LOS ANGELES - The Internet Corporation for Assigned Names and Numbers (ICANN) has released a new Step-by-Step Guide: Submitting DNS Abuse Complaints, designed to help Internet users, security professionals, and stakeholders understand when and how to report Domain Name System (DNS) Abuse to ICANN Contractual Compliance. The guide is available on ICANN's DNS Abuse Mitigation Program page and on the Contractual Compliance complaint submission portal, a press release stated by ICANN. 

Addressing DNS Abuse – which according to the ICANN agreements is phishing, malware, botnets, pharming, and spam (when used to deliver the other four forms of named DNS Abuse) – remains critically important to the ICANN community. ICANN is committed to help strengthen DNS security, including enforcement of all applicable requirements in the ICANN agreements. This enforcement is often triggered by the receipt of external complaints. The new guide aims to make the process of submitting those complaints clearer, more consistent, and easier to follow.

The guide walks readers through two major components of the reporting and escalation process:

• Identifying and reporting the issue to the appropriate party, which depending on the circumstances may be the domain's registrar, the registry operator, or another actor within the DNS ecosystem such as a hosting company. The guide outlines how to determine which party is the most appropriate to investigate and act on the abuse and how to locate the abuse contact, and includes links to resources explaining what information should be included in an initial report to ensure it can be investigated efficiently. It also reminds complainants that ICANN's contractual authority extends only to ICANN-accredited registrars and generic top-level domain (gTLD) registry operators, not hosting providers, website operators, or other intermediaries.
• When and how users may escalate a matter to ICANN if a registrar or registry operator does not take prompt mitigation actions against well-evidenced DNS Abuse. The guide details what evidence must be included, such as the list of affected gTLD domain names, screenshots showing how the domain is being used for abuse, and records showing that the issue was first reported to the registrar or registry. It also highlights the importance of consistency between the initial report and the complaint submitted to ICANN, as discrepancies may delay processing.

ICANN encourages users to review the guide before filing a complaint to ensure their submissions include all necessary information and can be processed as efficiently as possible.