trachtenberg * Shareholder
Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP
*Aspen Chicago*
411 E. Main Street 360 North Green Street
Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607
T +1.970.300.5313 T +1.312.456.1020
M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com <trachtenbergm@gtlaw.com> | www.gtlaw.com | View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h>
[image: Greenberg Traurig Logo]
[image: Greenberg Traurig Logo]
*From:* Vivek Goyal <vivekg@ldotr.red> *Sent:* Friday, April 10, 2026 12:19 AM *To:* Trachtenberg, Marc H. (Shld-ASP-IP-Tech) <trachtenbergm@gtlaw.com>; rlevy@tucows.com; gnso-dnsabuse-pdp@icann.org *Subject:* Re: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025
Thank you Reg and Owen.
At 116,871 phishing domains over 27mn DUM, that about *0.43%* abusive domains. Is that percentage a good reflection of the overall industry?
Agree with Marc that the trigger for ADC will be the 116,871 domains found to be phishing and NOT the other 73%.
Regards,
Vivek
*From: *trachtenbergm--- via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org> *Date: *Friday, 10 April 2026 at 2:06 AM *To: *rlevy@tucows.com <rlevy@tucows.com>, gnso-dnsabuse-pdp@icann.org < gnso-dnsabuse-pdp@icann.org> *Subject: *[Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025
Thans Reg (and Owen). This is interesting information. I note that there is no information regarding why phishing was not found in the relevant 73% of such complaints. Also, I would note that the number or percentage of complaints where phishing (or DNS Abuse generally) is not found is not really relevant here as those complaints would not trigger an ADC. Only the complaints where there was actionable evidence of DNS Abuse (phishing or otherwise) would trigger the ADC.
Best regards,
*Marc H. Trachtenberg* Shareholder
Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP
*Aspen Chicago*
411 E. Main Street 360 North Green Street
Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607
T +1.970.300.5313 T +1.312.456.1020
M +1.773.677.3305 M +1.773.677.3305 *trac@gtlaw.com <trachtenbergm@gtlaw.com>* | *www.gtlaw.com <http://www.gtlaw.com/>* | *View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h>*
[image: Greenberg Traurig Logo]
[image: Greenberg Traurig Logo]
*From:* Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> *Sent:* Thursday, April 9, 2026 2:25 PM *To:* Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> *Subject:* [Gnso-dnsabuse-pdp] Fwd: Namecheap phishing report data for 2025
**EXTERNAL TO GT**
All—
The below comes from an observer with more data about reported vs. actual to help get a sense of scale.
/R
-- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter
UTC -7
Begin forwarded message:
*From: *Owen Smigelski <*owen.smigelski@namecheap.com <owen.smigelski@namecheap.com>*>
*Subject: Namecheap phishing report data for 2025*
*Date: *April 9, 2026 at 10:08:39 PDT
*To: *Reg Levy <*rlevy@tucows.com <rlevy@tucows.com>*>
Hi Reg,
I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are:
Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%)
Note: this counts tickets in our system, and some tickets may cover more than one domain name
Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks!
Regards,
Owen
------------------------------
If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com, and do not use or disseminate the information. _______________________________________________ Gnso-dnsabuse-pdp mailing list -- gnso-dnsabuse-pdp@icann.org To unsubscribe send an email to gnso-dnsabuse-pdp-leave@icann.org
