XYZ Registry: Monitoring and mitigating patterns in abusive use of domains

XYZ Registry takes a strict approach to DNS abuse mitigation to protect the integrity of our namespaces while supporting innovation. Over the past decade, we’ve built an adaptive anti-abuse program designed to address evolving threats without creating barriers for registrants. Our team monitors phishing, malware, spam, and other forms of abuse across our TLDs, including identifying repeat and coordinated patterns of abusive use, working closely with trusted cybersecurity partners to enforce our Anti-Abuse Policy responsibly.

As a Top Level Domain Registry, XYZ operates at the apex of a layered domain ecosystem that includes registrars, resellers, website builders, hosting companies, and registrants. While enforcement action can occur at all layers, a registry has the unique capability of acting directly on the acceptable use policies of the Top Level Domain as a whole; for example, .xyz’s registry policies. This structure requires careful judgment when evaluating abuse signals and responding to reports, ensuring actions are proportionate, accurate, and transparent to partners who support domain registrants directly. 

People and organizations register and manage their domains through registrar partners, not directly with the registry. Because of this, XYZ’s Anti-Abuse Team does not know who an individual registrant is or how many domains they may hold. Our visibility is limited to the registration activity we receive from registrars, which allows us to observe high-level ordering behavior and identify obvious, repeated patterns that may signal abusive use. At the registry level, this can mean looking for signals such as large groups of similar-looking domain names registered at the same time, coordinated activity across multiple domains, or consistent indicators reported by multiple independent sources over time. Any action taken at the registry level can affect registrars and their customers, which is why we approach enforcement with care and maintain transparency with our partners throughout the process.

The XYZ Anti-Abuse Team utilizes data from trusted cybersecurity partners who specialize in identifying patterns of abusive activity across the Internet, such as Spamhaus and SURBL. Partners like these bring deep expertise and broader visibility that help surface coordinated or repeat abusive use at scale. Our Anti-Abuse Team reviews this data by evaluating the broader usage pattern, supporting evidence, and potential impact before taking action. We do not act on reports of pattern-like behavior automatically. In cases where a domain is flagged but does not violate XYZ acceptable use policies, we prioritize careful review. If a report is determined to be incorrect, we work to resolve the issue internally and, where appropriate, coordinate with the reporting partner to improve signal quality and reduce the likelihood of repeat misclassification.

Our goal is to maintain a secure and trusted domain environment while preserving the openness and affordability that enables innovation and growth. By participating in pattern-based review, proportional response, and transparency with registrars and security partners, XYZ Registry continues to refine how it monitors and mitigates abusive use at scale while strengthening trust across our namespaces.

The Anti-Abuse Quarterly is published to the XYZ Registry Anti-Abuse hub on https://xyz.xyz/abuse. Visit to learn more about our monitoring process, find information on how to report abuse, and understand the actions we take in collaboration with industry partners and law enforcement.

As we continue to safeguard our domain space, these resources serve as a testament to our unwavering commitment to a safer internet. We encourage you to join us in the ongoing fight against online abuse.