AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

Public Comment CloseStatement
Name 

Status

Assigned Working Group

Assignee(s)

Call for
Comments Open		Call for
Comments
Close 		Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

15 July 2021

RrSG Draft White Paper: Registrant Protections in DNS Abuse Mitigation

ADOPTED

13Y, 1A, 0N

CPWG

Jonathan Zuck

30 June 2021

06 July 2021

07 July 2021

10 July 2021

15 July 2021

At-Large staff

staff@atlarge.icann.org

AL-ALAC-ST-0721-01-00-EN

Hide the information below, please click here 

TBD submission date, feedback requested "around ICANN71".

As per 05 June 2021 email from Ashley Heineman, Chair, RrSG:

 
The RrSG DNS Abuse Subgroup drafted the attached White Paper discussing Registrant Protections in DNS Abuse Mitigation, centering on the issue of innocent registrants whose domains are impacted by DNS Abuse mitigation by a registrar (or registry, as the case may be).  The RrSG is looking to publish the paper around the time of ICANN 71, but wanted to give the ALAC the opportunity to provide comments in advance as we know this is an issue of interest to your members.  This paper is not time sensitive, so if you would like additional time, please let us know.  As additional background, the RrSG periodically drafts and publishes white papers for informational purposes and this is our first attempt to better socialize our work with interested community members.
 

FINAL VERSION SUBMITTED (IF RATIFIED)

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.


DRAFT SUBMITTED FOR DISCUSSION

The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).

See: Google Doc (comment-only)

The At-Large community welcomes both the initiative by the Registrar Stakeholder Group (RrSG), to address Registrant Protections in DNS Abuse Mitigation, as well as the opportunity to comment. The occasionally conflicting interests of registrant and non-registrant individual end users demands we find the right balance in the fight against DNS Abuse.

Overall, the paper represents an excellent collection of redress mechanisms that ought to be available to registrants, in the case of mistaken take-down. The At-Large would like to proffer just a few points.

  1. Evidence
    The topic of poorly constructed and poorly supported complaints is ongoing and the At-Large would like the RrSG to consider more fully exploring this topic with examples, even if hypothetical. Giving registrars a checklist or framework, with which to evaluate a complaint, would help standardize both the formulation and resolution of complaints. Perhaps some criteria for identifying a pattern of abuse would be helpful in separating the the spurious from the systemic.
  2. 3rd Party Abuse
    The white paper makes two references to 3rd party responsibility for abusive conduct. In the second, case it is mentioned in the context of a reversal, of an action taken by a registrar, based on an abuse report. This seems wholly appropriate. However, in the first instance, there is a suggestion that "a domain name should not be labelled as abusive when the abusive usage results from the action of a third party." This would seem to imply that determination of responsibility should happen prior to any action, taken by the Registrar and that seems inappropriate. If the domain hosts verifiable abuse, particularly as its primary function, it should be taken down immediately and restored after a fix has been applied. The fact that the abuse was not the result of malice by the domain holder should not deter action taken to mitigate that abuse.
  3. Proportion of of domain use
    It is also often mentioned that random abuse, in an otherwise non-abusive domain, needs to be handled Differently. If, for example, a comment, on a news site, contains.a phishing link, it's not appropriate to take down the entire domain. Perhaps a framework for alternative mitigation, involving the domain owner or website host, is appropriate. Again, the more that can be laid out, with examples, the better.


We of the At-Large community appreciate the opportunity to comment and welcome any ongoing dialog on the issue of DNS Abuse mitigation. We hope these comments are helpful.