- ccTLD operators can now sign up for ICANN Domain Metrica and gain access to both dashboard and API data including phishing, malware and botnet reports.
- Data access differs for ccTLDs and generic TLDs (gTLDs); absence of zone file sharing affects precision and normalisation of statistics.
What happened: ICANN has opened up its Domain Metrica platform
On 18 September 2025, ICANN announced that its Domain Metrica service is expanding to include ccTLD operators. Before this, Domain Metrica only covered generic top-level domains (gTLDs). Now, ccTLDs can join, get onto the Monitoring System API (MoSAPI), see daily statistics about DNS abuse such as phishing, malware and botnet command-and-control, plus lists of domain names flagged via reputation block lists.
If a ccTLD operator was part of the Domain Abuse Activity Reporting (DAAR) project, they are already enrolled automatically. If not, they can begin the onboarding by contacting ICANN via its Global Support, following instructions on the MoSAPI web page.
In cases where ccTLD operators cannot share their zone files, participation still is possible. But data will include domains that may be inactive or suspended. Alternatively, ICANN may confirm domain status by querying the authoritative ccTLD servers. This avoids cache problems but increases load on those servers.
ICANN notes that it is looking ahead to include ccTLDs in search features of the dashboard. To make comparisons fair, it is also considering ways to normalise data either via self-reported zone sizes or third-party estimates.
Also read: Eko-Konnect Research and Education Driving Innovation
Also read: University of Education, Winneba: Pioneering Teacher Education and Innovation
Why it’s important
Many ccTLD operators so far have lacked access to rich, daily-updated metrics on DNS abuse or domain activity. Inclusion in Domain Metrica gives them tools to understand threats inside their own TLDs, to detect phishing, malware or botnets earlier because the frequency and visibility of abuse rise globally.
Even without full zone files, ccTLDs can benefit, though with less precision. The plan to normalise by zone size helps to enable fair comparisons across TLDs. This matters for operators, security researchers, policy makers who need comparable metrics.
More transparency helps the domain name system’s stability and security. ccTLD operators often serve populations within a country (for example .uk in United Kingdom, .de in Germany, .jp in Japan) so better insight matters locally as well as globally.
Access to Domain Metrica may also help ccTLDs allocate resources more efficiently. If an operator sees phishing is rising within its TLD, it can act, for example by engaging registrars or improving takedown processes.
