Home / Blogs

DNS Abuse: A Litmus Test for ICANN

For a long time, arguments about the meaning of “DNS Abuse” prevented fruitful discussions within the ICANN community on when and how it is appropriate to act at the level of the DNS to address abuses online. The proposed amendments to RA and RAA agreements represent a significant and welcomed step in the right direction. As Secretariat of the Internet & Jurisdiction Policy Network (I&JPN), we strongly encourage their adoption, as this will constitute a litmus test for the capacity of the multistakeholder approach to enacting meaningful binding rules. They indeed clarify very important points through concise and balanced formulations, including:

A clarified scope and definition

The amendments define DNS abuse as: malware, botnets, phishing, pharming, and spam (when used as a delivery mechanism), clearly distinguishing such abuses from other, content-related ones. This list, introduced in I&JPN’s Operational Approaches in 2019, was enshrined in 2021 within SAC 115 with detailed definitions. This provides a useful operational scope, focusing on abuses of high importance and where action at the level of the DNS is the most justifiable.

Confirmation of reporting

An obligation to provide confirmation of receipt of an abuse report is introduced in the gTLD Registry Agreement. This was a longstanding request and represents a simple measure that will reduce uncertainty for notifiers and build trust. Note: this provision is not yet included in the parallel agreement for Registrars. This might be considered as a useful addition.

Actionable evidence

Too many abuse reports are ill-formed, incomplete or otherwise not actionable. The expression “actionable evidence” in the amendments highlights the importance of providing sufficient information for DNS operators to evaluate, without an excessive burden, the opportunity to act and choose the appropriate action. The list of minimum components of notices developed by I&JPN’s Domains Contact Group can provide useful guidelines in that regard.

Appropriate action

DNS operators have only 5 ways to act on a domain name under their purview, and there are often misunderstandings regarding their effect and impact on abuse mitigation. Choosing the right action is an important decision, and the amendments rightfully anticipate that this “may vary according to the circumstances of each case, taking into account the severity of the harm from the DNS Abuse and the possibility of associated collateral damage.” This flexibility is necessary to account for the general bluntness of action at the DNS level.

Actions that are reasonably necessary

This expression elegantly enshrines the dual objective of necessity and proportionality, in line with point 4) above.

Must promptly take mitigation action

This provision rightly stresses that time is of the essence when mitigating DNS Abuse. But most importantly, it establishes, for the first time, an obligation to act when actionable evidence has been provided. This usefully sets a strong, actionable basis for ICANN’s compliance mechanisms and establishes a baseline standard of behavior to reduce the free-riding of some actors that still harms the community’s reputation.

Use of webforms

This apparently minor change has a significant positive potential to improve the notification and mitigation workflow. Webforms can reduce the risk of abusive reporting that mere email addresses entail, ensure the production of better-documented notices, and pave the way to more automated notification (but not decision-making) processes. In that regard, the NetBeacon reporting tool developed by the DNS Abuse Institute (in cooperation with CleanDNS) already provides a useful, centralized reporting interface that could, in the future, help smaller operators implement such web forms without the burden of the related development costs.

Registry-registrar interactions

Finally, the combination of the two proposed amendments clarifies the respective responsibilities of registries and registrars, as the Registry shall, at minimum, refer the notified abuse (with relevant evidence) to the sponsoring Registrar or take action itself when it deems it appropriate.

The I&JPN Secretariat is pleased that the 5 years of work in its Domains & Jurisdiction Contact Group helped pave the way for the initiative to develop these balanced amendments, which represent a significant achievement. We strongly encourage contracted parties to adopt them, as this represents a litmus test for ICANN’s capacity to enact meaningful binding rules in the public interest.

Failure to achieve sufficient support would, in a context of renewed regulatory pressure regarding abuses online, feed into a narrative that the multistakeholder approach is unable to impose on irresponsible actors any constraint, however necessary and proportionate.

Conversely, adoption of these amendments will send a strong signal both within the ICANN Community and outside of it that DNS operators are ready to fully fulfill their specific responsibilities in the collective effort to address DNS Abuse. It also will demonstrate the capacity of ICANN to achieve progress on a contentious issue.

By Bertrand de La Chapelle, Executive Director, Internet & Jurisdiction Policy Network

See more about the project here.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC