Take down fraudulent domains
To request anonymous takedown of fraudulent domain content, you must be the owner of the primary brand and have an authorization letter on file stating this. If you don't have a letter on file, a message appears on the Domain Takedown page instructing you to upload a signed letter. Optionally, you can upload supporting evidence files, which may expedite the takedown request review.
Start a domain takedown
Complete the next procedure to request a domain takedown.
-
On the Related domains report page, check the Risk level column for domains of high risk to your brand. To ensure that the list is sorted in descending order, click the Risk level column head to re-sort the list.
-
For each high-risk domain (
High
), click the Actions menu and select Start Takedown (or Takedown Status if you previously started to fill out the form and saved the data.).A confirmation dialog opens asking if you want to continue.
-
Click Yes.
The Domain Takedown page opens.
-
In the Takedown Request Form panel, verify these items:
-
Authorization Letter field.
- If an authorization letter is on file confirming that you're the owner of the primary brand, you can continue to Step 4.b.
Once uploaded and approved, the authorization letter is used for all takedown requests associated with the account.
- To upload a signed authorization letter, or to replace the letter on file, click Takedown Settings on the top toolbar to open the Takedown Settings page. For details, see Download/upload an authorization letter.
-
Evidence of malicious exploit field. Optional.
- If you previously uploaded evidence files, or you don't feel that it's necessary to do so, continue to Step 5.
- Otherwise, you can upload evidence files now.
-
-
To initiate the takedown request now, click Takedown. Otherwise, to save the Takedown Request Form data and initiate the takedown request later, click Save.
Domain Takedown page
Depending on where you are in the domain takedown workflow, one of three panels appears on the page:
- Takedown Request Form
- Takedown Request Status
- Takedown Request Cancelation Status
The next table describes each panel.
Panel | Description | Fields and buttons |
---|---|---|
Takedown Request Form | Displays the form you need to complete prior to requesting a domain takedown. |
|
Takedown Request Status | Shows the takedown request status starting at the `REQUESTED` state and throughout the workflow. |
|
Takedown Request Cancelation Status | Shows the status of a canceled takedown request. |
|
Workflow states
Each takedown request transitions through four main states:
DRAFT -> REQUESTED -> SUBMITTED -> ACCEPTED
where the states are defined as:
DRAFT
. Request is being drafted.REQUESTED
. Operations team is reviewing and processing the request.SUBMITTED
. Disruption network is processing the takedown request.ACCEPTED
. Fraudulent domain is removed.
Depending on the takedown scenario, there can be alternate workflows with additional states, as described next.
Alternate workflows
Consider the following workflow:
DRAFT -> REQUESTED -> EVIDENCE REQUIRED -> REQUESTED -> SUBMITTED -> ACCEPTED
The following events occur:
-
While the account owner is drafting the takedown request, it is in the
DRAFT
state. -
After completing the draft and submitting the request, it transitions to the
REQUESTED
state. -
The operations team reviews the request, determines that evidence files are needed, and transitions the request to the
EVIDENCE REQUIRED
state. -
The account owner uploads evidence files and resubmits the takedown request. The request transitions back to the
REQUESTED
state. -
The operations team reviews and approves the request, transitioning it to the
SUBMITTED
state. The disruption network begins processing. -
After the fraudulent domain is removed, the request transitions to the
ACCEPTED
state.
In another alternate workflow, the takedown request may be denied or cannot be completed, resulting in one of the following terminal states:
DENIED
. The request doesn't meet the criteria for takedown, or the network denies the request for removal.DOWN ON ARRIVAL
. The request can't be completed because the fraudulent domain is down.
If you cancel a takedown request, the workflow varies depending on the request state at the time you initiate cancelation:
- If the request form is in the
DRAFT
state, it is updated toCANCELED
. - If the request is in the
REQUESTED
orSUBMITTED
state, it is updated toCANCEL REQUESTED
.
Later, after the takedown request is reviewed, the state is updated to eitherCANCELED
,DENIED
, orDOWN ON ARRIVAL
.
Takedown Settings page
Use the Takedown Settings page to perform these actions:
- View or delete an existing signed authorization letter.
- Download an authorization letter to sign.
- Upload the signed letter.
Download/upload an authorization letter
An account must have a signed authorization letter on file to request a domain takedown. Once uploaded and approved, the authorization letter is associated with the account and is used for all subsequent takedown requests.
Complete the next procedure to download an authorization letter to sign, and to upload the signed letter. If a signed letter is already on file, you can download the letter and delete it before uploading a new signed letter.
-
On the Domain Takedown page, top toolbar, click Takedown Settings.
The Takedown Settings page opens. Notice that there are two sections:
- Download authorization letter to sign
- Upload signed authorization letter or Existing signed authorization letter
-
In the Download authorization letter to sign section, click Download.
An unsigned authorization letter is downloaded to your computer.
-
Sign the letter, and save the file under a new name that includes your account name. You may also want to include the date. For example,
MyAccount_Signed_Auth_Letter_2023-02-01
. -
If the Existing signed authorization letter panel appears on the page, a letter is already on file for your account. You must first delete the letter before you can upload a new one. Otherwise, go to Step 5.
-
Click Delete.
A confirmation dialog opens.
-
Click Yes.
The letter on file is deleted, and the Upload signed authorization letter section now appears on the page.
-
-
In the Upload signed authorization letter section, upload the letter you signed in Step 3.
View takedown status
To view takedown status, complete the next procedure.
-
Navigate to the related domains report page.
-
Click the Actions menu for the related domain of interest and select Takedown Status.
The Domain Takedown page opens displaying the Takedown Request Status panel.
Cancel a takedown request
To cancel a takedown request, complete the following procedure.
Canceling a takedown stops the takedown progress; no further submissions to the disruption network are made. However, actions that were performed before the cancelation request may be irreversible.
-
If you started a domain takedown for a related domain and subsequently want to cancel it, on the Domain Takedown page, top toolbar, click Cancel Takedown.
A confirmation dialog opens.
-
Click Yes.
The dialog closes. On the Domain Takedown page, notice that the Request state field is updated.
Updated 11 months ago