Jump to Content

SAC115 - SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS

Warren Kumari
Greg Aaron
Benedict Addis
Lyman Chapin
kc Claffy
John Levine
Mark Seiden
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, vol. SSAC115 (2021), pp. 39


There are many ways to define the term “DNS Abuse” including, abuse of the protocol itself, abuse of the DNS infrastructure, using the DNS as a supporting service for some other abuse, and the use of domain names themselves in an abusive manner. In this report, the SSAC focuses on cases where domain names themselves are used in an abusive manner. These are often colloquially referred to within the ICANN community as “technical abuses”, which generally refer to abuses spelled out in ICANN’s registry agreements in Specification 11.3 (b) and that have been the focus of many community discussions from 2018-2020. In general, the term “DNS abuse” in this report refers to the use of domain names, or the DNS system, to perpetuate abusive activities. Abuse on the Internet continues to victimize millions annually, reducing trust in the Internet, including the DNS, as a place to conduct commercial and non-commercial activities. This erosion of trust negatively impacts all parties in the Internet ecosystem, from endusers to infrastructure service providers. In this report, the SSAC proposes a general framework of best practices and processes to streamline reporting DNS abuse and abuse on the Internet in general. This effort is focused on determining approaches and methodologies that could ultimately reduce the severity and duration of victimization for end-users. This report focuses on one specific area of the DNS abuse lifecycle, namely abuse handling. Other topics in the space, including, but not limited to, prevention, mitigation methods, and education may be explored in future SSAC work. This report is intended to be of benefit to the victims of DNS abuse, reporters of DNS abuse, and to those responsible for identifying and remediating DNS abuse.