Report Domain Abuse
Help Us Keep the Internet Safe & Secure
UMVA is committed to maintaining a safe and trustworthy domain ecosystem. If you believe a domain registered through UMVA — or using our DNS, WHOIS, or other domain services — is engaged in abusive activity, we encourage you to report it. Our abuse team investigates every report promptly and takes appropriate action in accordance with our Acceptable Use Policy, ICANN guidelines, and applicable laws.
What Constitutes Domain Abuse?
Understanding the types of abuse we investigate and take action against
| Abuse Type | Description | Examples | Evidence Required | Response Time |
|---|---|---|---|---|
| Spam | Unsolicited bulk email or messaging campaigns sent from or promoting a domain, including email spam, comment spam, and forum spam. | Mass email campaigns, automated comment posting, spam links in forums, unsolicited advertising | Full email headers, timestamps, URLs, screenshots, and sample messages | 24–48 hrs |
| Phishing | Attempts to acquire sensitive information such as usernames, passwords, credit card details, or personal data by impersonating a legitimate entity. | Fake login pages mimicking banks, payment processors, email providers, or government portals | Full URL of phishing page, screenshot, target brand being impersonated, phishing email headers if applicable | 4–12 hrs |
| Malware | Distribution of malicious software through a domain, including viruses, trojans, ransomware, spyware, worms, or exploit kits intended to harm or compromise systems. | Drive-by download sites, malware payload hosting, malicious file downloads, exploit kit landing pages | Full URL, malware sample or hash, scan results (VirusTotal, etc.), description of the threat | 4–12 hrs |
| Copyright Infringement | Unauthorized use, reproduction, distribution, or display of copyrighted material including text, images, software, music, videos, and other creative works protected by copyright law. | Pirated software downloads, counterfeit goods sales, unauthorized movie/music streaming, plagiarized content | Proof of copyright ownership, specific URLs containing infringing material, description of original work | 48–72 hrs |
| Trademark Infringement | Registration or use of a domain name that infringes on a registered trademark, including cybersquatting, typosquatting, and bad-faith registration of trademarked names. | Cybersquatting on brand names, typosquatting (e.g., gooogle.com), domain parking on trademarked terms | Trademark registration certificate, proof of prior rights, evidence of bad-faith registration, dates | 48–72 hrs |
| Child Safety Violations | Domain used to host, distribute, or promote any form of child sexual abuse material (CSAM) or exploitation. This is the highest priority abuse category with zero tolerance. | CSAM hosting, child exploitation forums, inappropriate content targeting minors, grooming platforms | Full URLs, domain name, description of violation — reports are forwarded to appropriate law enforcement | Immediate |
| Illegal Activity | Use of a domain to facilitate, promote, or engage in activities that violate local, national, or international laws. Includes fraud, illegal gambling, drug trafficking, and more. | Online fraud schemes, illegal marketplaces, unlicensed gambling, counterfeit document sales, money laundering | Detailed description of the illegal activity, URLs, evidence of legal violation, law enforcement referral if applicable | 24–48 hrs |
| Hate Speech & Harassment | Use of a domain to promote hate speech, incite violence, harass individuals or groups based on race, ethnicity, religion, gender, sexual orientation, or other protected characteristics. | Hate group websites, targeted harassment campaigns, doxxing platforms, extremist content distribution | Full URLs, screenshots of offending content, description of the targeted group or individual, dates and times | 24–48 hrs |
| Fast-Flux / DNS Abuse | Use of fast-flux DNS techniques (rapidly changing IP addresses) to hide the location of malicious content, evade detection, or prolong the lifespan of malicious campaigns. | Fast-flux botnet command & control, single-use domains, dynamically changing A/AAAA records used for evasion | Domain name, observed IP changes (historical DNS data), evidence of malicious activity, timestamps | 24–48 hrs |
| WHOIS Inaccuracy | Provision of deliberately false or incomplete WHOIS contact information in violation of ICANN's Registrar Accreditation Agreement (RAA) requirements for accurate registrant data. | Fake names, invalid addresses, non-functional contact emails, proxy registrations without legitimate purpose | Current WHOIS data, evidence of inaccuracy, attempts to contact registrant, supporting documentation | 48–72 hrs |
Response times are targets and may vary based on the complexity of the investigation, the quality of evidence provided, and the volume of reports received. Critical and time-sensitive reports (phishing, malware, child safety) are prioritized. For life-threatening emergencies, contact your local law enforcement immediately.
How to Report Domain Abuse
Multiple ways to submit your abuse report to our team
Send your abuse report with all supporting evidence to our dedicated abuse team at [email protected]. This is the fastest and most recommended method for submitting reports.
Support Ticket
If you have a UMVA account, you can open a support ticket through your dashboard. Select "Abuse Report" as the department to ensure your report is routed to the right team for faster handling.
WHOIS Contact
If the abusive domain is registered elsewhere, you can also report abuse to the domain's registrar through the WHOIS contact information. We recommend filing reports with both the registrar and UMVA when our services are involved.
Abuse Reporting Guidelines
How to submit a complete and actionable abuse report
A Complete Report Must Include:
-
1Abusive Domain Name The fully qualified domain name (FQDN) involved in the abuse, including the exact subdomain if applicable (e.g., phishing.example.com).
-
2Type of Abuse Clearly specify the category of abuse — spam, phishing, malware, copyright infringement, trademark infringement, child safety, illegal activity, or other.
-
3Evidence & Supporting Information Full URLs, screenshots, email headers (for spam/phishing), malware scan results, copyright registration details, WHOIS data, or any other relevant evidence.
-
4Date & Time of Discovery When did you first observe the abusive activity? Include time zone information and whether the abuse is ongoing or has stopped.
-
5Your Contact Information Your name and email address so we can follow up with you if we need additional information or wish to update you on the status of your report.
Important Guidelines:
- Submit one report per domain. If multiple domains are involved in the same abusive campaign, you may list them all in a single report. For unrelated incidents, please submit separate reports for each domain.
- Do not submit false or frivolous reports. Knowingly submitting a false abuse report may result in the rejection of your report and could lead to account restrictions. Please ensure your report is made in good faith.
- International reports are welcome. We accept abuse reports from individuals and organizations worldwide. Reports do not need to be filed by a US resident. However, all correspondence will be conducted in English.
- We keep your report confidential. Your identity and the details of your abuse report will be treated as confidential and will only be shared with relevant parties as necessary for the investigation or as required by law.
- Legal requests and court orders. If you are a law enforcement agency or legal representative, please include badge number, case reference, or legal authorization in your report to expedite processing.
What Happens After You Report
Our abuse investigation and resolution process
Receipt & Acknowledgment
Once we receive your abuse report, you will receive an automated acknowledgment via email within 2 hours confirming receipt. Your report is assigned a unique tracking ID for future reference.
Initial Assessment
Our abuse team reviews the report within the target response time based on severity. We assess the evidence, verify the domain ownership, and determine whether the activity violates our policies or applicable laws.
Investigation & Action
We investigate thoroughly. Actions may include contacting the registrant, issuing a warning, suspending DNS, locking the domain, or terminating the domain registration. Severe violations are reported to ICANN and/or law enforcement.
Resolution & Closure
You will be notified of the outcome once the investigation is complete. While we cannot always disclose every detail due to privacy and confidentiality, we ensure appropriate action has been taken to address the reported abuse.
Possible Outcomes After Investigation:
- Report dismissed — no violation found
- Warning issued to registrant
- DNS suspension / content removal
- Domain locked pending resolution
- Domain registration cancelled
- Referred to ICANN / law enforcement
UMVA Domain Abuse Policies
Our commitment to a safe and trustworthy domain ecosystem
Acceptable Use Policy
UMVA's Acceptable Use Policy (AUP) prohibits the use of our domain services for any illegal, abusive, or harmful activity. All domain registrants agree to comply with our AUP during the registration process. Violations of the AUP may result in immediate suspension or termination of domain services without prior notice. We reserve the right to take any action we deem necessary to prevent or stop abusive activity, including but not limited to DNS suspension, domain locking, transfer prohibition, and domain cancellation.
Key Policy Provisions:
- Accurate WHOIS information is required for all domain registrations
- Domains may not be used for illegal, fraudulent, or deceptive purposes
- Distribution of malware, viruses, or malicious code is strictly prohibited
- Phishing, spam, and social engineering attacks are not tolerated
- Copyright and trademark infringement will result in immediate action
- Child safety violations are reported to law enforcement immediately
ICANN Compliance
As an ICANN-accredited registrar, UMVA strictly adheres to ICANN policies and contractual requirements governing domain registration and abuse handling. We follow the ICANN Registrar Accreditation Agreement (RAA), the Uniform Domain-Name Dispute-Resolution Policy (UDRP), and the Uniform Rapid Suspension (URS) system.
Our ICANN compliance includes:
- Prompt investigation and response to all abuse reports
- Monthly reporting to ICANN on abuse complaints
- Accurate and up-to-date WHOIS data for all registered domains
- Compliance with UDRP and URS decisions from dispute resolution providers
- Annual third-party audits of our abuse handling processes
- Cooperation with law enforcement agencies worldwide
Protection for Whistleblowers & Good-Faith Reporters
UMVA supports and encourages the reporting of domain abuse in good faith. Individuals who submit abuse reports in good faith, based on reasonable belief and with supporting evidence, will not be subject to any retaliation from UMVA. We maintain strict confidentiality regarding the identity of reporters and will not disclose your information to the domain registrant unless required by law or legal process. If you believe you have experienced retaliation for reporting abuse, please contact us immediately at [email protected].
Need Help or Have Questions?
If you are unsure whether a domain constitutes abuse, or if you need guidance on submitting a report, our abuse team is here to help. We also welcome inquiries from law enforcement agencies, legal professionals, and cybersecurity researchers.