ICANN's fight against DNS abuse

ICANN 101

Although ICANN mainly functions on a multi-stakeholder model where each internet community has a voice in developing policies, it also relies on contractual instruments negotiated between ICANN, the organisation and the aptly named contracted parties.

The three principal contracts are:

- the Registry Agreement (RA) by which ICANN delegates the management of an internet extension to an entity;

- the Registrar Accreditation Agreement (RAA) by which ICANN authorises an entity to act as registrar; and

- the Registry-Registrar Agreement (RRA) by which a Registry authorises a Registrar to offer domain registrations under the internet extension it manages.

Those three agreements are not subject to public input and are negotiated directly between ICANN, the registries and the registrars. The modification process of those documents can only be initiated if the registries and registrars voluntarily decide to do so.

This long introduction highlights the importance of the contracted parties’ voluntary choice to amend their agreements with ICANN to address DNS Abuse better. This decision to strengthen the terms of our agreements is self-inflicted.

The Negotiators

On November 4, 2022, the representatives of the registries and the registrars informed ICANN that they were ready to introduce an obligation in their agreement to take reasonable and appropriate action to mitigate or disrupt domain registrations engaged in DNS Abuse.

The group was adamant that the amendment be targeted and pragmatic to avoid the typical ICANN pitfall of endless, almost sterile discussions. Only article 3.18 of the RAA, titled 3.18 Registrar's Abuse Contact and Duty to Investigate Reports of Abuse and Specification 6 Section 4 of the RA, titled Abuse Mitigation, would be modified to ensure this.

Each group selected 11 representatives to negotiate with ICANN. The author of this blog post was lucky enough to be one of those representatives.

After several virtual meetings where some progress was made, the group realised that a meeting in person would be very beneficial. Hence why in February 2023, a group of representatives had a two-day in-person meeting at ICANN head offices in Los Angeles. Aside from the slight envy gained from realising Californians enjoy this weather all year round, the meeting was a fruitful one. As a frank discussion was had with with several ICANN department heads, especially the compliance one.

With this unfettered insight into ICANN compliance needs, the group better understood the amendment needed.

What happened next?

After two more rounds of draft exchanges, the group met with ICANN representatives at the Cancun Meeting in March 2023. And I am delighted to report that the group and ICANN made good progress - this despite the pounding house music blaring.

It does not mean this process is over however, as the amendment will require the affirmative approval of at least 90% of the 2656 accredited registrars and at least 50% of the registries and brand registries. But both communities will do their best to secure the approval of all their members.

Final Thoughts

While these amendments will certainly not eradicate all DNS abuse, let alone all online abuse, this will raise the bar for bad actors when addressing DNS Abuse reports. And enable the ICANN compliance department to intervene in case of negligent behaviour; without preventing registrars from taking further action than those mandated by their accreditation agreements if they believe they have the grounds to do so.