Long-standing arguments over the definition of "DNS Abuse" made it difficult for the ICANN community to have productive discussions on how and when to address online abuses at the DNS level.



However, proposed amendments to RA and RAA agreements are a significant step in the right direction and should be adopted to test the multistakeholder approach's ability to enact meaningful binding rules. These amendments have clarified important points, including a more exact definition of DNS abuse, an obligation to confirm receipt of abuse reports, actionable evidence requirements, flexibly appropriate action, and the use of webforms.

The amendments define DNS abuse as malware, botnets, phishing, pharming, and spam when used as a delivery mechanism, which distinguishes these abuses from content-related ones. This useful operational scope focuses on high-importance abuses where DNS-level action is most justifiable.

In addition, the obligation to confirm receipt of an abuse report has been introduced in the gTLD Registry Agreement, reducing uncertainty for notifiers and building trust. The use of actionable evidence highlights the importance of sufficient information for DNS operators to evaluate the opportunity to act.

Moreover, the amendments stress the importance of choosing appropriate action considering circumstances like severity of harm from the DNS abuse and the possibility of collateral damage. The expression "Actions that are reasonably necessary" enshrines the dual objective of necessity and proportionality.

Finally, the provision emphasizes the need for prompt mitigation action when actionable evidence is provided, setting a strong, actionable basis for ICANN's compliance mechanisms. The use of webforms could also help improve notification and mitigation workflows.

ICANN recognizes the importance of flexibility in taking appropriate action against DNS abuse. It aims to strike a balance between promoting innovation and growth on the internet while combating malicious activities that jeopardize the security and trustworthiness of the DNS.

To achieve this, ICANN has developed a number of policies and mechanisms to address DNS abuse. These include:

1. Contractual Obligations: ICANN requires domain name registrars and registries to comply with contractual obligations aimed at reducing DNS abuse. These obligations may include implementing measures to prevent the registration of abusive domain names, investigating abuse reports, and taking appropriate actions against offenders.

2. Reporting Mechanisms: ICANN encourages the community to report instances of DNS abuse through its various channels, such as the ICANN Contractual Compliance complaint system. This helps them to identify and take necessary actions against reported abuses.

3. Collaboration with Stakeholders: ICANN collaborates with law enforcement agencies, industry groups, and other relevant stakeholders to share information and develop best practices for combating DNS abuse. This collaboration helps in identifying emerging threats and implementing effective strategies to mitigate them.

4. Policy Development: ICANN engages in policy development processes to establish guidelines and best practices for addressing DNS abuse. This includes working with the community to develop consensus policies that strike a balance between mitigating abuse and supporting a secure and open internet.

ICANN recognizes that DNS abuse can take various forms, including but not limited to phishing, malware distribution, spam, botnets, and domain name hijacking. To address these issues effectively, ICANN employs a multi-faceted approach that combines proactive measures, industry collaboration, and enforcement actions:

1. Proactive Measures: ICANN encourages the implementation of proactive measures by registries and registrars to prevent DNS abuse. This includes implementing policies and technologies to detect and mitigate abusive behavior, such as monitoring for malicious domain registrations and suspending or revoking abusive domain names.

2. Industry Collaboration: ICANN collaborates with industry stakeholders, including registries, registrars, law enforcement agencies, and cybersecurity organizations, to share information, best practices, and threat intelligence. This collaborative approach helps in identifying emerging threats, implementing coordinated responses, and promoting a safer internet ecosystem.

3. Enforcement Actions: ICANN has the authority to enforce its contractual agreements with registries and registrars. This includes taking enforcement actions against those who fail to comply with their obligations related to DNS abuse. When necessary, ICANN can initiate compliance proceedings, impose penalties, or even terminate agreements to address persistent abuse issues.

4. Policy Development and Review: ICANN engages in ongoing policy development and review processes to address DNS abuse effectively. This involves active participation from the community and subject matter experts to develop policies that balance the need for flexibility and effectiveness in combating abuse.

It's important to note that ICANN's role is primarily focused on coordinating and overseeing the technical aspects of the DNS. While it plays a significant role in combatting DNS abuse, other entities such as law enforcement agencies, cybersecurity organizations, and internet service providers also contribute to the overall efforts to combat abuse in the online space.

ICANN continues to evolve its approaches and mechanisms to stay ahead of emerging threats and ensure the security and stability of the DNS.