ICANN releases analysis of internationalised domain names flagged in security block lists
ICANN has published a report examining how often internationalised domain names appear in Internet security block lists. The analysis covers reported cases of malware, phishing, and botnet activity between late 2023 and late 2025.
The Internet Corporation for Assigned Names and Numbers has published a new report analysing how Internationalized Domain Names, or IDNs, appear in Reputation Block Lists used by security systems across the internet. The report covers data from October 2023 to September 2025 and focuses on three common types of online abuse: phishing, malware, and botnets.
To understand the findings, it helps to clarify what these terms mean. Domain names are usually written using standard Latin letters, numbers, and symbols. These are known as ASCII domain names. Internationalized Domain Names allow website addresses to be written in other scripts, such as Chinese, Arabic, or Cyrillic, so that users can access the internet in their own languages.
Reputation Block Lists, often called RBLs, are lists of domain names that security providers have identified as being linked to harmful activity. Email servers, browsers, and other security tools use these lists to block access to domains that are believed to be used for scams, malware distribution, or controlling infected computers.
According to the report, ASCII domain names appear far more often in these block lists than IDNs. The analysis found a ratio of 5.3 to 1, meaning that reported ASCII domain names were flagged more than five times as often as IDNs. In percentage terms, around 0.47 percent of ASCII domain names were reported, compared with 0.09 percent of IDNs.
Despite the difference in volume, the types of abuse associated with both kinds of domain names are broadly similar. Phishing, which involves tricking users into revealing personal information such as passwords or payment details, accounted for nearly all reported cases involving IDNs. Specifically, phishing made up almost 99 percent of the IDN-related reports in the data set.
The report also looks at which writing systems are most commonly involved. Most of the reported IDNs used the Latin script, followed by a smaller share using Chinese, or Han, characters. Other scripts appeared much less frequently in the block list data.
The analysis is based on data collected through ICANN’s Domain Metrica project, which tracks technical and security-related trends in the domain name system. ICANN notes that the findings are descriptive and are intended to support a better understanding of how different types of domain names are used, including in cases of abuse.
The full report provides more detailed breakdowns and is part of a series of analyses on IDNs and security trends. Earlier reports are available through ICANN’s IDN Resource Page.
