The NetBeacon Institute is pleased to publish its White Paper: Proposal for PDPs on DNS Abuse. We created this paper to support and advance ICANN Community discussions on potential policy development related to DNS Abuse. From our unique perspective, we believe there are a number of issues that are constrained enough to be a successful ICANN PDP and can make a meaningful difference in our collective work against DNS Abuse.

Consistent with the approach previously articulated by the GNSO Small Team on DNS Abuse, we propose tightly scoped, actionable PDPs that respond to specific gaps in current policy and operational practices.

We believe the implementation of these PDPs will improve DNS Abuse mitigation in a way that is both practical and proportionate. Our first two proposed PDPs seek to meaningfully address the question of DNS Abuse associated with “bulk” registrations, without the counterproductive task of defining specifically what number constitutes “bulk.” The other PDPs are meant to address areas that have received less attention but can still drive meaningful change for the Community. Specifically, the PDPs we propose are:

• Associated Domain Check: A reactive approach requiring registrars to investigate domains linked to malicious actors, particularly in cases of bulk domain registrations used for abuse campaigns.
• Friction in Bulk Registrations for New Customers: A proactive approach that seeks to introduce friction for new customer accounts prior to gaining access to high-volume registration tools (i.e., API access for new customers) until trust is established.
• Subdomain DNS Abuse: A proposal to help address the growing abuse of subdomain services by codifying the responsibilities of registrants who offer them, via requirements in registrar and registry terms of service.
• Registrant Recourse Mechanisms: A measure that ensures registrants have a path to challenge enforcement actions of registrars or registries when taken in error.
• Centralized Coordination on DGA Malware and Botnets: A proposal to have ICANN serve as a coordination hub for law enforcement and national CERTs in cases involving DGA-based malware and botnets, enabling more efficient, synchronized mitigation.

Each proposal is carefully designed to address a discrete problem without creating undue complexity or overreach. This suite of tightly scoped PDPs gives us an opportunity to collectively make a real impact on DNS Abuse management and mitigation.

We want to acknowledge the considerable Community efforts that have put us in a position to assess these potential PDPs. In addition to the re-formed GNSO Small Team on DNS Abuse, we want to highlight the Security and Stability Advisory Committee’s publication SAC115 (and other SSAC work), the Second Security and Stability Review Final Report, the Competition, Consumer Trust, and Consumer Choice Review Team Final Report, work from the At-Large Advisory Committee, numerous communiques from the Government Advisory Committee (Istanbul, Türkiye; Seattle, United States), as well as ICANN’s most recent study Inferential Analysis of Maliciously Registered Domains (INFERMAL). These works were critical to informing and developing these proposed PDPs.

We look forward to engaging with stakeholders across the Community to determine what next steps should be on policy development for DNS Abuse, and we hope that the proposals set forth in the white paper assist in that process.

Please don’t hesitate to reach out to us if you have questions about the white paper. We will be at ICANN83 in Prague in a few weeks and look forward to discussing it more there.

Read the full white paper here.