Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
ALAC:

DNS Abuse

Date IssuedReference IDCurrent Phase

 

AL-ALAC-ST-1219-03-00-EN

Phase 3 | Evaluate & Consider

Description:

It has become increasingly imperative that the ICANN Community step up to address the challenge of DNS Abuse in its many forms. The implementation of the European Union’s General Data Protection Regulation (GDPR) has driven an increase in the incidences of DNS abuse, as it has become severely problematic to leverage WHOIS
and/or other parts of the DNS for the purpose of identifying bad actors and mitigating abusive behavior. Increases in abuse are well documented, and DNS Abuse has not gone without community notice.

ICANN Org has facilitated at least three separate discussions on DNS Abuse in 2019, and a major cross-community discussion on the topic took place during ICANN66 in Montreal. As the Governmental Advisory Committee (GAC) recently said about the importance of addressing DNS abuse, “Protecting the public from security threats and DNS Abuse is an important public policy issue.”

According to the review of the last round of new TLDs by the Consumer Competition, Choice and Trust Review Team (CCT-RT), the safeguards put in place during the last round were not effective, and the compliance operation within ICANN does not have the necessary mandate nor probably the ideal tools to combat DNS Abuse effectively. Discussions continue about how to define DNS Abuse, but there are also settled consensus definitions that could be employed for immediate reform. Once tools are in place, a change in definition will only change the scope of how these tools are used. An explicit mandate for ICANN Compliance is needed not to regulate content, but to exercise enforceability against DNS Abuse.

STATUS UPDATES

DatePhaseTypeStatus Updates

 

Phase 2 | UnderstandStatus UpdateICANN org understands ALAC to advise the Board to direct ICANN org to establish a clear definition of “abuse” that is within ICANN’s remit. We assume that any such definition would, without limitation, include harmful activity insofar as they intersects with the DNS and involves the use of malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS abuse). ICANN org further understands ALAC to advise the Board to direct org to clarify the “purposes and applications of "'abuse'"

was submitted to the ICANN Board on 24 December 2019.  For complete historical information on the development of this Advice, visit the At-Large workspace: ALAC Advice on DNS Abuse and the At-Large website: https://atlarge.icann.org/advice_statements/13747.


View file
nameALAC Advice to ICANN Board on DNS Abuse.pdf
height400


RecommendationDescriptionPhase
Recommendation 1

Establish a clear definition of DNS Abuse. The GNSO has already produced consensus definitions of “abuse” and “malicious use of domain names” that are more expansive. According to that definition, “abuse” is an action that: 1) Causes actual and substantial harm, or is a material predicate of such harm; and 2) Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such a purpose is disclosed. The GNSO also recognized that “malicious use of domain names” include, but are not limited to: 1) spam, 2) malware distribution, 3) online child sexual exploitation and imagery abuse, 4) phishing, 5) botnet command-and-control. ICANN should clarify the purposes and applications of “abuse” before further work is done to define DNS abuse.

” We are unsure, however, what ALAC’s reference to “purposes and applications” of abuse is intended to mean and request clarification on this point. Is ALAC's advice to identify the characteristics of abuse (e.g., behavior that affects the DNS in specified ways) that would be within ICANN’s remit? If so, ICANN org also understands ALAC to advise that once the scope and characteristics of abuse within ICANN’s remit is identified, a determination should be made

Once those purposes are identified, ICANN should determine whether abuse definitions used by outside sources can serve as references for the ICANN community, or whether a new, outcomes-based nomenclature could be useful (including impersonation, fraud, or other types of abuse) to accurately describe problems being addressed.

 

Phase
2
3 |
UnderstandAdvice Provider FeedbackALAC agreed with understanding and provided feedback: Ideally, the ICANN community should continue its ongoing discussions regarding the definition of DNS Abuse, including the best vocabulary with which to discuss it. At the time of our comment even the term DNS Abuse was not in general use by the public but many of the "techniques" (phishing, malware, etcl) and "outcomes" (impersonation, fraud, etc.)are. None of this should stand in the way of improving the mechanisms and tools that are available to Contract Compliance and the ICANN Community to combat abuse.
Evaluate & Consider
Recommendation 2

Cease rate limiting WHOIS (eventually RDAP) or simplify the process of whitelisting, so that it can report on the registration ecosystem. Adopt a uniform and timely access framework for publicly available registrant data.

Phase 3 | Evaluate & Consider
Recommendation 3

Direct ICANN Org to establish low thresholds for identifying bad actors. Direct ICANN Org to publish more actionable Domain Abuse Activity Reporting (DAAR) data: identifying the operators with high concentrations of abuse against whom onward action ought to be contemplated.

Phase 3 | Evaluate & Consider
Recommendation 4

Provide an explicit mandate to ICANN Contractual Compliance to regularly use the audit function to root out “systemic” abuse; not to regulate content, but to proactively exercise enforceability.

Phase 3 | Evaluate & Consider
Recommendation 5

Do not process registrations with “third party” payments, unless they have been approved prior to the request.

Phase 3 | Evaluate & Consider
Recommendation 6

Adopt an “anti-crime, anti-abuse” Acceptable Use Policy (AUP) and include enforcement.

Phase 3 | Evaluate & Consider
Recommendation 7

Compel industry-wide good behavior: for ex. by increasing per domain transaction fees for registrars that continually demonstrate high abuse rates.

Phase 3 | Evaluate & Consider
Recommendation 8

Implement the above in agreements/contracts, with clear enforcement language for ICANN Contractual Compliance to adopt.5 Convene a discussion between the Contracted Parties and ICANN Compliance to finally resolve what additional tools might be needed by Compliance.

Phase 3 | Evaluate & Consider

 

Phase 2 | UnderstandPhase UpdateUnderstanding sent to ALAC