It was not without a little trepidation that I planned the 2nd DNS Abuse Institute Forum to focus on the long-standing and often contentious definitional issues surrounding DNS Abuse. While the risk of getting stuck in the usual entrenched positions was real, it seemed to me that we had an opportunity to provide some clarity and if not change minds, at least provide perspective.

To accomplish this, it seemed important to move the conversation away from the abstract and to focus on real examples of abuse. The goal of these examples was to make clear what abuse looked like in practice, what evidence is often available, and on what basis would a Registry or Registrar need or have the ability to make a choice. Our panelists, Maciej Korczynski, Farzaneh Badiei, and Mason Cole did an exceptional, and entertaining, job of walking us through their perspectives.

Maciej Korczynski, an Assistant Professor at the University of Grenoble in France, and recent appointee to the DNS Abuse Institute’s Advisory Council, started the panel with a deep dive on DNS Abuse. Maciej raised a number of key points often missing from discussions of DNS Abuse. First, that mitigation needs to involve more than just the Registrar or Registry, but also the hosting provider or other involved internet infrastructure providers. Another key insight from Maciej’s presentation was the distinction between maliciously registered domain names and sites that have been compromised. From his research, it appears that a substantial number of domains involved in DNS Abuse, more than half of the domains involved in malware distribution, were attached to compromised websites. The implication of this distinction is that intermediaries like Registries and Registrars should employ different approaches to mitigation appropriate to the type of harm and whether the registration appears to be malicious or if it is tied to a compromised site.

Mason Cole, Internet Governance Advisor at Perkin Coie and current chair of the ICANN Business Constituency, walked us through some of the approaches to defining DNS Abuse, highlighting the deficiencies of a categorical approach and that an increasing number of stakeholders have concerns. Mason proposed an alternative approach to the definition, that rather than attempt to define the harm by the method used, we instead focus on the harms themselves.

Farzaneh Badiei, Director of the Social Media Governance Initiative at Yale Law School, provided an interesting, and unexpectedly hilarious, framework for assessing harms.

Farzaneh put online harms into four categories, a) abuse of the DNS protocol Infrastructure itself, b) using the DNS protocol to abuse a network, c) abuse through registration of domain names, and d) registration of domain names to carry out socially undesirable activities. Farzaneh also argued that a categorical definition of DNS abuse doesn’t help us identify the relevant actors for mitigation. I strongly recommend watching Farzanehs intervention, if only for her choice of examples.

Overall, the panelists and our discussion was excellent, and it raised some interesting issues for the DNS Abuse Institute to ponder. All of the panelists highlighted that addressing abuse can’t happen only at the Registry or Registrar level. While the DNS industry needs to work together, we also need to build stronger, coordinated connections with hosting and cloud providers, as well as with the numbering and ISP communities. The Institute has begun some work in this area, and will continue to find opportunities for collaboration.

Relatedly, it seems that the complexity of harm requires a diversity of responses, even from Registrars and Registries with their limited tools. This could be, for example, identifying ways to ensure rapid action on domains involved in bank phishing or botnets. It could also mean delaying action where the site appears to be compromised and attempting to contact Registrants, webmasters or hosts, and only preventing domains from resolving where those efforts have failed.

Moving Forward

The DNS Abuse Institute needs to ensure its definition of abuse is in line with those of Registrars and Registries and doesn’t have any immediate plans to push for a new standard. However, these definitional discussions have highlighted different ways of thinking about these problems, like working backwards from the harm itself, or by examining what infrastructure is in play. These approaches provide hints that less categorical, and more sophisticated definitions are likely to be more flexible and potentially quite useful in addressing complicated and diverse types of abuse.

If you haven’t, please sign up for the DNS Abuse Institute’s Newsletter at dnsabuseinstitute.org for regular news and insights on this topic.