Abusive behavior that leverages the domain name system (DNS) continues to be a problem,¹ with a reach that has been widely and credibly documented.² There is little doubt that bad actors continue to use the DNS for nefarious and costly purposes. While the amendments made in 2024 to ICANN’s Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) were a step in the right direction, more advanced tools are needed to bring abuse rates down.

Notably, developments in the European Union have once again outpaced ICANN’s contracts, with the EU Network and Information Security Directive (NIS2) Guidelines³ directly addressing elements of DNS abuse. ICANN should apply these new security standards across the globe to protect the public from the harms resulting from DNS abuse. The domain industry has a short window to upgrade the RA and RAA before it risks additional governmental intervention.⁴

Approaching opportunity via the new gTLD program

Some will recall the 2012-2013 time period as one that was extraordinarily busy for all involved in ICANN:

• The RAA was comprehensively renegotiated, resulting in almost 100 amendments dealing with a wide variety of concerns;
• The new gTLD program was rapidly unfolding with more than 1,900 gTLD applications, challenging the community and ICANN Org to “get it right” as managers of the largest expansion of the internet’s namespace to date; and
• ICANN Org, registries, registrars, and the community worked collaboratively to align contractual provisions with the needs of the latter during the run-up to the launch of new gTLDs, ensuring that registries and registrars were fully equipped to responsibly handle gTLD expansion and minimize the associated levels of DNS abuse.

It’s been a long decade since, but today, we face a similar opportunity to move the DNS further toward stability and security. As the new round of gTLD applications approach—more than ten years after the last round—we should seize the chance now to revamp these agreements to advance the ongoing fight against DNS abuse and other harms.

What about the 2024 updates to the RAA?

While ICANN Org smoothly and professionally gathered and represented the community’s concerns in the 2013 round of contractual updates, it missed the mark in its handling of the 2024 amendments.

Specifically, ICANN Org did not—as it had done so thoroughly before—engage in meaningful and good faith dialogue with the community prior to commencing negotiations. Nor did ICANN Org, other than when it staged a cursory comment period (where it took on exactly none of the community’s additional input)⁵, do much to negotiate anything beyond what contracted parties themselves sought from amendments. This shortcoming is of concern to the many other stakeholder groups, advisory committees and constituencies that make up the ICANN multistakeholder model.

We hope for much broader engagement from all going forward.

What a good faith, productive collaboration would look like

In terms of process, one can harken back to the 2013 RAA improvements.

Importantly, transparency was a hallmark of the process. Along the negotiation road, ICANN Org kept the community in the loop. There were dozens of consultations, ranging from public comment periods to in-person updates to a dedicated wiki page for community interaction. The community was respected as a collaborator in the process.

ICANN Org should follow this precedent. No one expects or requests a role in the negotiating process itself; however, the community deserves a voice in matters of public interest such as this.

There are previously established standards for such a request. In the instance of the RAA:

• The agreement was successfully renegotiated in 2009 to include a number of community-based suggestions;
• Less than two years following the 2009 renegotiation, the RAA—due to wide-ranging community input and ICANN Org responsiveness—was subject to a new round of far more extensive negotiation;
• During that 18-month (2011-2013) negotiation period, successive RAA drafts were subject to numerous postings and community updates, including community exchanges at every public ICANN meeting over that span of time;
• Information on the progression of the negotiations, including previously released updates and documentation, was made available to the community via wiki; and
• Proposed updates were subject to two rounds each of formal public comment.

In the instance of the RA (both the base agreement and individual gTLD contracts):

• The public had significant input, including two rounds of formal public comment (both in 2013 alone);
• Each time a gTLD Registry Agreement approaches its renewal, ICANN historically has provided the community with the opportunity to comment on terms of the renewal and/or changes to the contract; and
• As was the case with the RAA, the base RA was the subject of extensive Governmental Advisory Committee (GAC) advice, including the Beijing Communique.

The above is a non-exhaustive list of various community inputs and serves as a reminder to ICANN Org’s then commitment to partnering with the community to ensure important priorities were reflected in final agreements.

What the community could seek in updates

The community recognizes that there exists now an inflection point within the ICANN sphere, one that has begun to favor productivity and results after years of stagnation. With a new CEO joining ICANN Org, it is the hope of many that this translates as well to real and far-reaching results on the issue of DNS abuse, and not merely is a box to be checked.

In terms of useful tools for pushing back on DNS abuse, the following would be useful tools:

• The ability to act at scale (e.g., at the registrar account level), not just keep playing whack-a-mole;
• Employment of risk-based procedures, as recommended by the NIS Cooperation Group, to either verify registrant identity or to identify, suspend or deactivate suspicious domains;
• Evolve the definition of DNS abuse to include “impostor” domains, such as those that mimic famous and well-known brands and actions associated with them (e.g., “login”, “security”, etc.);
• A clearly stated prohibition against child sexual abuse material (CSAM);
• An affirmative duty for registries and registrars to mitigate maliciously registered domain names (rather than simply forwarding the request downstream to hosting providers);
• Documentation to the reporter of abuse of steps taken to mitigate;
• Improvement of response timeframes to match the urgency of DNS threat vectors and an improved time to resolution;
• Better empowerment of ICANN Compliance to proactively deal with egregious outliers;
• Not merely enforcement, but helpful guidance to the contracted party community
• Remediation action from Compliance upon inaction from non-compliant contracted parties
• Requiring registration data reveals in instances of abuse, particularly in cases where it occurs at scale.

These are just a few of the improvements that would demonstrate ICANN Org’s commitment to partnering with the broader community to ensure important priorities were reflected in agreements.

The community stands ready to contribute productively and in good faith to this important initiative.