How to Report Suspicious Email Domains

Sun, Feb, 2026

How to Report Suspicious Email Domains

Help protect other New Zealanders and local businesses

Scam and phishing emails don’t just affect one person. If a malicious site or domain stays active, it can be reused to target thousands more Kiwis.

By taking 2–5 minutes to report suspicious domains, you’re actively helping:

  • Other New Zealand businesses

  • Everyday email users

  • Banks, ISPs, and security providers block threats faster

This guide covers:

  1. Easy reporting for everyone

  2. Advanced steps for power users

 

Part 1: Quick & Easy Reporting (Recommended for Everyone)

If you receive an email that looks suspicious:

  • Unexpected invoice or payment request

  • “Urgent” account warning

  • Fake delivery notice

  • Anything asking you to click a link or enter details

 

Step 1: Identify the suspicious domain

Do not click the link.

Instead:

  • Hover over the link and note the domain
    (e.g. secure-login-example[.]com)

  • Or copy the link and paste it into a text editor

 

Step 2: Report it to Google Safe Browsing

Google’s systems are used by Chrome, Gmail, Android, and many security tools worldwide.

Report the site here:
https://safebrowsing.google.com/safebrowsing/report_phish/

What to select

  • Issue type: Phishing

  • URL: paste the suspicious domain or full URL

  • Description (optional but helpful):

    “Phishing link sent via email impersonating a New Zealand business.”

That’s it. You’ve just helped Google block it globally.

This alone makes a real difference

Part 2: Advanced Reporting (For Confident / Technical Users)

If you want to go a step further and help get the domain taken down entirely, follow these steps.

Step 3: Look up the domain owner (WHOIS)

Use a public WHOIS lookup tool such as:

Search the domain name only
(e.g. secure-login-example.com)

You’re looking for:

  • Registrar

  • Abuse contact email

  • Hosting provider

 

Step 4: Identify the abuse email

Most WHOIS records include something like:

  • abuse@registrar.com

  • abuse@hostingprovider.com

  • abuse@domainname.tld

This is the correct place to report malicious use.

Step 5: Email the abuse contact

Keep it short and factual. Example:

Subject: Phishing domain report – urgent review requested

Hello,

I am reporting the domain:

secure-login-example.com

This domain is being used in phishing emails targeting users and impersonating legitimate services.
The emails attempt to trick recipients into entering personal or financial information.

Please investigate and take appropriate action.

Thank you.

You do not need to:

  • Share personal information

  • Engage with the attacker

  • Click or test the site

 

Why This Matters for New Zealand

Many scam campaigns reuse:

  • The same domains

  • The same hosting providers

  • The same infrastructure

When one person reports it, providers can:

  • Suspend the domain

  • Block future campaigns

  • Protect thousands of other inboxes

This helps:

  • Small NZ businesses

  • Non-technical users

  • Older and vulnerable people

  • The wider NZ digital ecosystem

 

 Safety Tips (Important)

  • Never reply to the scam email

  • Never click suspicious links

  • Don’t forward the scam to others

  • Reporting is safe and anonymous

 

TL;DR

  • Report the domain to Google Safe Browsing

  • Advanced users can also email the domain’s abuse contact

  • Every report helps protect other Kiwis