Home / Blogs

The Path to Combatting Domain Abuse

On March 16th, the DNS Abuse Institute hosted a forum on the State of DNS Abuse, discussing Trends from the last three years and the current landscape.

Completely eradicating malware, botnets, phishing, pharming, and spam from the Domain Name System is not possible. That may be an odd statement from someone who just took the leadership position at the DNS Abuse Institute, but it’s meant to underscore the scope of the work ahead of us. There will always be bad actors exploiting the DNS for their own criminal purposes, but working together, we can mitigate their impact.

This begins with bringing the domain name community and other interested stakeholders together to collaborate on making the DNS safer, and we took an important step in that direction with the inaugural DNS Abuse Forum co-hosted by CircleID.

Efforts to combat DNS Abuse are not new.

Leaders came together in 2019 to publish a framework for the industry to address issues, and Public Interest Registry regularly updates its data on DNS Abuse within the .ORG domain name and its takedown efforts. But DNS Abuse forum panelists Ashley Heineman (GoDaddy), Jeff Bedser (iThreat), John Crain (ICANN), and Chris Lewis-Evans (UK National Crime Agency) forged a path for how the industry can be more effective.

For example, John Crain pointed out that malware and phishing tends to be campaign driven, which means the industry needs to be nimble and organized when it identifies these attacks. That requires greater collaboration.

Ashely Heineman noted that only a fraction of the DNS Abuse reports that GoDaddy receives are unique, evidenced, and actionable. Improving the quality of abuse reporting will enable Registries and Registrars to be more efficient with their time and efforts.

One of the challenges raised during the forum was the emergence of reusing domains for abuse. Chris Lewis-Evans pointed out how bad actors will utilize a domain, then park it to keep it under the radar, before deploying it again for phishing or spam emails. Sophisticated techniques are leading to an increase in the resale of victim data, which reinforces the need to combat bad actors.

Lewis-Evans also pointed out that the number of domains doesn’t equate to the level of harm attributable to abuse. He called for a greater emphasis on educational materials and awareness campaigns and wider and more standardized abuse reporting.

Jeff Bedser echoed that message, pointing out that the standardization of definitions and escalation paths as well as evidentiary standards are critical to combating abuse, especially reducing the “life cycle” of an abusive domain. He laid out a “best practice” scenario:

  • DNS abuse is reported
  • Abuse is well evidenced
  • Escalation path is followed to appropriate party for action
  • Mitigation occurs within a relatively short period of time
  • Victimization window is reduced

To achieve this best-case scenario will require a new level of collaboration. As a next step, the Institute will hold a follow-up forum later this spring focused on the overlap of civil society and intellectual property concerns with regard to DNS abuse.

The Institute welcomes all who want to join our effort to facilitate discussions, raise awareness, and create solutions. One way you can do that is by signing up for the DNS abuse newsletter at dnsabuseinstitute.org. Also, feel free to reach out to me directly via email: [email protected].

The domain community will never be able to rest when it comes to DNS Abuse.

What we can do is work together to develop, harmonize, and propagate best practices that create a safer, more responsible Internet. The Institute is committed to serving in a central role in these efforts.

By Graeme Bunton, Director, DNS Abuse Institute

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign


Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API