Subscription
Saturday, December 21, 2024
Industry News

Registrars and Registries Take the Lead to Mitigate DNS Abuse

In view of the persistence of cases of DNS Abuse (phishing, pharming, malware, and botnets), the ICANN Registrar and Registry Stakeholder Groups (RrSG and RySG, respectively) have decided to take a step forward and initiate a formal process to review the base gTLD Registry Agreement (RA) and the Registrar Accreditation Agreement (RAA) to enhance the DNS Abuse obligations they assume and, more specifically, to provide ICANN Compliance with tools to enforce them. 

Arguably,  the current language of those agreements is insufficient to combat DNS Abuse. 

For example, currently Article 3.18.1 RAA only requires that Registrars “take reasonable and prompt steps to investigate and respond appropriately to any abuse reports”. This has been interpreted by ICANN as failing short of a requirement to take action to mitigate abuse. Specifically, “respond appropriately” may indeed be interpreted as simply replying to the complainant without taking any corrective action. 

“3.18.1 Registrar shall maintain an abuse contact to receive reports of abuse involving Registered Names sponsored by Registrar, including reports of Illegal Activity. Registrar shall publish an email address to receive such reports on the home page of Registrar’s website (or in another standardized place that may be designated by ICANN from time to time). Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

From the Registries standpoint, the RA only requires in its Specification 11.3 b to gather statistical reports about malicious use of domains without any reference to mitigating actions:

“Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.”

The RrSG and RySG have each designated a team who will engage in good faith negotiations with ICANN to reach an agreement on proposed revisions of the RA and RAA, respectively. Amadeu Abril, chief of Policy of CORE/COREhub, has been elected as part of the RrSG Negotiating Team, representing COREhub as a reseller-based registrar. CORE, in turn, is represented by Nacho Amadoz, selected in his capacity as chair of the geoTLD Group, as part of the RySG Negotiating Team.

The negotiations of the proposed contractual amendments should be concluded in about 3 months, and later be submitted to vote to all ICANN contracted Registries and Registrars for approval.