I spent 18 years in the domain management and brand protection industry, most of that time leading operations across East Asia for CSC Digital Brand Services. In that role, I sat on both sides of the table—advising brands on how to fight online abuse, and working directly with registries, registrars, hosting providers, and platforms to get that abuse resolved. What I saw, over and over again, was a system where everyone was frustrated, everyone was losing, and the fundamental incentive structure was working against the very outcome we were all trying to achieve. The Trusted Notifier Network (TNN) is my answer to that problem—a not-for-profit built to fix what I believe is the root cause of why online abuse resolution remains so broken. This article is the first in a series explaining the core concepts behind TNN.

For as long as I’ve been in this industry, the dominant framework for addressing DNS abuse and online abuse has been “social responsibility.” At ICANN meetings, in policy working groups, and across industry forums, the conversation almost always centres on the same questions: Who is socially responsible for addressing abuse? What are the boundaries of that responsibility? And how much can we reasonably expect from each party?

It sounds logical and fair; but in our practical experience, it doesn’t work as internet intermediaries are mostly private commercial entities with practical legal and commercial constraints.

Why Social Responsibility Fails as a Framework

The problem with framing online abuse through social responsibility is that it turns every abuse case into a jurisdictional argument. Online abuse is full of grey areas—cases that don’t fit neatly into any single category, cases where the line between legitimate commercial activity and abuse is blurry, cases where one intermediary can plausibly argue that another intermediary in the chain should be handling it. When the framework is built around defining responsibility, every participant in the ecosystem has an incentive to define it as narrowly as possible and push it to someone else.

Social responsibility also has a hard ceiling: cost. Internet intermediaries—registries, registrars, hosting providers, platforms—are privately owned, for-profit organisations. There is no scenario in which their responsibility to address abuse can be unlimited. At some point, the cost of evaluating and acting on notices exceeds what any rational business can absorb. And when that happens, the system doesn’t just slow down. It breaks.

I believe there is a better way to understand the problem.

Online Abuse as Unfair Cost Transfer

Rather than asking who is “responsible” for abuse, we should ask: who is bearing the cost—and is that distribution fair? Every act of online abuse—phishing, brand infringement, scam—creates a cost. That cost originates with the abuser, but by their very action, it is immediately transferred to the victim. A bank targeted by phishing attacks doesn’t just lose money to fraud. It absorbs the operational cost of detection, response, customer communication, and reputational damage. A brand owner dealing with hundreds of infringing domains every month faces the same relentless burden. Most victims do not have the in-house expertise or resources to handle this at scale. So they transfer the cost to service providers—brand protection firms, anti-phishing specialists, cybersecurity companies, law firms. Let’s call them what they are in this context: Commercial Notifiers. These are the entities that aggregate abuse cases from multiple clients, prepare takedown notices, and submit them to Internet intermediaries.

This is where things go wrong.

The Commercial Notifier Problem

Commercial Notifiers are under the same cost pressure as everyone else. They need to manage hundreds or thousands of cases efficiently. To do so, they increasingly rely on automated detection and templated notices. They are also commercially aligned with their own clients—the brands—and their primary interest is to remove any content their client deems harmful.

Here is the critical structural flaw: under the current system, there is no control mechanism and no negative consequence for a Commercial Notifier that pushes through notices of questionable validity. Consider this scenario: a Commercial Notifier detects 1,000 cases of potential abuse on behalf of a bank. They know that 100 of those cases don’t fit the accepted definition of DNS abuse—perhaps they’re grey-area cases, or cases where the evidence is thin. Under the current system, all 1,000 cases are likely to be reported to every intermediary in the chain, as often as the automated system is configured to send them. There is no penalty for the 100 bad notices. There is no consequence for flooding the system.

Through this process—automated, templated, and commercially motivated—the Commercial Notifier transfers their cost downstream to the Internet intermediaries.

The Intermediary as Last Bearer of Cost

“This means the full evaluation cost of notice validity lands squarely on the intermediary. Registries, registrars, hosting providers, and platforms must spend increasing amounts of money and human resources to review every notice, assess its merit, and decide whether to act. The volume only grows. There is no apparent end to it. Worse still, Internet intermediaries are the last bearers of cost in this chain. There is no one left to pass the cost to. And the intermediary is not simply evaluating—they are acting on their own authority. If they take down a domain or suspend a service based on a bad notice, they are exposed to legal liability. As the online abuse landscape grows more complex and regulatory frameworks like the DMCA, the EU Digital Services Act, and the UK Online Safety Act impose new obligations, this legal risk only increases.

In our conversations with intermediaries across the industry, we’ve heard the same sentiment again and again: the cost and risk have become so unsustainable that many would rather governments step in and regulate directly—even if it means abandoning the principles of multistakeholder governance that the Internet was built on. That should alarm everyone in this community.

Tightening Policy as a Survival Mechanism

Faced with this pressure, intermediaries have a rational but damaging response: tighten policy, narrow definitions, raise evidence thresholds. The narrower the definition of abuse, the fewer cases they are “socially responsible” for handling. The tighter the process, the easier to manage internal workflow and cost.

This is not negligence; it’s practical business survival, which creates severe consequences. Grey-area abuse cases—the ones cybercriminals are increasingly skilled at exploiting—go unaddressed. Resolution is delayed. Abusers learn to operate just outside the boundaries of narrowly defined policies.

The cost doesn’t disappear; ultimately, it transfers one final time—into society. Citizens fall victim to successful scams; brand owners watch their customers get phished, and consumers lose trust in online commerce. The final step in this cycle is that governments must conclude that the multistakeholder models are flawed and they must save the day through local regulation. The cost that started with the abuser has now completed a full circuit, landing on the society and the weakening of multistakholder governance.

How TNN Changes This

The Trusted Notifier Network was built to break this cycle. Here is how:

1. Define and enforce who can be trusted

TNN creates a formal qualification framework for who can submit notices through the network. Not everyone qualifies. Trusted Notifiers must demonstrate subject matter expertise, procedural due diligence, and a sustained accuracy record. Critically, there are real consequences for failing to uphold that standard—probation, suspension, or permanent removal from the network. More on our qualification policy in a subsequent post.

2. Reduce the evaluation cost for intermediaries

I once spoke to an industry friend who warned me that saying TNN wants to reduce the cost for Internet intermediaries might be controversial—that some may object. However, I would insist that reducing the cost for Internet intermediaries must remain our mission and goal. We must state it explicitly and unashamedly. Fortune Business Insights estimated that the global anti-phishing protection market was $2.84 billion in 2025. If that’s the case, why are we not feeling the money pouring in? It is because there are two distinct groups of companies investing in DNS abuse mitigation. One group is flooded with resources but unable to solve any problem in practice—they are the service providers and brands. The other is poor in resources but is the only party able to actually remove abuse—the Internet intermediaries, who can only afford to spend a percentage of their profits on anti-abuse operations. This is what causes the “unfairness” in the cost transfer model described above. TNN intends to bridge the gap between these two funding groups by enabling the funds available in the brands and service provider group to flow into the Internet intermediaries group, so that the ecosystem becomes healthier. I can envision a number of ways this could happen, but we need to test them as TNN’s funding model matures. One example: as trust is established and only qualified notices pass through TNN, the evaluation burden on intermediaries begins to reduce. They no longer need to independently assess the credibility of every notice from every source—TNN has already done that work upstream. This reduction won’t happen overnight. Trust takes time to build. But it cannot begin at all unless the framework of trust is established first.

3. Prioritised review in return for trustworthy notices

In return for verified, indemnified, and accurate notices, we ask intermediaries for one thing: prioritise the review of notices received through TNN, consistent with the principle set out in the EU’s framework for trusted flaggers—treating them as a matter of priority with an appropriate degree of confidence as to their accuracy.

4. The reversal of commercial best interest - the true control mechanism

This is the key insight. The benefit of prioritised review, if enough intermediaries participate, it will generates something that does not exist in the current system: a reversal of commercial best interest that becomes the true trust control mechanism.

With TNN and the backing of participating intermediaries, the commercial best interest of a Trusted Notifier shifts fundamentally. Their priority is no longer just to satisfy their client—it is to remain within the network and maintain their qualification. If they lose their trusted status, they don’t lose just one client. They risk losing their entire client base, because no brand wants to work with a provider that has been excluded from the only channel that guarantees prioritised treatment.

It is also in the brand’s best interest. Ultimately, what brand owners want is for abuse to be resolved quickly and effectively. If a trusted provider delivers faster resolution through TNN, switching to a non-trusted provider means slower outcomes.

Now return to the scenario of 1,000 cases, where 100 are not legitimate DNS abuse. Under TNN, none of the actors in the chain—not the brand, not the Commercial Notifier, not the intermediary—has any interest in pushing through the 100 wrongful notices. The brand doesn’t want to jeopardise its provider’s trusted status. The provider doesn’t want to risk its qualification. The intermediary doesn’t have to waste resources evaluating notices that shouldn’t have been sent. Commercial interests are aligned for the first time.

5. Passing the cost back to where it belongs

With the evaluation cost reduced for intermediaries, they pass on savings to TNN in the form of cooperation and prioritised response. TNN transforms this into an effective takedown process and passes the benefit to Trusted Notifiers and their brand clients in the form of faster resolution and reduced harm. Ultimately, the cost is transferred back to where it should have always ended up: with the abuser, whose attacks are now short-lived and yield no return on investment.

The VINA Framework: Operationalising Trust

To make all of this work, every notice that passes through TNN must satisfy four non-negotiable criteria—what we call the VINA Framework:

Verified—the abuse is independently confirmed with the identified victim or brand owner before submission. Indemnified—full legal indemnity is obtained from the victim and passed through to the intermediary, protecting them if they act. Non-Automated—every notice is human-reviewed. Fully automated notice generation is excluded from the network. Accurate—Trusted Notifiers must maintain an ongoing accuracy rate of 98% or higher. Fall below that, and you face consequences.

VINA is not a quality suggestion. It is the operational backbone of the trust framework that makes the commercial realignment possible.

In the next article in this series, I’ll go deeper into TNN’s 2nd core concept—building a chain of indemnity to lower the legal risks for Internet intermediaries.