|
To the annoyance of some, surely, the issue of abuse in the domain name system (DNS) has been high on the list of critical issues in internet governance circles. Personally, in my more than 20 years of internet governance experience, tackling DNS abuse is one of the more important issues I’ve participated in and seen debated. Despite this intense scrutiny, common-sense solutions (such as contract improvements) have been so far elusive, even as they fall squarely within its ICANN’s remit.
At this stage, though, it’s curious as to how DNS abuse became a debatable subject, both in terms of its prevalence and its potential mitigation. It’s not as though anyone thinks it doesn’t exist at all. Phishing, pharming, botnets, malware, infringement, you name it—since the commercialization of the DNS, various types of abuses have sprouted, evolved, become entrenched, evolved further, and grown, all harming users and degrading trust in the internet ecosystem.
Disturbingly, in recent years, there’s been a bit of an information war in terms of the true extent of DNS abuse. In one camp are the few that tell us DNS abuse is abating. In the other camp is seemingly everyone else—technical authorities, security experts, authors of detailed studies, business associations and others, all producing data sets that counter the narrative that we don’t need to act with urgency against abuse.
Even if one were to cast aside the data, however, it would be tough to believe abuse isn’t a pressing matter. Within the ICANN sphere alone, we see numerous initiatives focused on DNS abuse:
So if DNS abuse isn’t really a problem, or if it’s receding, why are we all organizing to do something about it?
The fact is that DNS abuse is a problem, an evolving one, and while industry efforts are laudable, it’s beyond time for the next set of solutions.
At a cadence of every few months or so, we see publication of a new set of data or a study relating to DNS abuse. It’s been a maddening spectacle. One side says, “DNS abuse really is a problem, and it’s getting serious. Here’s some data to show how.” The other side says, “No it isn’t. Look at our data instead.”
In the interest of helping put the dispute to bed, here’s a quick overview from data by the Cybercrime Information Center—experts who know what they’re talking about—of the current status of abuse as it relates only to the insidiousness of phishing.
Between February and April 2022:
For the same period, the Center identified 116 domain registrars with a minimum of 30,000 domains under management and at least 25 reported phishing domains. In that sample:
On the registry side, the Center documents that most phishing continues to be concentrated in just a few TLDs. For the February-April period, 132 TLDs with a minimum of 30,000 delegated domains were found to have at least 25 reported phishing domains:
If that data isn’t persuasive, have a look at the Anti-Phishing Working Group’s (APWG) most recent quarterly trend report on phishing activity, which reported further growth in phishing activity. The update states that:
Many in the ICANN community fervently hope such data isn’t dismissed out of hand, as was the European Union’s recent comprehensive study on DNS abuse. Even if one were to try to counter the above with “alternative facts,” this is an opportunity for the community to collaborate instead of merely continuing to parry one another.
As pointed out in March, ICANN Org is in a position to help move the community forward on abuse mitigation. It’s been said ad nauseum, but the (applaudable) voluntary measures industry has advanced can go only so far in terms of dealing with bad actors and the parties that harbor their activity.
To do so, as we’ve heard repeatedly for years from ICANN’s Compliance staff and others, ICANN Org must update the Registrar Accreditation Agreement (RAA) and the Registry Agreement (RA) to shore up provisions that enable enforcement against the bad guys.
We’re overdue for an update to these contracts (which haven’t been revised for a decade) in order to give ICANN Org the ability to rid the DNS of a significant amount of abusive activity. After all, ICANN Org is the body that accredits registries and registrars and is charged with setting standards in furtherance of DNS health. To whom else could we possibly look for meaningful, fully reaching and impactful action against DNS abuse?
The argument for contract modernization in this area isn’t taken lightly. ICANN participants are well aware that contract updates can be disruptive to contracted parties, and thus don’t repeatedly insist on opening contracts for addressing pet issues. However, in this instance:
When is there a better time to act?
Some have suggested that DNS abuse mitigation must “be left to the community” to address. News flash: This IS the community coming forward. In an environment where no policy has been implemented for more than six years, and the “expedited” policy development process on WHOIS data has dragged on for more than four, a tar pit of endless study, process, and debate will not suffice. The community—and the health of the DNS—deserve far more than that.
DNS abuse is all over the agenda at the ICANN74 meeting next week in The Hague. Hopefully, this time around, good faith efforts to collaborate against this frustratingly persistent problem will prevail and lead to concrete action.
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com