SAC115 - SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS
Abstract
There are many ways to define the term “DNS Abuse” including, abuse of the protocol itself,
abuse of the DNS infrastructure, using the DNS as a supporting service for some other abuse,
and the use of domain names themselves in an abusive manner. In this report, the SSAC focuses
on cases where domain names themselves are used in an abusive manner. These are often
colloquially referred to within the ICANN community as “technical abuses”, which generally
refer to abuses spelled out in ICANN’s registry agreements in Specification 11.3 (b) and that have been the focus of many community discussions from 2018-2020.
In general, the term “DNS abuse” in this report refers to the use of domain names, or the DNS system, to perpetuate abusive activities. Abuse on the Internet continues to victimize millions annually,
reducing trust in the Internet, including the DNS, as a place to conduct commercial and non-commercial
activities. This erosion of trust negatively impacts all parties in the Internet ecosystem, from endusers to infrastructure service providers.
In this report, the SSAC proposes a general framework of best practices and processes to
streamline reporting DNS abuse and abuse on the Internet in general. This effort is focused on
determining approaches and methodologies that could ultimately reduce the severity and
duration of victimization for end-users. This report focuses on one specific area of the DNS
abuse lifecycle, namely abuse handling. Other topics in the space, including, but not limited to,
prevention, mitigation methods, and education may be explored in future SSAC work. This
report is intended to be of benefit to the victims of DNS abuse, reporters of DNS abuse, and to
those responsible for identifying and remediating DNS abuse.
abuse of the DNS infrastructure, using the DNS as a supporting service for some other abuse,
and the use of domain names themselves in an abusive manner. In this report, the SSAC focuses
on cases where domain names themselves are used in an abusive manner. These are often
colloquially referred to within the ICANN community as “technical abuses”, which generally
refer to abuses spelled out in ICANN’s registry agreements in Specification 11.3 (b) and that have been the focus of many community discussions from 2018-2020.
In general, the term “DNS abuse” in this report refers to the use of domain names, or the DNS system, to perpetuate abusive activities. Abuse on the Internet continues to victimize millions annually,
reducing trust in the Internet, including the DNS, as a place to conduct commercial and non-commercial
activities. This erosion of trust negatively impacts all parties in the Internet ecosystem, from endusers to infrastructure service providers.
In this report, the SSAC proposes a general framework of best practices and processes to
streamline reporting DNS abuse and abuse on the Internet in general. This effort is focused on
determining approaches and methodologies that could ultimately reduce the severity and
duration of victimization for end-users. This report focuses on one specific area of the DNS
abuse lifecycle, namely abuse handling. Other topics in the space, including, but not limited to,
prevention, mitigation methods, and education may be explored in future SSAC work. This
report is intended to be of benefit to the victims of DNS abuse, reporters of DNS abuse, and to
those responsible for identifying and remediating DNS abuse.
Research Areas
