Security vendor review teams process thousands of false positive reports daily. Submissions with complete, well-organized evidence get approved faster. Incomplete submissions get delayed, sent back for more information, or denied outright. This checklist ensures you have everything ready before you submit, maximizing your chances of first-try approval.
Basic information (always required)
Every vendor submission requires these fundamentals. Have them ready before you start:
- The exact URLs being flagged (full paths, not just the domain root)
- Your business name and website description
- Your role and authority over the domain (owner, admin, webmaster)
- Contact email matching the flagged domain (e.g., security@yourdomain.com)
- The specific vendor detection label (e.g., "Phishing," "Malware," "Suspicious")
- When you first noticed the flag and when the site was last confirmed clean
Site ownership verification
Vendors need confidence you actually control the domain. Prepare:
- WHOIS record showing your organization as registrant
- Google Search Console verification for the domain
- Ability to receive email at admin@, postmaster@, or security@ your domain
- Access to DNS records (some vendors verify via DNS TXT challenge)
- Business registration documents if the domain is newly registered
Clean site evidence
Prove your site is genuinely safe. The more independent sources, the stronger your case:
- Google Search Console showing no security issues
- Clean scan from Sucuri SiteCheck or similar third-party scanner
- VirusTotal results showing majority clean (if only 1-2 vendors flag)
- Server access logs showing no unauthorized file modifications
- Content Security Policy headers demonstrating security awareness
- Web Application Firewall logs showing no blocked attack attempts succeeded
If previously compromised: remediation evidence
If your site was legitimately compromised and you have cleaned it, vendors need confidence the fix is permanent:
- Timeline of compromise: when it started, when you discovered it, when you fixed it
- Specific vulnerabilities that were exploited and how they were patched
- Malicious files/code that were removed and what replaced them
- Security measures implemented post-cleanup (WAF, 2FA, updated software)
- Confirmation that all admin credentials were rotated
- Any third-party penetration test or security audit conducted after cleanup
Technical details that help
These are not always required but significantly speed up review:
- Your hosting provider and server type
- CMS platform and version (WordPress 6.x, Shopify, custom, etc.)
- SSL certificate issuer and expiration date
- List of all third-party scripts loaded on flagged pages
- DNS provider and nameservers
- CDN in use, if any (Cloudflare, Fastly, AWS CloudFront)
Submission best practices
Once you have your evidence assembled:
- Submit from a professional email matching your domain, never from Gmail/Yahoo
- Write in clear, factual language without emotional pleas or legal threats
- Reference specific evidence items rather than making general claims of innocence
- Submit to one vendor at a time and track each submission separately
- Save ticket numbers and confirmation emails for follow-up
- Allow the stated processing time before following up or resubmitting