Unpacking the Framework to Address DNS Abuse

By Matt Serlin
Matt Serlin

As the Internet has grown, so too have the abuses that go along with one of the world's most transformative technologies. For all of the positives the Internet brings, negatives like phishing, malware and child exploitation are a reality online.

As of December 9, 2019, 48 registrars and registries have signed onto the "Framework to Address Abuse." This initiative was launched last month by a number of domain name registries and registrars, just prior to the ICANN meeting in Montreal. It addresses many of the most egregious abuses of the Domain Name System (DNS).

Addressing myriad abuses online has been a topic in the ICANN community for years, but as these abuses have become more prevalent and visible around the world, pressure on registrars and registries to take meaningful action has increased. In order to address DNS abuse, it is critical to have a common definition within the community, and the Framework spells out the following types of abuse:

As it relates specifically to Spam, the Framework includes it only when it is used as a delivery mechanism for the other forms of abuse listed above. Unsolicited email alone does not constitute DNS Abuse. That said, when it is used as a vehicle to perpetuate a phishing attack, for example, it would be considered abuse.

The Framework indicates that registrars and registries must act on these types of abuses. However, it's also important to note that registrars and registries have limited options when it comes to taking action on abuses in general.

The only real option available for registrars and registries is the "nuclear option," which essentially entails disabling an entire domain name. Only hosting providers can take action on specific sites or content within domain names, which affords them with much greater flexibility. Registrars and registries need to ensure that when they take action against a specific domain name, there are no unintended consequences.

Often times, a legitimate domain name will have a vulnerability that allows a bad actor to host abusive content on the site. In this case, disabling the entire domain name would also remove legitimate content, as the "nuclear option" removes everything from the Internet connected to that domain.

The Framework also addresses website content issues, which are generally not as clear-cut as the abuses defined above. While it's important for registrars and registries to have discretion allowing them to potentially act when presented with a claim of content abuse, there are certain categories of content abuse that the Framework indicates should be acted upon. These include:

These are all categories that should be acted upon. But again, it's important to note that the only option available for registrars and registries is the "nuclear option," which is why it's critical for hosting providers to be the first point of contact to address content issues.

The Framework is a great first step and a good starting point for conversations within the community. While we have heard from many that it does not go far enough, there is also a strong contingent that believes it goes too far. Given this, it would seem that the Framework strikes a good balance as a starting point.

The Internet has arguably been one of the most significant technologies the world has ever seen. It has enabled the world to be more connected than many ever would have imagined. It also created opportunity for bad actors to find ways to use the Internet to perpetrate bad acts which this Framework attempts to address.

By Matt Serlin, SVP, Client Services and Operations at Brandsight

Related topics: Cybercrime, DNS, ICANN, Internet Governance, Policy & Regulation