Recherche Nom de Domaine Recherche Groupée Transfert Nom de Domaine Suggestion de Domaine IA Nouveau Extensions Nom de Domaine Domain Privacy Whois
Suite de Sécurité Web
Hébergement Géré WordPress Jetpack pour WordPress
Hébergement Web Plesk SiteJet WebSite Builder
Microsoft 365 Microsoft 365 Business Microsoft 365 Enterprise
SSL ACME Nouveau Certificats SSL InstantSSL DV Multi-domain SSL (SAN) Globalsign SSL
Email Cloud Suite E-Mail Professionnel de Marque Outils de Collaboration Sécurité E-Mail Sophistiquée
Service DNS Anycast DNS Premium Anycast DNS HTTPS Redirect
Solutions d'Entreprise Solutions de Blocage de Nom de Domaine TMCH Revendeurs
EuroDNS Blog
close
Assistance TechniqueContactez-nousTel:+352 263 725 200Conditions Générales

ICANN 86 Seville: Notes from the Room

Blog > Noms de Domaine > Industrie

EuroDNS shares its takeaways from ICANN 86 in Seville, covering five active policy tracks: the DNS abuse associated domains working group, the long-running PPSAI privacy services programme, law enforcement data access via SSAD, the largely inconclusive AI and DNS abuse session, and the real-world limits of registrant verification as an abuse mitigation tool.

Back from Seville. Four days, burning sun, and the usual wall-to-wall acronyms. Here's what kept the community busy in air-conditioned rooms.


 

Associated Domain Names Check: cautiously optimistic

Disclaimer: I did not coin this term; credit goes to the excellent Natalie, one of our registrar representatives. And it perfectly reflects the state of this working group. On paper, this policy should have been a slam dunk. Requiring registrars to review other domain names clearly associated with a malicious domain under their management would appear simple. As always, perfection is the enemy of the good, and the lack of understanding among other community members about how registrars operate is slowing the drafting process.

That said, the members of the working group seem well-intentioned and eager to defend their stakeholders' interests rather than obstruct progress. All eyes are on this first PDP of a series on DNS abuse, and its outcomes will be put under the microscope.

During the face-to-face session in Seville, progress was made, but one crucial question remains unresolved: how to measure the policy’s effectiveness. The simplest solution would be for registrars to keep records of the number of associated domain names they discover and report those numbers during their regular ICANN compliance audits.


 

PPSAI: thirteen years and counting

This working group launched in 2013 to regulate privacy and proxy services. The original ambition, a full accreditation programme covering anyone registering domain names on behalf of others, collapsed quickly. Law firms, web agencies, technically helpful friends who once registered their cousin's domain: none of them was ever going to get ICANN-accredited for the privilege.

GDPR then arrived, putting proceedings on pause for 7 years. When the group resumed, we swiftly realised that the final report was out of sync with the newly adopted registration data policy that had integrated data privacy considerations. The group requested guidance from the GNSO Council, which essentially replied: work with the final report you already have and make the best of it.

A workable programme covering registrar-provided privacy services, with clear obligations toward users and the public, is within reach. 

The catch: some in the group are still pushing for a scope that would require every domain registrant to disclose who actually operates the website behind their domain. That is not a DNS policy. It is a website publisher identity discloser obligation that arrived through the side door of an ICANN working group. Here is hoping the working group chooses the more proportionate path.


 

SSAD: authenticated, but not omnipotent

Law enforcement agencies face a structural problem: their jurisdictions have borders, the internet does not. The SSAD is an authentication system designed to facilitate LEA access to redacted registrant data across those borders. The intent is legitimate.

The ceiling is real, though. An authenticated request from a foreign law enforcement agency does not grant that agency jurisdiction over a Luxembourg-registered company. At EuroDNS, every disclosure request goes through a balancing test under EU data privacy law. An authenticated LEA request shifts the weight of that test, but it does not replace it. Only requests from Luxembourg or EU authorities result in automatic disclosure. Given the budget being allocated to SSAD, the community should be honest about that limitation before building too much on top of it.


 

DNS Abuse and AI: a session that missed its own brief

A dedicated session looked at AI and DNS abuse. It raised the topic, then largely left the room empty-handed. The actual picture is this: AI has minimal impact at the registration level. It doesn't enable criminals to register more domain names. What it does do is make abuse more credible, more targeted, and harder to catch through identity verification. One domain name with a dozen convincing phishing subpaths is still one domain name. The registrar's exposure is the same regardless of the number of targets.


 

DNSAC: verification measures and their limits

Together with the wonderful Reg Levy, I was invited to give a lightning talk alongside ccTLD registries for .SE and .NO, looking at tackling DNS abuse through registrant verification.


 

The uncomfortable reality: organised criminals have access to stolen identity sets and pass verification checks without breaking a sweat. The people who struggle are legitimate registrants who are less technically comfortable, or whose documents do not fit neatly into automated systems. Every verification step also creates a new data collection point, and every data collection point is a potential breach. There is a real risk of making DNS less accessible without meaningfully improving its security.

However, as legislators worldwide fail to recognise those pitfalls, the industry has to cope with them and try to keep its customers safe.


 


 

Articles liés:
ICANN 86: The Internet Needs Better Data, Not Louder Claims
Les 12 meilleurs domaines pour le secteur de la Santé
13 domaines populaires pour les entreprises technologiques