Home / Blogs

Trusted Notifier Arrangements Require Trust: Why Unpacking Misunderstandings Around Trusted Notifiers Is Important for Dealing With DNS-related Abuse

Domain Name System (DNS) Operators (Registries and Registrars) receive notices asking them to take action on a wide range of alleged technical and content-related abuses. However, there is a fundamental question of when it is appropriate to act at the DNS level and the evaluation of whether the alleged abuse meets a sufficient threshold for action at the DNS level. Additionally, given the volume of abuses occurring on the internet, existing resources, mechanisms, and protocols available in-house to Operators are in many cases insufficient to address abuses in a timely fashion.

Notifiers are entities alerting registries and registrars about online abuses. They can play an important role in the promotion of trust in online services and content. Yet, the frequently used concept of “Trusted Notifiers” covers two very different situations:

  1. A governmental authority can designate one or more notifiers as authorized by law to make notifications and formally compel action by third parties on a specific issue. This model is envisaged, for instance, in the US for the recently proposed Domain Reform for Unlawful Drug Sellers (the “Drugs Act”), which would require DNS Operators to lock and suspend domain names associated with illegal drugs sales. The Act’s provisions clearly detail a mandatory “notice and takedown” approach which would not actually depend on any level of trust between a Notifier and DNS Operator, just the accreditation of the Notifier.
  2. A more apt use of the expression “Trusted Notifier” covers formal agreements between a self-established Notifier and individual DNS Operators. Such “Trusted Notifier Arrangements” are the focus of a recently released document developed by the Domains & Jurisdiction Program of the Internet & Jurisdiction Policy Network (I&JPN): “Trusted Notifiers: Typology and Framework Document”.

Trusted Notifier Arrangements require trust. If that seems like an axiomatic statement, it’s because it is. The conclusion of such Arrangements is premised upon voluntary engagement between DNS Operators and Notifiers and characterized by mutual affirmations of commitments.

Recognizing that Trusted Notifier Arrangements come in many shapes and sizes, it is useful to attempt to frame a better understanding of the attributes and components of such relationships and how they may best be used to mitigate online abuses. Within the DNS, Trusted Notifier arrangements may arise between, on the one hand, a Notifier with expertise in particular kinds of technical abuse (i.e. phishing, pharming, malware, botnets and spam when used as a delivery mechanism for any of the former) or content-related abuse, and on the other hand DNS Operators.

In the case of content-related abuses, many DNS Operators lack the subject-matter competencies and resources to identify, evaluate and verify the alleged abuse. In addition, in some cases, owing to prohibitions against distributing certain forms of illegal content, it may be illegal for Operators to try to verify certain types of allegedly abusive content (e.g. Child Sexual Abuse Imagery). And, of course, a seminal consideration is whether local law permits Operators to engage in trusted notifier arrangements, especially where local regulatory and enforcement authority to address a given form of abuse already exists and is exclusive to a given entity, as often is the case with some ccTLD Operators.

Where Trusted Notifier arrangements are permissible under local law and consistent with the Operator’s terms of service, the decision to enter into such arrangements is discretionary and depends on a host of considerations that may establish trust and thus a willingness to engage: these include the Notifier’s subject matter expertise, its reporting accuracy, the scope of its jurisdictional competency, and liability concerns, among others. In such Arrangements, Notifiers may seek commitments from Operators as to how and when notices will be prioritized, addressed and evaluated and whether and when the Operator will provide notice to affected parties or publicly disclose the existence of the Trusted Notifier arrangement. In addition, in an effort to build and maintain trust with third parties, both Notifiers and Operators may wish to consider transparency reporting and whether to afford dispute resolution mechanisms to aggrieved parties.

These considerations are developed in the aforementioned I&JPN “Trusted Notifiers: Typology and Framework Document.” As the title suggests, the document identifies different types of Trusted Notifiers and catalogs the attributes of such a relationship. Secondly, the document provides a set of components and areas of consideration to inform the conclusion of formal trusted notifier arrangements.

The document recognizes that there is no “one size fits all” approach to such arrangements. Yet, by creating a common understanding of the term Trusted Notifier and documenting elements for consideration and inclusion in potential formal arrangements, the Internet & Jurisdiction Policy Network hopes to provide both Operators and aspiring Trusted Notifiers with a clearer shared frame of reference when dealing with DNS Abuse.

By Elizabeth Behsudi, Director of the Domains & Jurisdiction Program at Internet & Jurisdiction Policy

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC