ICANN77: DNS abuse measuring, mitigation and the way forward

Blog 21-06-2023

During the ICANN77 meeting in Washington DC, the discussions on DNS abuse moved past some important hurdles. Building on the momentum created at ICANN76, both the gNSO and the ccNSO made substantial progress on the subject.

The most important step forward was made in the gNSO. After years of ignoring the elephant in the room (i.e. the fact that a few bad actors were dragging down an industry without any repercussions), ICANN started drafting and negotiating a crucial contractual amendment for their registries and registrars. 

Currently, a registrar only needs to acknowledge the receipt of a DNS abuse notification (flagging spamming, phishing or distribution of malware). However, once this new amendment has been added to their contract, registrars will have to act upon it, and this will change the landscape significantly. 

A spectacular illustration of the potential impact of this approach could be observed at the beginning of this year. Until December 2022, Freenom repeatedly showed up in rankings as one of the safe havens for cyber criminals. However, following a lawsuit from Meta about their non-responsiveness to abuse notifications in January, Freenom stopped allowing new registrations in the TLDs it manages. Since then, global abuse levels have been dropping as a direct consequence of the collapse of this single bad actor. 

The negotiations on these amendments are expected to be finalised by September, with voting by registries and registrars taking place in Q4. The implementation should occur at the end of Q1 2024. It is important to note that these amendments will require a substantial amount of support from both gTLD registries and gTLD registrars, but it is expected that the necessary threshold will be met. 

During the gNSO meeting, the DNS Research Federation presented the results of its study on DNS abuse in EU ccTLDs. Commissioned by the business constituency, the study concluded that EU ccTLDs have an exceptionally low level of abuse compared to other groups of TLDs (non-European ccTLDs, legacy gTLDs and new gTLDs). Where the global median abuse level is at 0.22%, EU ccTLDs have a 0.05% abuse rate. EU ccTLDs also have a lower abuse ratio compared to their market share (3% versus 15%). The study also looked into the factors contributing to overall low abuse levels and concluded that there is no silver bullet, pointing out that there was no correlation found between a particular data accuracy verification model and low abuse rates. The following factors were flagged as contributors to the overall abuse levels: the maturity of the domestic market, successful adaptation within a strict data protection environment and a predominance of non-profit registry models. Finally, the study noted that there are TLDs that have even lower DNS Abuse rates than EU ccTLDs (.au and .uk stand out with a DNS abuse rate of 0.001% and 0.003% respectively).

Meanwhile in the ccNSO, the Domain Abuse Steering Committee (DASC) presented the results of a global ccTLD survey and called for contributions to the domain abuse mitigation knowledge repository. While the DASC does not set policy for ccTLDs it aims to assist ccTLD managers by sharing information and mitigation strategies and engaging in constructive dialogue. In addition to the repository, the group will also be setting up a mailing list to discuss DNS abuse amongst ccTLDs and to create a contact list. The list will be launched at ICANN78. The session also provided a summary of the ccTLD survey and looked into the tools and mechanisms ccTLDs currently use to mitigate abuse.As expected, a wide range of practices was observed, but there is a noticeable trend towards a more proactive approach across ccTLDs. The work of the DASC is still in its early stages but shows that ccTLDs are sensitive to the changing landscape. 

Overall, the sessions on DNS abuse at this ICANN meeting left a strong impression of an industry that, after years of standstill, is moving forward based on a broad consensus. 


Published By Peter Van Roste
Peter Van Roste is the General Manager of CENTR, overseeing all of CENTR’s activities and liaising with governments, institutions and other organisations in the internet ecosystem.