All— The below comes from an observer with more data about reported vs. actual to help get a sense of scale. /R -- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter UTC -7
Begin forwarded message:
From: Owen Smigelski <owen.smigelski@namecheap.com> Subject: Namecheap phishing report data for 2025 Date: April 9, 2026 at 10:08:39 PDT To: Reg Levy <rlevy@tucows.com>
Hi Reg,
I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are:
Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%)
Note: this counts tickets in our system, and some tickets may cover more than one domain name
Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks!
Regards,
Owen
Thans Reg (and Owen). This is interesting information. I note that there is no information regarding why phishing was not found in the relevant 73% of such complaints. Also, I would note that the number or percentage of complaints where phishing (or DNS Abuse generally) is not found is not really relevant here as those complaints would not trigger an ADC. Only the complaints where there was actionable evidence of DNS Abuse (phishing or otherwise) would trigger the ADC. Best regards, Marc H. Trachtenberg Shareholder Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP Aspen Chicago 411 E. Main Street 360 North Green Street Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607 T +1.970.300.5313 T +1.312.456.1020 M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com<mailto:trachtenbergm@gtlaw.com> | www.gtlaw.com<http://www.gtlaw.com/> | View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h> [Greenberg Traurig Logo] [Greenberg Traurig Logo] From: Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Sent: Thursday, April 9, 2026 2:25 PM To: Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Subject: [Gnso-dnsabuse-pdp] Fwd: Namecheap phishing report data for 2025 *EXTERNAL TO GT* All— The below comes from an observer with more data about reported vs. actual to help get a sense of scale. /R -- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter UTC -7 Begin forwarded message: From: Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: Namecheap phishing report data for 2025 Date: April 9, 2026 at 10:08:39 PDT To: Reg Levy <rlevy@tucows.com<mailto:rlevy@tucows.com>> Hi Reg, I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are: Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%) Note: this counts tickets in our system, and some tickets may cover more than one domain name Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks! Regards, Owen ---------------------------------------------------------------------- If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com, and do not use or disseminate the information.
Thank you Reg and Owen. At 116,871 phishing domains over 27mn DUM, that about 0.43% abusive domains. Is that percentage a good reflection of the overall industry? Agree with Marc that the trigger for ADC will be the 116,871 domains found to be phishing and NOT the other 73%. Regards, Vivek From: trachtenbergm--- via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Date: Friday, 10 April 2026 at 2:06 AM To: rlevy@tucows.com <rlevy@tucows.com>, gnso-dnsabuse-pdp@icann.org <gnso-dnsabuse-pdp@icann.org> Subject: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025 Thans Reg (and Owen). This is interesting information. I note that there is no information regarding why phishing was not found in the relevant 73% of such complaints. Also, I would note that the number or percentage of complaints where phishing (or DNS Abuse generally) is not found is not really relevant here as those complaints would not trigger an ADC. Only the complaints where there was actionable evidence of DNS Abuse (phishing or otherwise) would trigger the ADC. Best regards, Marc H. Trachtenberg Shareholder Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP Aspen Chicago 411 E. Main Street 360 North Green Street Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607 T +1.970.300.5313 T +1.312.456.1020 M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com<mailto:trachtenbergm@gtlaw.com> | www.gtlaw.com<http://www.gtlaw.com/> | View GT Biography<https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h> [Greenberg Traurig Logo] [Greenberg Traurig Logo] From: Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Sent: Thursday, April 9, 2026 2:25 PM To: Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Subject: [Gnso-dnsabuse-pdp] Fwd: Namecheap phishing report data for 2025 *EXTERNAL TO GT* All— The below comes from an observer with more data about reported vs. actual to help get a sense of scale. /R -- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter UTC -7 Begin forwarded message: From: Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: Namecheap phishing report data for 2025 Date: April 9, 2026 at 10:08:39 PDT To: Reg Levy <rlevy@tucows.com<mailto:rlevy@tucows.com>> Hi Reg, I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are: Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%) Note: this counts tickets in our system, and some tickets may cover more than one domain name Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks! Regards, Owen ________________________________ If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com, and do not use or disseminate the information.
I would note that this appears to be just phishing domains and to not include domain names reported for other types of DNS Abuse (i.e., malware, botnets, pharming, and spam). Additionally, while the number of domains reported for phishing is low as a percentage of total DUMS, 116,871 being used for phishing is high as an absolute number, and this is just one registrar and only phishing domains and not all types of DNS Abuse at this registrar. Doing some quick “back of the napkin” math and extracting those numbers out to the rest of the registrars based the percentage of DUMS under management vs total DUMS across registrars, this means that there are likely of 1,000,000 valid phishing reports submitted. This is a staggering number and keep in mind that it only includes one type of DNS Abuse and only includes DNS Abuse actually reported! Do we think that this is a million separate bad actors? It is much more likely that this speaks to organized networks and reiterates the need for a meaningful ADC framework to tackle this abuse proactively. Best regards, Marc H. Trachtenberg Shareholder Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP Aspen Chicago 411 E. Main Street 360 North Green Street Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607 T +1.970.300.5313 T +1.312.456.1020 M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com<mailto:trachtenbergm@gtlaw.com> | www.gtlaw.com<http://www.gtlaw.com/> | View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h> [Greenberg Traurig Logo] [Greenberg Traurig Logo] From: Vivek Goyal <vivekg@ldotr.red> Sent: Friday, April 10, 2026 12:19 AM To: Trachtenberg, Marc H. (Shld-ASP-IP-Tech) <trachtenbergm@gtlaw.com>; rlevy@tucows.com; gnso-dnsabuse-pdp@icann.org Subject: Re: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025 Thank you Reg and Owen. At 116,871 phishing domains over 27mn DUM, that about 0.43% abusive domains. Is that percentage a good reflection of the overall industry? Agree with Marc that the trigger for ADC will be the 116,871 domains found to be phishing and NOT the other 73%. Regards, Vivek From: trachtenbergm--- via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>> Date: Friday, 10 April 2026 at 2:06 AM To: rlevy@tucows.com<mailto:rlevy@tucows.com> <rlevy@tucows.com<mailto:rlevy@tucows.com>>, gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org> <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>> Subject: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025 Thans Reg (and Owen). This is interesting information. I note that there is no information regarding why phishing was not found in the relevant 73% of such complaints. Also, I would note that the number or percentage of complaints where phishing (or DNS Abuse generally) is not found is not really relevant here as those complaints would not trigger an ADC. Only the complaints where there was actionable evidence of DNS Abuse (phishing or otherwise) would trigger the ADC. Best regards, Marc H. Trachtenberg Shareholder Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP Aspen Chicago 411 E. Main Street 360 North Green Street Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607 T +1.970.300.5313 T +1.312.456.1020 M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com<mailto:trachtenbergm@gtlaw.com> | www.gtlaw.com<http://www.gtlaw.com/> | View GT Biography<https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h> [Greenberg Traurig Logo] [Greenberg Traurig Logo] From: Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>> Sent: Thursday, April 9, 2026 2:25 PM To: Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>> Subject: [Gnso-dnsabuse-pdp] Fwd: Namecheap phishing report data for 2025 *EXTERNAL TO GT* All— The below comes from an observer with more data about reported vs. actual to help get a sense of scale. /R -- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter UTC -7 Begin forwarded message: From: Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: Namecheap phishing report data for 2025 Date: April 9, 2026 at 10:08:39 PDT To: Reg Levy <rlevy@tucows.com<mailto:rlevy@tucows.com>> Hi Reg, I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are: Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%) Note: this counts tickets in our system, and some tickets may cover more than one domain name Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks! Regards, Owen ________________________________ If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com<mailto:postmaster@gtlaw.com>, and do not use or disseminate the information.
Dear Reg and Owen, Thank you very much for sharing these statistics. To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering* account, registrant, host, payment information, etc., *the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant. If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden. Any thoughts or comments would be greatly appreciated. Best, Ching On Fri, Apr 10, 2026 at 8:29 PM trachtenbergm--- via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org> wrote:
I would note that this appears to be just phishing domains and to not include domain names reported for other types of DNS Abuse (i.e., malware, botnets, pharming, and spam).
Additionally, while the number of domains reported for phishing is low as a percentage of total DUMS, 116,871 being used for phishing is high as an absolute number, and this is *just one registrar* and *only phishing domains and not all types of DNS Abuse at this registrar*. Doing some quick “back of the napkin” math and extracting those numbers out to the rest of the registrars based the percentage of DUMS under management vs total DUMS across registrars, this means that there are likely of 1,000,000 valid phishing reports submitted.
This is a staggering number and keep in mind that it *only includes one type of DNS Abuse* and *only includes DNS Abuse actually reported*! Do we think that this is a million separate bad actors? It is much more likely that this speaks to organized networks and reiterates the need for a meaningful ADC framework to tackle this abuse proactively.
Best regards,
*Marc H. Trachtenberg * Shareholder
Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP
*Aspen Chicago*
411 E. Main Street 360 North Green Street
Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607
T +1.970.300.5313 T +1.312.456.1020
M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com <trachtenbergm@gtlaw.com> | www.gtlaw.com | View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h>
[image: Greenberg Traurig Logo]
[image: Greenberg Traurig Logo]
*From:* Vivek Goyal <vivekg@ldotr.red> *Sent:* Friday, April 10, 2026 12:19 AM *To:* Trachtenberg, Marc H. (Shld-ASP-IP-Tech) <trachtenbergm@gtlaw.com>; rlevy@tucows.com; gnso-dnsabuse-pdp@icann.org *Subject:* Re: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025
Thank you Reg and Owen.
At 116,871 phishing domains over 27mn DUM, that about *0.43%* abusive domains. Is that percentage a good reflection of the overall industry?
Agree with Marc that the trigger for ADC will be the 116,871 domains found to be phishing and NOT the other 73%.
Regards,
Vivek
*From: *trachtenbergm--- via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org> *Date: *Friday, 10 April 2026 at 2:06 AM *To: *rlevy@tucows.com <rlevy@tucows.com>, gnso-dnsabuse-pdp@icann.org < gnso-dnsabuse-pdp@icann.org> *Subject: *[Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025
Thans Reg (and Owen). This is interesting information. I note that there is no information regarding why phishing was not found in the relevant 73% of such complaints. Also, I would note that the number or percentage of complaints where phishing (or DNS Abuse generally) is not found is not really relevant here as those complaints would not trigger an ADC. Only the complaints where there was actionable evidence of DNS Abuse (phishing or otherwise) would trigger the ADC.
Best regards,
*Marc H. Trachtenberg* Shareholder
Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP
*Aspen Chicago*
411 E. Main Street 360 North Green Street
Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607
T +1.970.300.5313 T +1.312.456.1020
M +1.773.677.3305 M +1.773.677.3305 *trac@gtlaw.com <trachtenbergm@gtlaw.com>* | *www.gtlaw.com <http://www.gtlaw.com/>* | *View GT Biography <https://www.gtlaw.com/en/professionals/t/trachtenberg-marc-h>*
[image: Greenberg Traurig Logo]
[image: Greenberg Traurig Logo]
*From:* Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> *Sent:* Thursday, April 9, 2026 2:25 PM *To:* Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> *Subject:* [Gnso-dnsabuse-pdp] Fwd: Namecheap phishing report data for 2025
**EXTERNAL TO GT**
All—
The below comes from an observer with more data about reported vs. actual to help get a sense of scale.
/R
-- Reg Levy | Associate General Counsel – Domains +1 (323) 880-0831 Tucows #MakingTheInternetBetter
UTC -7
Begin forwarded message:
*From: *Owen Smigelski <*owen.smigelski@namecheap.com <owen.smigelski@namecheap.com>*>
*Subject: Namecheap phishing report data for 2025*
*Date: *April 9, 2026 at 10:08:39 PDT
*To: *Reg Levy <*rlevy@tucows.com <rlevy@tucows.com>*>
Hi Reg,
I saw your email on the list for the ADC PDP regarding phishing reports at Tucows. I reached out to my abuse team, and obtained data for Namecheap and Spaceship for 2025 (which have over 27 million domains under management). The stats are:
Total reports: 432,796 Phishing confirmed: 116,871 (27%) Phishing not confirmed: 315,925 (73%)
Note: this counts tickets in our system, and some tickets may cover more than one domain name
Can you please share this with the PDP as another data point regarding the volume of abuse complaints that are not actionable? Thanks!
Regards,
Owen
------------------------------
If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com, and do not use or disseminate the information. _______________________________________________ Gnso-dnsabuse-pdp mailing list -- gnso-dnsabuse-pdp@icann.org To unsubscribe send an email to gnso-dnsabuse-pdp-leave@icann.org
Ching, the figures look small when I ballpark them. As I am playing with vibe coding at the moment, I turned openclaw loose to do the math :-)-O Assuming a 7‑hour business day (people need breaks, especially when dealing with stuff like this), excluding weekends (Sat–Sun), and an average of 5 public holidays and 365 days per year, come to: 1191 business days ≈ 1672 calendar days ≈ 4 years, 7 months aka wo:man-years. 21,420 tickets per wo:man-year 84 tickets per business day per person How much is the going rate these days for such positions? I think it is really helpful to consider what the implementation and operation costs will be of whatever the PDP will prescribe. el -- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Apr 12, 2026 at 02:15 +0200, Ching Chiao via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>, wrote:
Dear Reg and Owen,
Thank you very much for sharing these statistics.
To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering account, registrant, host, payment information, etc., the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days
As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant.
If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden.
Any thoughts or comments would be greatly appreciated.
Best,
Ching
[…]
Hi Eberhard, Ching, You assume that people are not taking paid leave in your calculations. I agree, however, that any additional documentation requirements (or as I call them: useless "make‑work") will detract from the ability to review and action actual reports. Marc, Phishing is by far the most prevalent form of abuse in the reports we receive. While we do not keep formal statistics, I would estimate that it accounts for roughly 90% of the reports of actual DNS abuse we see, malware and botnet reports are a statistical anomaly in comparison. That said, the numbers from a single registrar cannot be used to extrapolate figures across all registrars. I was certainly surprised by that number and initially thought that we must be doing something right, as our figures are significantly lower when measured as abuse reports per registered domain. Sincerely, Volker Greimann General Counsel & Head of Policy and Compliance - Online Division volker.greimann@centralnic.com Office: +49-172-6367025 Web: www.teaminternet.com Team Internet Group PLC (AIM:TIG). Registered Office: 4th Floor, Saddlers House, 44 Gutter Lane, London, United Kingdom, EC2V 6BR. Team Internet is a company registered in England and Wales with the company number 8576358. ________________________________ From: Eberhard W Lisse via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Sent: 12 April 2026 12:40 PM To: Bruna Martins dos Santos via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Cc: Dns-techs <dns-techs@na-nic.com.na> Subject: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025 Ching, the figures look small when I ballpark them. As I am playing with vibe coding at the moment, I turned openclaw loose to do the math :-)-O Assuming a 7‑hour business day (people need breaks, especially when dealing with stuff like this), excluding weekends (Sat–Sun), and an average of 5 public holidays and 365 days per year, come to: 1191 business days ≈ 1672 calendar days ≈ 4 years, 7 months aka wo:man-years. 21,420 tickets per wo:man-year 84 tickets per business day per person How much is the going rate these days for such positions? I think it is really helpful to consider what the implementation and operation costs will be of whatever the PDP will prescribe. el -- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA<mailto:el@lisse.NA> / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Apr 12, 2026 at 02:15 +0200, Ching Chiao via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>>, wrote: Dear Reg and Owen, Thank you very much for sharing these statistics. To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering account, registrant, host, payment information, etc., the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant. If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden. Any thoughts or comments would be greatly appreciated. Best, Ching […]
yes, of course, lowers this to 19824 tickets per wo:man year:-)-O Roughly 1 full time position per 100K tickets. el -- Sent from my iPhone On 15. Apr 2026 at 00:45 +0200, Volker Greimann <volker.greimann@centralnic.com>, wrote:
Hi Eberhard, Ching,
You assume that people are not taking paid leave in your calculations. I agree, however, that any additional documentation requirements (or as I call them: useless "make‑work") will detract from the ability to review and action actual reports.
[…]
Eberhard, I hope that you're not overspending / creating the tokens for this wonderful voluntary work :) Ching On Sun, Apr 12, 2026 at 6:40 PM Eberhard W Lisse via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org> wrote:
Ching,
the figures look small when I ballpark them.
As I am playing with vibe coding at the moment, I turned openclaw loose to do the math :-)-O
Assuming a 7‑hour business day (people need breaks, especially when dealing with stuff like this), excluding weekends (Sat–Sun), and an average of 5 public holidays and 365 days per year, come to:
1191 business days ≈ 1672 calendar days ≈ 4 years, 7 months aka wo:man-years. 21,420 tickets per wo:man-year 84 tickets per business day per person
How much is the going rate these days for such positions?
I think it is really helpful to consider what the implementation and operation costs will be of whatever the PDP will prescribe.
el
-- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Apr 12, 2026 at 02:15 +0200, Ching Chiao via Gnso-dnsabuse-pdp < gnso-dnsabuse-pdp@icann.org>, wrote:
Dear Reg and Owen,
Thank you very much for sharing these statistics.
To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering *account, registrant, host, payment information, etc., *the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days
As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant.
If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden.
Any thoughts or comments would be greatly appreciated.
Best,
Ching
[…]
_______________________________________________ Gnso-dnsabuse-pdp mailing list -- gnso-dnsabuse-pdp@icann.org To unsubscribe send an email to gnso-dnsabuse-pdp-leave@icann.org
Ching, I can do this on my iPad's calculator in the Mugg & Bean after my daily Due Diligence in the pool, and now, since Winter is Coming, even outside :-)-O, but, as my wife likes to say, Toys for the Boys :-)-O Anyway, seriously, and referencing what Volker, Marc and Brian wrote, I agree that the scope of this PDP is narrow, and would be the last person to go to Council and ask for more. But, and forgive me for using this analogy, coming from Evidence Based Medicine and on a daily basis having had to not only figure what was wrong with a patient, but also why, what to do about it, and what the consequences would be of any actions or inaction, which sort of became ingrained, I wonder if using a Data Driven approach to Decision Making would not be more effective. In other words, I would like to see, when answering each question, some form of who would be impacted and how. If we conjure a Policy and do the Impact Analysis only at the end, we run the risk of wasting two years of work. If we look at the impacts during each step, however, the Impact Analysis would be simple collating. By the way, I also think this mailing list is a good place to have these (side) discussions, or even only (my) musings. el -- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Apr 15, 2026 at 12:46 +0200, Ching Chiao <ching.chiao@whoisxmlapi.com>, wrote:
Eberhard,
I hope that you're not overspending / creating the tokens for this wonderful voluntary work :)
Ching
[…]
participants (6)
-
Ching Chiao -
Eberhard W Lisse -
Reg Levy -
trachtenbergm@gtlaw.com -
Vivek Goyal -
Volker Greimann