How working groups tackle DNS Abuse

Blog > Domain Names > Industry

The article discusses a group of registrars at ICANN working to address DNS abuse, which includes publishing white papers and developing an Abuse Contact IDentifier tool. The group has conducted outreach sessions with other ICANN stakeholder groups and law enforcement agencies. The article concludes that the group will likely become permanent due to the ongoing issue of online abuse.

Table of Content

Understanding DNS Abuse

I understand for some people this may as well be written in a foreign language. So let me try and break it down the best way I can (no pun intended!) DNS stands for Domain Name System, which is like a phonebook for the internet. It helps to translate the website address that you type into your web browser into the actual numerical address that your computer needs to connect to the website. Now, when we talk about DNS abuse, we mean harmful activities that happen using the internet's phonebook system. This includes things like malware, botnets, phishing, pharming, and spam when they use the DNS to carry out their bad actions.

So essentially, DNS abuse refers to when someone uses the internet's phonebook system for malicious purposes. It's a serious issue because it can be used to carry out cyber attacks and scams that can harm individuals, businesses, and even entire networks.

Not a superhero but just as effective. I think

While Clark Kent, Bruce Wayne and others moonlight as caped wearing vigilantes, I regrettably do not have any superpowers. Thus, I moonlight under my name and in full transparency within ICANN working groups and the Registrar Stakeholder Group.

The Registrar Stakeholder Group (or RrSG) is the representative body of the registrars at ICANN. As mentioned on its website, it is an “active group that works to ensure the interests of registrars and their customers are effectively advanced.” To accomplish this goal, the RrSG can, amongst other means, create sub-working groups to address specific topics.

This is not a chair

In 2019, Graeme Bunton, the then-chair of the RrSG, formed a sub-working group tasked with addressing DNS abuse. Upon Graeme’s departure to head the newly formed DNS Abuse Institute in 2021, Reg Levy - who works for our friendly competitor Tucows - and I became the two co-chairs of this sub-working group.

As we are starting our second term as co-chairs, I thought it worth looking back on this group’s accomplishments. This group of registrars has been meeting at least once a month to improve the industry’s handling of abuse reports beyond DNS Abuse.

As a reminder, DNS Abuse comprises five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam when it serves as a delivery mechanism for the other forms of DNS Abuse.

This definition is used by the Internet and Jurisdiction Policy Network, the Internet community from the ICANN Security and Stability Advisory Committee, and the DNS Abuse Framework signatories.

DNS Abuse Report Statistics

DNS Abuse Report Statistics

Productivity at its peak

One of the outputs of this working group was the publication of several white papers.

  1. The CPH Guide to Abuse Reporting aims to assist the public, specifically internet abuse reporters, in sending actionable reports to the appropriate party.
  2. The Appeal Mechanisms following DNS Abuse Mitigation paper described the procedures that a domain registrant can follow to obtain the reactivation of its domain name after a suspension for DNS Abuse.
  3. The Approach to BEC Scams / CEO Fraud paper detailed the actions that a registrar can take when its services are used as part of a BEC fraud. Although registrars are not the best party to address these cases, they can nevertheless take action if presented with appropriate evidence.

The Group also conducted several outreach sessions online and in person with other ICANN stakeholder group representatives such as the Intellectual Property Constituency or the Business Constituency, the Non-Commercial Constituency and even with LEA representatives from Europol, Interpol, FBI…

Those discussions highlighted that while the registrar details for each domain name can be easily found, identifying other service providers, such as the hosting provider, the email service provider or the DNS service providers, require particular technical knowledge that not everyone has.

One tool to identify them all

To fill this gap, the DNS Abuse Group obtained approval and financing from the RrSG to develop and host an Abuse Contact Identifier tool (shortened to ACID Tool) at

During the ICANN Cancun Meeting, the ACID Tool was presented to law enforcement and consumer protection agency members, who expressed positive feedback on this initiative. (does making the police smile count as a superpower?)

What's next?

To sum up, the group has made significant progress by publishing informative white papers, developing an Abuse Contact IDentifier tool, and engaging with other stakeholders to advance their mission. However the persistence of online abuse means that this sub-working group will likely become permanent - as online abuse - just like its offline counterpart - will never disappear entirely. And as there is no venue like ICANN for hosting or email providers to coordinate it demonstrates the critical role that registrars play in addressing this ongoing issue.

Next article:
5 ways to use AI for e-commerce

Previous article:
Solving privacy issues post GDPR

Related articles: