Home / Blogs

Achieving Multi-Stakeholder Progress on DNS Abuse

Co-authored by Bertrand de La Chapelle, Executive Director and Ajith Francis, Director, Policy Programs at Internet & Jurisdiction Policy Network.

For the last six years, the Internet & Jurisdiction Policy Network and its dedicated Contact Group on DNS abuse has informed conversations and steered progress on this topic.

DNS Abuse and how to address it has been the topic of intense, often conflictual, and rarely conclusive discussions for many years, starting with the very definition of the term and the degree of responsibility bestowed upon DNS operators.

In 2018, after several months of intersessional work, the Internet & Jurisdiction Global Conference brought together in Ottawa more than 200 key stakeholders to define a roadmap to address certain jurisdictional challenges on the Internet, including DNS abuse. What resulted was the formulation of a common objective of identifying under which conditions an action at the level of the DNS without the consent of the registrant may be envisaged. This objective also included the documentation of what actions DNS Operators may be willing to exercise, of rules and procedures to enhance the credibility of notifiers’ notices, and improving transparency of such processes.

Since the conference, a group of 50+ actors spanning DNS Operators, government and law enforcement representatives, civil society and academia have come together on a yearly basis to conceptually frame and define DNS abuse, as well as develop concrete and operational solutions towards the common objectives defined in Ottawa.

In this period, the Policy Network has made significant progress towards the goals it set out with, while also drawing many lessons regarding the operational management of such a multi-year, multi-stakeholder process. In this blog, we would like to celebrate the commitment and progress of the members of the multi-stakeholder Contact Group, explore a few of their contributions to the conversation on DNS abuse, as well as draw key lessons from the last five years and identify areas where further cooperation is sorely needed.

Key Contributions to the Conversation on DNS Abuse

DNS Abuse Definitions1

Clarifying DNS abuse definitions might be perceived as a very basic and not a significant accomplishment. Yet these definitions, developed by a neutral and multi-stakeholder process and drawing upon a small but representative group of actors from the DNS space, have since then become a cornerstone of policy and operational discussions on DNS abuse in many fora. They, in turn, allowed a group of actors wanting to do the right thing to push ahead, on a voluntary basis, to collectively agree on what is within the remit of remediating DNS abuse and make significant strides in their mitigation. These DNS abuse definitions have:

  • become a foundation for many subsequent external actions and processes, including the DNS Abuse Framework put out by leading DNS Registries and Registrars to combat abuse.
  • allowed for conversations within the ICANN environment to clearly differentiate between technical abuse and content abuse and make progress on the remediation of technical abuse.
  • initiated a conversation on what the minimum contractual threshold could be for Registries and Registrars, in their accreditation agreements, regarding evaluation and investigation of such technical abuse.
Operational Outcomes

The Contact Group has, over the last four years, developed more than 15 Outcomes that address coordination and cooperation challenges between actors as well as the information asymmetry between notifiers and DNS Operators. In particular, the Contact Group produced three key pieces of Outcomes that are of particular relevance for the DNS community:

  1. DNS Operators’ Decision-Making Guide to Address Technical Abuse (Ref: 20-108)
  2. DNS-Level Action to Address Technical Abuse: Due Diligence Guide for Notifiers (REF: 20-113)
  3. Addressing Phishing and Malware: A Procedural Workflow (REF: 20-115)
DNS Abuse Institute & Net Beacon

The goal of the work of the Policy Network, and the Contact Group in particular, is to identify common consensus-based approaches, principles and frameworks for cooperation and coordination in addressing DNS abuse. However, the I&J Secretariat has neither the ability nor the intent to implement or operationalize the policy outcomes that the Contact Group develops. It was, therefore, particularly welcome news when the conversations in the Contact Group, and the policy outcomes it developed, directly seeded the creation of the DNS Abuse Institute by a few of the Contact Group Members and their respective entities.

The Institute then developed Net Beacon, an abuse reporting tool, which allows notifiers to route notifications for specific types of DNS abuse to the appropriate actor(s) that can act on such abuse. It is the first of its kind centralized reporting tool for DNS abuse and was modeled on the multi-stakeholder outcome that provided a blueprint for such a centralized abuse reporting interface2.

Lessons From a Multi-Year Multi-Stakeholder Process

Over the last six years, the Policy Network has strived to bring together key actors from six stakeholder groups around the same table with the aim of defining a collective vision and identifying areas for cooperation. In this process, exhaustivity of all relevant actors was neither the goal nor the intention. Instead, the focus was to bring together a representative group of actors into a voluntary process underpinned by the ethos of responsible behavior.

None of these outcomes would have been possible without the continued engagement of this core set of actors as part of the Contact Group. Nor would these outcomes have achieved the legitimacy that they command without an on-going and collective process that started from objective-setting to incrementally developing policy solutions.

The philosophy with which the Secretariat has engaged and brought together the Contact Group is simple: progress can only be achieved when stakeholders that have the power to act and those that are impacted come together to jointly identify solutions. Underlying the implementation of this philosophy was also the significant effort to build trust within the Contact Group as a safe space for constructive, and sometimes difficult, discussions. The first three years of the working of the Contact Group focussed on creating such a framework of trust before moving to the production of concrete outcomes.

Given the width and scale of an issue like DNS abuse, it is clear that no single entity or process can address and solve the problem in its entirety. The Contact Group addressed DNS abuse by breaking it down into meaningful chunks—from DNS abuse definitions, to progressively focussing on elements concerning the identification and notification of abuse, and elements concerning the evaluation and due diligence processes. The need of the hour is for a plurality of additional and voluntary multi-stakeholder processes that address the different challenges from diverse lenses. Such processes definitely improve and feed the conversations in formal fora like ICANN.

Way Forward

While the work of the Contact Group has influenced and helped move the needle on many elements concerning DNS abuse, other issues also increasingly require multi-stakeholder attention. In particular, the DNS abuse definitions drew a conscious distinction between technical abuse and content-related abuse. There is widespread consensus that technical abuse falls within the purview of DNS Operators and on which actions are merited to remediate such abuse. This distinction between the two types of abuse allowed conversation within the Contact Group to progress on identifying criteria and frameworks for the identification, evaluation and action on such technical abuse.

Yet, regulatory discourse and initiatives around the world are increasingly focussing on the need to tackle illegal and harmful online content, including, at times, through the DNS. For example, a recent study on DNS abuse commissioned by the European Commission identified the role of DNS Operators in remediating illegal activity on the Internet. Given the nature of the DNS, it is clear that it is not the natural or the recommended tool to address such abuses. However, there are exceptional situations and circumstances that may require intervention at the DNS to remediate certain types of abusive content. This raises important questions pertaining to the proportionality of acting at the DNS, the jurisdictional and normative challenges with regards to illegality of content, and thresholds for when it may be appropriate to act at the DNS. Based on these questions, there are two distinct avenues where multi-stakeholder processes like I&JPN have a role to play:

  • Informing the regulatory debate on the technical limitations and legal challenges of DNS level action to address content abuse; and
  • Identifying a set of criteria to qualify such exceptions and thresholds for action, including international normative convergence, trusted notifiers etc.

While this is a topic that the Contact Group will address in the coming months, we are undertaking a cautious approach to the topic with the intention of doing right by the stakeholders and the global internet community. The goal of this work is not to legitimize the DNS as a tool for remediating content abuse, but to provide a multi-stakeholder framing on why acting on content abuse is not recommended at the DNS level, and to clarify the roles and responsibilities across the different actors and identification of the appropriate channels and actors for such types of abuse.

The topic of content-related abuse and DNS is complicated. It is at the intersection of global access to information, a plurality of normative sources, and a diversity of cultural sensitivities. It requires a measured approach that can balance the different perspectives and can bring an element of nuance to the different types of abusive content and their individualized treatment.

By Ajith Francis, Director, Policy Programs at Internet & Jurisdiction Policy Network

Filed Under


Mark Datysgeld  –  Nov 19, 2022 1:40 PM

Mr. Francis, I would like to recommend the reading of the GNSO Council’s Small Team on DNS Abuse final report, which points towards actions that will take place within the ICANN context in the coming years: https://gnso.icann.org/sites/default/files/policy/2022/correspondence/dns-abuse-small-team-to-gnso-council-07oct22-en.pdf

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com