What are public threat reporting channels?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Your team just spotted a phishing link in someone's inbox. You know it's bad. But where do you actually send it, and does reporting it do anything useful?
It does. Public threat reporting channels feed the databases that email filters, browsers, and blocklists use to protect everyone. When you report something, you're not just filing a ticket into the void. You're contributing data that can get a phishing URL blocked across millions of inboxes within hours.
Here's where to send what.
Phishing URLs and suspicious email
PhishTank is the most widely used crowdsourced phishing database. You submit a URL, the community verifies it, and it gets added to feeds used by security vendors everywhere. Google's Safe Browsing (reportable via Gmail's built-in "Report Phishing" button or Chrome's "Report" option) feeds the database that protects billions of users across Google products. Microsoft 365 has its own submission portal where you can flag phishing emails directly from Outlook. All three are worth using if something looks like an active campaign.
Malware samples and malicious files
VirusTotal lets you upload a file or paste a URL and get results from 70+ security engines instantly. It also shares samples with participating vendors, so your submission helps build new signatures. abuse.ch runs several free community feeds (including MalwareBazaar and URLhaus) focused specifically on tracking active malware infrastructure. Security researchers and anti-abuse teams pull from these daily.
Cybercrime and infrastructure attacks
If you're dealing with something larger, like a coordinated attack against your organization or a campaign impersonating your domain, government channels matter. The FBI IC3 handles cybercrime reports in the US. CISA is the right contact for critical infrastructure incidents. Outside the US, most countries have a national CERT (Computer Emergency Response Team) that handles regional incidents and coordinates cross-border response.
As an email sender, these channels matter to you beyond just security hygiene. If attackers are spoofing your domain in phishing campaigns, the faster those URLs land in PhishTank, Safe Browsing, and abuse.ch feeds, the faster your brand's name stops appearing in malicious messages. Reporting protects your domain's reputation as much as it protects recipients.
Not sure if what you've found is worth reporting? When in doubt, report it anyway. The verification layer in most of these systems filters out noise, and a false alarm costs you nothing.
Still if your domain is being actively spoofed and you need help figuring out next steps, our SOS hotline is free and we actually pick up.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.