ICANN71 and DNS Abuse

Blog 17-06-2021

So-called “DNS Abuse” continues to be the prevalent cross-cutting issue across the ICANN universe. Discussions on the need to consider public interests when it comes to the numerous on-going policy development processes, along with the question of ICANN’s role in the multistakeholder ecosystem seems to be driven by the pressing issue of the darkened WHOIS post-GDPR, and as a result the inability of law enforcement and other third parties to address DNS abuse in an effective and timely manner. Let’s try to dissect this complex issue by looking into the challenges for the ICANN community to move forward.


First of all, what is DNS abuse? It seems that different ICANN constituencies have different meanings of this notion. In 2018 the Competition, Consumer Trust, and Consumer Choice Review Team suggested that DNS abuse can be defined as “intentionally deceptive, conniving, or unsolicited activities that actively make use of the DNS and/or the procedures used to register domain names”. On the other hand, ICANN contracts prohibit registrants from engaging in activities such as the distribution of malware, botnets, phishing or intellectual property infringements. Contracted Parties (gTLD registries and registrars) have limited the definition to harmful activities involving the DNS, such as malware, botnets, phishing, pharming and spam as a delivery mechanism for other forms of DNS abuse. These limitations are based on the cases when registries and registrars should be able to act without seeking additional competence, like judging what can be considered an IP infringement.

Yet, there is no definite answer on what DNS abuse is or whether the aforementioned practices can or even should always be attributed to the technical layer of the internet.


While there is no defining notion of what DNS abuse is, the facts and data presented to different constituencies keep pouring in to justify the ‘urgency’ to address it, before reaching any agreement on what to measure in the first place. During the GAC session on DNS Abuse Mitigation at ICANN71, the Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Anti-Phishing Working Group (APWG) presented their latest report from June 2021. The report was based on a survey of “cyber investigators and anti-abuse service providers” on ICANN’s application of the GDPR and how it has impacted “anti-abuse work”. According to the results of this survey, the many use cases of WHOIS are affected, and only 2.2% of the respondents think that ICANN’s policy implementing the GDPR is working when it comes to access to registration data. The underlying conclusion of these findings is that non-publicly available WHOIS precludes addressing cybercrime online.

DNS abuse is increasingly being associated with everything that can be wrong on the internet (i.e. “cybercrime”).


The ICANN Board continues to stress that the policies around addressing DNS abuse, along with the definition itself should be left for the community in the appropriate policy development process, led by the GNSO. This makes other constituencies, like governments, nervous and impatient, as they might feel that their concerns are not being appropriately taken into consideration. As for the discussions in the Governmental Advisory Committee (GAC), if an appropriate solution to address the public interest concern is not achieved through the multistakeholder process, then governments tend to resort to the measures they know best: national or regional legislation and other multilateral fora. We see this already at EU and Council of Europe level (the NIS 2 Directive proposal and the 2nd Additional Protocol to the Budapest Convention respectively), with other governments and regions to follow. During the GAC session on DNS Abuse Mitigation Japan presented its proposal for guaranteeing that the operations of registries and registrars are in compliance with ICANN contracts. These measures include: a registration data accuracy obligation at the time of domain name registration; the verification of registrants’ identity; and requiring registries and registrars to provide evidence that proves that domain names are not “abusive”.

Meanwhile, ICANN Org is struggling to enforce its contracts with regard to data accuracy requirements on its Contracted Parties.

The role of ICANN?

Governments are increasingly becoming frustrated with their mere advisory role in the ICANN policy development process. It might have been a working solution a decade ago, when the internet infrastructure was not considered to be states’ critical infrastructure and the backbone of the economy. However, the world has evolved since then, while the role of ICANN has largely not. Could this be an opportunity for ICANN to reinvent itself? Or is it destined to play catch-up with the increasing level of national and regional legislation targeted its way? During the plenary session at ICANN71, Jovan Kurbalija stressed the need for ICANN to become a constructive participant in the global digital debate, including on DNS abuse.

As we noted in our previous blogpost, this call to action might be in vain, given the limitations for ICANN Org to represent the ICANN community and the possible clash with local interests. Legislative processes are best navigated in synchronisation with the local internet community and the local ICANN community participants.

However, from the public engagement activities, it seems that ICANN Org is increasingly prioritising the European Union as a strategically important regulator, with other regions being pushed to the sidelines. These sentiments were confirmed by e.g. the Caribbean region representative during the plenary session, who highlighted the fact that ICANN Org’s management has not met with the government officials in the region for years.

ICANN should continue to serve as an important venue for the global multistakeholder community to come together and come up with policies that are not only proportionate but also workable for all regions and operators across the world. Unenforceable contracts is one of the examples where policy aspirations clash with the legal reality.

Is the internet going to fall?

Both ccTLDs and gTLDs are working hard to keep the internet community safe, despite no clear definition on DNS abuse, without conclusive data to support the assumption that access to WHOIS is a panacea to everything that is wrong on the internet, and while still being GDPR compliant.

Numerous voluntary and solution-driven efforts are being taken already, as presented by the Contracted Parties House at ICANN71. Other venues to bring together relevant industry actors and share good practice have emerged, such as the DNS Abuse Institute and the Internet & Jurisdiction Policy Network to address some of these issues without a risk for increased liability and contractual changes at ICANN level. As evident from the session, Contracted Parties are steadily advancing on their discussions regarding so-called “trusted notifiers”, improving registry-registrar cooperation and registrants’ rights protection mechanisms. These initiatives might be setting new standards and will be setting new expectations. The whole domain name industry should pay close attention to what is happening in this constituency, including the ones who do not have contracts with ICANN.

Outside of the gTLD space, European ccTLDs are continuously considered champions when it comes to addressing abuse within their remit and means and tools available for DNS infrastructure operators, while being subject to the GDPR and national data protection frameworks. It would have been natural to seek guidance from the region that has decades-long experience in managing redacted WHOIS whilst still being able to address abuse.

Awareness of these good practices, including the careful consideration to not disproportionately affect internet users’ overall accessibility to services working on top of the DNS infrastructure, needs to be more widely targeted at the ICANN community at-large, as well as specifically towards governments and their public interest concerns in “DNS Abuse” discussions. The DNS is an important protocol which makes the internet function, yet it does not provide a silver bullet to solve wide societal problems.

The role of the internet ecosystem and the numerous players active within needs to be addressed in a holistic approach, with a clear understanding of the effects of drastic actions taken on the infrastructure level,be it at ICANN, other IG fora or in legislation negotiations.

Only in this way can we all make sure we have one global internet.

Published By Polina Malaja
Polina Malaja is the Policy Director at CENTR, leading its policy work and liaising with governments, institutions and other organisations in the internet ecosystem.