Only a few years ago, it would have been hard to imagine an ICANN meeting agenda where the topic of DNS Abuse was so omnipresent. However, in Hamburg, not only the ccNSO and the gNSO, but also the GAC spent time on this topic which was until recently ‘off limits’ for ICANN. These discussions will have major ramifications, not only for the DNS industry, but also for the broader Internet Governance discussions.
In the ccNSO, the heavy lifting is done by the DNS Abuse Standing Committee (DASC). The ccNSO DASC is providing a dedicated forum for ccTLD Managers to discuss DNS Abuse and to share information, insights, and practices. While its core mission is to educate and inform ccTLD managers, its work also showcases to the outside world the efforts that ccTLDs have been undertaking in this area for years.
In Hamburg, the DASC organised a session on Tools and Measurement. The Domain Name System Abuse Institute (DNSAI), the DNS Research Federation and ICANN Domain Abuse Activity Reporting (DAAR) presented their free measuring tools and invited ccTLDs to contribute their datasets.
The DASC repository of materials related to DNS Abuse prevention by and for ccTLDs is growing slowly but steadily. ccTLDs that want to contribute are asked to get in touch with //This email address is being protected from spambots. You need JavaScript enabled to view it./" style="margin: 0px; padding: 0px; cursor: text; text-decoration: none; color: inherit;">the DASC repository editorial committee.
And finally, the DASC also launched the ccNSO DNS Abuse Mailing and Contact List to assist ccTLD Managers in detecting and/or mitigating DNS Abuse incidents that may affect their ccTLD.
The GAC session on DNS Abuse focused on measuring DNS Abuse, with similar updates from the DNS Abuse Institute and ICANN’s DNS Abuse Activity Reporting. While the focus of the ICANN discussions is on the gTLD space, yet again, datasets showed that ccTLDs are doing very well compared to overall industry averages.
GAC Members pointed out that while the ongoing discussions on amending the 2013 Registrar agreement to include DNS abuse mitigation measures are a step in the right direction, it is only the beginning of a journey. Examples of what still needs to be addressed are the (gTLD) registry agreements and the enforcement mechanisms that would ensure compliance.
In the gNSO, the most important activity was not taking place in Hamburg, but online. Registries and registrars are currently voting on the amendments to the registrar accreditation agreement. As reported earlier, in January 2023, ICANN initiated the process to amend the 2013 Registrar Accreditation Agreement (RAA) and the base gTLD Registry Agreement (Base RA) to strengthen the existing abuse mitigation obligations. This would mean that rather than confirming receipt of a complaint, registrars would need to act on that complaint.
Still a substantial number of votes are required to get across the voting threshold.
The success of that vote is crucial on two levels: most concretely, a successful vote is required to accept the amendments and therefore change the way registrars will be dealing with DNS Abuse complaints. Secondly, but equally important, the multistakeholder model as embodied by ICANN needs a new success to ensure that in the upcoming Internet Governance discussions, it can show that it is capable of handling issues that are of public policy concern without the direct intervention of national or regional regulators.
Both in the GAC and in the gNSO, it was noted that these amendments are only the first step in a longer journey. Next steps will include policy discussions open to the full ICANN community, and potentially future negotiations between the contracted parties (gTLD registries and registrars) and ICANN org. Further policy development work can also be expected in the Generic Names Supporting Organization (GNSO) to discuss what additional obligations should exist and define in more detail what is expected of registrars and registry operators in a community-wide process.
The ongoing vote and the policy work that will follow can be expected to have a significant impact at ICANN. If successful, it will provide the organisation with tools to address the DNS Abuse issue and finally allow ICANN to deal with malicious actors.
It might leave one wondering if we would have seen the current avalanche of European regulations affecting the DNS if this work had taken place earlier?
