During ICANN76, even remote attendees could feel the winds of change blowing through the organisation. In her opening speech, ICANN Chair Tripti Sinha emphasised that ICANN has reached an inflection point and will need constructive collaboration to make progress on longstanding issues. With WSIS+20 approaching, there is little time left to prove that the multistakeholder model can deliver on the promises made in 2005. These include in particular references to cybersecurity coordination (#40) and the fight against spam (#41) of the Internet Governance chapter of the Tunis Agenda for the Information Society.
One of those files is the DNS Abuse problem. This is the collective name for any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity. The scope is at the moment understood to include phishing, pharming, malware, botnets and spam when spam serves as a delivery mechanism for those other forms of DNS abuse. After years of discussing definitions and misguided strategic standstill, the community is moving forward on three different fronts.
The primary game changer is the recognition that ICANN should be able to use its most powerful tool - contractual obligations - not just to encourage, but to oblige those contracted parties that have not been doing their part to help make the internet safer. The negotiations between ICANN and the registries and registrars are expected to be finalised by the end of the year. Essentially, it will change the requirement for contracted parties from merely responding to a complaint to effectively dealing with it in order to reduce DNS Abuse.
The second change is the increasing availability of tools to centrally report on abuse and help identify abuse contacts. These are the contacts that will handle any complaints related to a specific domain. ICANN accredited registrars have developed the ACID Tool (Abuse Contact Identifier) and the DNS Abuse Institute has launched NetBeacon as a one-stop shop for abuse reporting and abuse feeds for registrars. Both will still require concerted communication efforts to make them known to the public, but they are both already reporting encouraging usage increases.
The third change is the focus on data gathering and sticking to data driven discussions. In addition to ICANN’s Domain Abuse Activity Reporting (DAAR) tool, both the gTLD industry and the ccNSO have launched initiatives that will help to move the discussions forward. In the ccNSO, a first survey gave insights into ccTLDs’ different approaches across the globe. With a respectable response rate for a first time survey, it shows that the ccNSO has a valuable role to play in the broader debate and needs to step in urgently to fill the information gap. The DNS Abuse Institute presented their Abuse Compass: a tool that reveals DNS abuse trends and which should guide future discussions.
The next steps are related to linking these datasets to abuse patterns and identifying how to tackle these patterns effectively. Additionally, contractual obligations for gTLDs will need to be linked with measurements that are trusted and actionable. In that process, ccTLDs can share from their rich experience and help bring down abuse levels across the industry.
Where until recently, some parts of the ICANN Community did not discuss DNS Abuse and others moved at very different speeds and different directions, in Cancun, the ICANN community seems to have found the unison to get this one across the finish line.
Links to the main DNS Abuse related sessions
ccNSO DNS Abuse Standing Committee Update