The Internet Corporation for Assigned Names and Numbers (ICANN) has released two new circulars, namely on increasing transparency around compliance activities and Domain Name System (DNS) infrastructure abuse.
The Contractual Compliance Monthly Dashboard now includes more information regarding registrar-related DNS abuse report handling complaints, including reports regarding spam, pharming, phishing, malware and botnets. It also includes information on counterfeiting, online pharmaceutical concerns, fraudulent and deceptive practices, trademark or copyright infringement and complaints regarding registrar abuse contacts.
The second initiative, addressing DNS infrastructure abuse, is as a result of the concerns raised by large sections of the community about the prevalence of this abuse. They had questioned the willingness and ability of ICANN and contracted parties to address the matter. For example, the Competition, Consumer Choice and Consumer Trust Review Team’s final report includes a lengthy chapter on DNS infrastructure abuse and includes several related recommendations. The Governmental Advisory Committee (GAC) also raised concerns about DNS infrastructure abuse in the Copenhagen Communiqué, and elsewhere.
In Contractual Compliance, ICANN stated that the audits are conducted with a specific focus on the DNS infrastructure abuse. They have broadened the scope of questions and testing in their registrar and registry audits, focusing on process, procedures, and handling of DNS infrastructure abuse. The revised audit testing focuses on reviewing security threat reports for completeness and comparing them against publicly available reports.
In the March 2018 Registry Audit conducted on 20 generic top-level domains (gTLDs), ICANN had included the expanded audit questions. Through that audit, certain actions that registries and registrars had undertaken to address DNS infrastructure abuse, were identified. They include conducting security threat analyses frequently and retaining reports for future reference.
These reports identified abusive domains that were also identified in publicly available abuse reports (e.g., MalwarePatrol, PhishTank, Spamhaus and SURBL), and included evidence of actions taken against abusive domains. The audit also showed that there were incomplete analyses and security reports for 13 top-level domains (TLDs), as well as a lack of standardized or documented abuse handling procedures and no action being taken on identified threats.
ICANN has also launched an audit focused on DNS infrastructure abuse for nearly 1200 gTLDs, and held two audit webinars with the registries to address questions and concerns. Some of these concerns were also raised in a recent email from the Registries Stakeholder Group (RySG) and addressed by Contractual Compliance.
ICANN’s mission is to maintain the security and stability of the DNS. Consistent with this mission, ICANN Contractual Compliance is now addressing DNS infrastructure abuse by conducting registry and registrar audits. The purpose of these audits ensures that the contracted parties uphold their contractual obligations with respect to DNS infrastructure abuse and security threats. Upon completion of the audits, ICANN Contractual Compliance will publish their findings and observations, including examples of strategies and processes to mitigate DNS infrastructure abuse.