Page History
ALAC: DNS Abuse
Description:
It has become increasingly imperative that the ICANN Community step up to address the challenge of DNS Abuse in its many forms. The implementation of the European Union’s General Data Protection Regulation (GDPR) has driven an increase in the incidences of DNS abuse, as it has become severely problematic to leverage WHOIS
and/or other parts of the DNS for the purpose of identifying bad actors and mitigating abusive behavior. Increases in abuse are well documented, and DNS Abuse has not gone without community notice.
ICANN Org has facilitated at least three separate discussions on DNS Abuse in 2019, and a major cross-community discussion on the topic took place during ICANN66 in Montreal. As the Governmental Advisory Committee (GAC) recently said about the importance of addressing DNS abuse, “Protecting the public from security threats and DNS Abuse is an important public policy issue.”
According to the review of the last round of new TLDs by the Consumer Competition, Choice and Trust Review Team (CCT-RT), the safeguards put in place during the last round were not effective, and the compliance operation within ICANN does not have the necessary mandate nor probably the ideal tools to combat DNS Abuse effectively. Discussions continue about how to define DNS Abuse, but there are also settled consensus definitions that could be employed for immediate reform. Once tools are in place, a change in definition will only change the scope of how these tools are used. An explicit mandate for ICANN Compliance is needed not to regulate content, but to exercise enforceability against DNS Abuse.
STATUS UPDATES
| Date | Phase | Provided By | Status Updates |
|---|---|---|---|
| Phase 3 | Evaluate & Consider | Maureen Hilyard | ICANN org understands ALAC to advise the Board to direct ICANN org to establish a clear definition of “abuse” that is within ICANN’s remit. We assume that any such definition would, without limitation, include harmful activity insofar as they intersects with the DNS and involves the use of malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS abuse). ICANN org further understands ALAC to advise the Board to direct org to clarify the “purposes and applications of "'abuse'" before further work is done to define DNS abuse.” We are unsure, however, what ALAC’s reference to “purposes and applications” of abuse is intended to mean and request clarification on this point. Is ALAC's advice to identify the characteristics of abuse (e.g., behavior that affects the DNS in specified ways) that would be within ICANN’s remit? If so, ICANN org also understands ALAC to advise that once the scope and characteristics of abuse within ICANN’s remit is identified, a determination should be made whether abuse definitions used by outside sources can serve as references for the ICANN community, or whether a new, outcomes-based nomenclature could be useful (including impersonation, fraud, or other types of abuse) to accurately describe problems being addressed. |
| ALAC agreed with understanding and provided feedback: Ideally, the ICANN community should continue its ongoing discussions regarding the definition of DNS Abuse, including the best vocabulary with which to discuss it. At the time of our comment even the term DNS Abuse was not in general use by the public but many of the "techniques" (phishing, malware, etcl) and "outcomes" (impersonation, fraud, etc.)are. None of this should stand in the way of improving the mechanisms and tools that are available to Contract Compliance and the ICANN Community to combat abuse. | |||
| Phase 3 | Evaluate & Consider | ICANN org | Understanding sent to ALAC |
