Rules will make it easier for people to submit reports and (loosely) define what registrars and registries must do in response.
ICANN’s contracted parties have approved changes to the 2013 Registrar Accreditation Agreement (RAA) and base Registry Agreement that will impose DNS abuse mitigation responsibilities for registrars and registries.
The changes define DNS abuse as malware, botnets, phishing, pharming, and spam (when spam is used as a delivery mechanism for any of the other four types of DNS Abuse). It does not apply to the content of websites when unrelated to this abuse, nor spam that is not in furtherance of the types of abuse.
The changes clarify the roles of registrars versus registries, and allow ICANN to undertake compliance actions against the parties for not appropriately handling DNS abuse.
After ICANN’s board ratifies the changes, registrars will have to:
- Publish an email address or web form readily accessible on the registrar’s home page to allow people to submit abuse complaints
- Confirm receipt of those reports to the submitter, either via email or on the screen after submission
- Provide contacts for law enforcement in the registrar’s jurisdiction
When receiving a complaint with actionable evidence, registrars will have to take prompt action to mitigate the DNS abuse.
Actionable evidence will depend on the abuse, but is “information that is readily available to the registrar must be sufficient to enable the registrar to make a reasonable determination as to whether the Registered Name is being used for one or more forms of DNS Abuse.”
For example, a domain used for phishing might include a screenshot of how the domain is being used for phishing, who is being targeted, and the full URL of the page used to collect information.
Prompt is loosely defined by examples and gives leeway to ICANN Compliance to decide what is prompt and what is not.
Registrars should also take into consideration collateral damage when taking action. For example, if it appears that malware is being distributed on a site because the site has been hacked, the registrar might choose not to suspend the entire domain but contact the site owner instead. This also applies to cases in which third level domains are used by different parties than the owner of the second level domain; suspending the entire second level domain would impact all users of the domain.
Registries will also have to publish a way for people to notify them of abuse and provide confirmation of such reports. They are also required to take prompt action when receiving actionable evidence.
However, that prompt action may be as simple as notifying the registrar and asking them to take care of it. According to an ICANN advisory:
The registry operator will also consider whether it, the sponsoring registrar, and/or another party are the best-equipped parties to review and take the appropriate, proportionate mitigation actions. For example, for a single Registered Name being used for DNS Abuse, the registrar may be best placed to review and address the DNS Abuse with its customer. Similarly, in the case of compromised systems, the Registered Name Holder or the hosting provider that maintains administrative access to affected systems may be better able to address the issues, and the registry operator should refer these to the registrar first, as suspending the domain by applying either clientHold or serverHold can cause collateral damage on benign or legitimate content. On the other hand, the registry operator may be the best party to address large-scale threats that span many Registered Name Holders or registrars, such as domain-generating algorithms used to propagate botnets.
© DomainNameWire.com 2023. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.