This notification is sent when we receive notification of abuse on a domain name on one of our feeds:
These notifications are sent on an opt-in basis only. The service can be subscribed to on our
online service.
<epp:resData> element
The <epp:resData> element contains an <abuse-feed:infData> element that contains the following sub-elements:
- <abuse-feed:key>
- <abuse-feed:activity>
- <abuse-feed:source>
- <abuse-feed:hostname>
- <abuse-feed:url>
- <abuse-feed:date>
- <abuse-feed:ip>
- <abuse-feed:nameserver>
- <abuse-feed:dnsAdmin>
- <abuse-feed:target>
- <abuse-feed:wholeDomain>
Example abuse feed notification
<epp>
<response>
<result code="1301">
<msg>Command completed successfully; ack to dequeue</msg>
</result>
<msgQ count="10" id="12345">
<qDate>2007-09-26T07:31:30</qDate>
<msg>Domain Activity Notification</msg>
</msgQ>
<resData>
<abuse-feed:infData
xmlns:feed="http://www.nominet.org.uk/epp/xml/nom-abuse-feed-1.0"
xsi:schemaLocation=...">
<abuse-feed:key>phished.co.uk</abuse-feed:key>
<abuse-feed:activity>phishing</abuse-feed:activity>
<abuse-feed:source>Netcraft</abuse-feed:source>
<abuse-feed:hostname>www.youve.been.phished.co.uk</abuse-feed:hostname>
<abuse-feed:url>http://www.youve.been.phished.co.uk/give/us/all/your/money.htm</abuse-feed:url>
<abuse-feed:date>20090601T11:44:01Z</abuse-feed:date>
<abuse-feed:ip>213.135.134.24</abuse-feed:ip>
<abuse-feed:nameserver>ns0.crooked.dealings.net</abuse-feed:nameserver>
<abuse-feed:dnsAdmin>hostmaster@crooked.dealings.net</abuse-feed:dnsAdmin>
<abuse-feed:target>paypal</abuse-feed:target>
<abuse-feed:wholeDomain>Y</abuse-feed:whole-domain>
</abuse-feed:infData>
<resData>
</response>
</epp>