ICANN 83 Policy Forum – Highlights from Prague

Last week, the ICANN community convened in the picturesque capital of the Czech Republic for the ICANN 83 Policy Forum. Unsurprisingly for those following ICANN’s recent trajectory, the spotlight once again fell on DNS abuse.

While it’s true that domain names can be exploited for malicious purposes, DNS abuse remains an aberration - thankfully not the norm - within a system that enables billions of users to access the internet without memorising strings of IP addresses.

DNS Abuse Mitigation: Progress and Next Steps

Avid observers will recall that last year, registrars and registries voluntarily amended their contracts with ICANN to introduce DNS abuse mitigation provisions. These changes marked a major milestone; and their impact is beginning to show. ICANN Compliance, albeit modestly, has acknowledged progress: Contractual Compliance Reports on DNS Abuse Enforcement.

However, it was always clear that these amendments are just the beginning. The contracted parties (registries and registrars) have continued meeting regularly, not just to applaud past efforts but to shape future ones actively.

Towards Policy Development

At ICANN 83, the DNS Abuse Working Group presented a set of concrete policy proposals: narrow in scope, agnostic in technology, and grounded in legal and operational reality. These proposals are not theoretical. They arise from real-world mitigation efforts and credible data. Three, in particular, deserve mention:

1. Beyond the Report: Follow the Trail

This proposal would require registrars to investigate not just the reported domain name used for DNS abuse, but all domains linked to the same account, registrant, order or payment method.

Many responsible registrars already do this. But codifying it as a contractual obligation could provide critical leverage in the proverbial whack-a-mole battle between registrars and criminals abusing the system.

2. Gated Access for Bulk Registrations

Inspired by the ICANN-funded INFERMAL report, this idea targets automated, large-scale domain registrations.

The recommendation consists of stricter access controls for tools like APIs. At EuroDNS, for instance, we already restrict access to our API and WHMCS plugin to vetted resellers who sign a contract with enhanced obligations. This isn’t just good practice, it’s also good business. When your API is the gateway to your core revenue stream, it is essential to ensure that access is granted only to trusted parties.

3. This is not a phish

The third idea focuses on refining the definition of phishing. Since phishing was included as one of the DNS Abuse categories that registrars must mitigate, registrars have been inundated with reports of phishing cases that are actually alleged intellectual property infringements. 

A detailed and pragmatic definition of phishing could improve the quality of reports and reduce the mitigation time for registrars, allowing them to focus on cases where they can make a real difference.

A Few Less Inspired Proposals

Not all ideas presented were ready for prime time. Some were, frankly, absurd.

A certain consulting group was allowed to present suggestions like : 

• allowing registries to unilaterally block registrars from their TLDs: an obvious violation of ICANN’s foundational principle of non-discriminatory access;
• imposing obligations on registrars, flirting with “pre-crime”:  the notion that registrars should (and could) anticipate misuse before a domain is even registered
• ...

To bolster their arguments, they pointed to irrelevant and unfiltered data regarding every kind of online abuse. As CleanDNS' Chief Legal Officer highlighted in this LinkedIn post, some of the supporting data misrepresented efforts like RoLR.eu, which aids EU law enforcement by taking under its management abusive domain names, as proof of registrar complicity. That’s akin to accusing a prison warden of running a crime ring just because he houses criminals.

For any effort to succeed, it must be based on reliable data properly assessed and analysed. ICANN is on the right path with the INFERMAL project. It, however, needs to involve registries and registrars more to verify its assumptions. CleanDNS, again, (I promise they are not sponsoring this post or its author), has published this editorial that anyone interested in actually combatting DNS abuse should read.  

Want to Contribute?

The contracted parties for their part, have set up a dedicated form at DNS Abuse Fight to gather broader input on combating DNS abuse. If you have an idea for a policy that could aid in this endeavour, don’t hesitate to submit it. We will review it and turn it into an ICANN compatible format to be subject to the policy development process. 

New Extensions: Opportunities Ahead

With the second round of new extensions opening in April 2026, several sessions were held to promote the new applicant guidebook and the program in general. Although the last round proceeded without significant issues, the community took 12 years to finalise the rules for this round. 

They were quite creative in some areas. For example, applicants can now have a replacement extension if their primary choice receives competing applications. And, an applicant support system with a sliding-scale fee cut has been introduced. Some of those new processes were a good fit for the city of Franz Kafka.

If you need assistance navigating the complexities of this program’s terms, don’t hesitate to reach out. My colleagues and I are here to help.