ICANN publishes step-by-step guide to help users report DNS Abuse

The Internet Corporation for Assigned Names and Numbers (ICANN) has released a new Step-by-Step Guide: Submitting DNS Abuse Complaints, aimed at improving how internet users, security teams, and organisations report DNS Abuse. The guide is part of ICANN’s broader work to strengthen DNS security enforcement and ensure that contractual obligations on registrars and registry operators are applied consistently. It provides structured instructions on when and how to report cases of phishing, malware, botnets, pharming, and certain types of spam, which ICANN defines as the five forms of DNS Abuse under its agreements.

The document clarifies that ICANN’s role is limited to overseeing ICANN-accredited registrars and generic top-level domain (gTLD) registries. As a result, complaints must first be directed to the registrar or registry operator responsible for the domain name. The guide outlines how to identify the correct abuse contact, what evidence to collect, and what information must be included in an initial report so that it can be investigated effectively. This includes screenshots showing the abusive behaviour, the list of involved gTLD domains, and records demonstrating that the registrar or registry was notified before approaching ICANN.

If a registrar or registry fails to take timely action, the guide explains how complainants may escalate the matter to ICANN Contractual Compliance through the dedicated complaint forms. ICANN highlights that incomplete submissions or inconsistencies between the initial abuse report and the complaint can delay processing. By standardising how complaints are submitted, ICANN aims to ensure clearer, more complete reports and strengthen its ability to act when contracted parties do not address well-evidenced cases of DNS Abuse.