Small Team on DNS Abuse

From ICANNWiki
Jump to navigation Jump to search

The Small Team on DNS Abuse is an output of the GNSO Council to determine what policy efforts, if any, the GNSO Council should consider undertaking to support the efforts already underway in the different parts of the ICANN community to tackle DNS abuse.[1]


After considering input from across the [[ICANN Community] and ICANN Contractual Compliance on current requirements and enforcement, the small team found that:[2]

  • DNS abuse has a life cycle, which determines which parties should mitigate the harm. The phases involve:
    1. measures to help CPs identify DNS abuse earlier or even prevent a malicious registration
    2. ensuring harmed parties know how AND to whom a complaint should be reported
    3. reports that are well-formed and actionable
    4. well-positioned party (CPs, web-host, website owner/operator, etc) takes action
    5. enforcement by ICANN compliance, if contracted party is involved
  • concerns and solutions fall into three buckets:
    1. possibly requiring policy development,
    2. to be shared with the community for consideration outside of policy development, and
    3. to be considered by the Contracted Parties House.


  1. After the other recommendations are pursued, if further tools are necessary, the small team recommends that the Council consider requesting a Preliminary Issue Report on the topic of malicious registrations. It would be narrowly focused on malicious registrations used for the distribution of malware, phishing or the operation of botnet command and control systems.
    • Phases involved: 0, 3, 4
    • Bucket - policy development
  2. Work with RrSG, ICANN Organization, and the DNSAI to explore the role of bulk registrations in DNS abuse and mitigation measures #* Phases involved: 0
    • Bucket: Community outreach and coordination
  3. Encourage Contracted Parties to work with DNS abuse reporters to improve existing tools for simplifying DNS abuse reporting to ensure that information to

make complaints actionable and that complaints go the right party

    • Phases involved 1, 2
    • Bucket: Community outreach and coordination
  1. share findings with RySG and RrSG as they relate to gaps in the RA/RAA
    • Phases involved: 3, 4
    • Bucket: Community outreach and coordination, and potentially Contracted Parties House action (contract negotiations)


At ICANN 72, the GNSO Council initiated a small team on DNS abuse. It gathered information on the efforts already underway to deal with DNS abuse but focused on the narrow topic of DNS abuse issues inadequately mitigated and whether they require policy development. The small team began meeting in February 2022 and articulated DNS abuse problems within the GNSO's purview. The small team received inputs from the ALAC, GAC, SSAC, the DNS Abuse Institute, Contractual Compliance, and from within the GNSO. At ICANN 75, the small team presented its findings and suggestions.[3]