Unpacking DNS Abuse: Examining ICANN's Role in DNS Abuse Mitigation

A successful, comprehensive approach to fighting the spectrum of Domain Name System (DNS) abuses can be achieved with the help of overarching policies and global frameworks developed by the internet community itself, ensuring diverse but coordinated, effective efforts that respect the complexities of internet infrastructure.

This series has explored the concepts of “Abuse of the DNS” and “Abuse via the DNS” and gone deeper into the specific challenges of abuse via the DNS. An additional important area of focus is how the International Corporation for Assigned Names and Numbers (ICANN) specifically defines and addresses DNS abuse, the organization’s distinct approach and the unique responsibilities of registries and registrars under ICANN oversight – which necessitate navigating legal and regulatory requirements, business and contractual arrangements, and user rights.

ICANN's definition of DNS abuse is precise, focused primarily on specific categories of malicious activities that deceive and misdirect users including: “malware, botnets, phishing, pharming, and spam (when spam is used as a delivery mechanism for any of the other four types of DNS abuse).” These activities can compromise the security and stability of the DNS. Unlike the broader discussions in cybersecurity circles, ICANN does not include content-related issues as DNS abuse addressable under its bylaws; misinformation, disinformation, offensive content and other malicious forms of content are problematic but do not directly interfere with the operational integrity of the DNS.

Under ICANN’s framework, registrars and registries have a contractual obligation to address the ICANN-defined types of DNS abuse. These entities are crucial in the DNS infrastructure, as they manage the registration and administration of domain names. Their relationship with ICANN obligates them to adhere to specific guidelines and practices aimed at mitigating DNS abuse, including implementing measures to detect, report and respond to incidents of phishing, malware, and other abuses that fall under ICANN’s specific abuse definitions.

This contractual relationship sets registrars and registries apart from content and hosting providers, which do not have a direct or formal relationship with ICANN. While content and hosting providers play significant roles in addressing broader internet safety issues, their actions against abuse are typically governed by their own policies, local laws or industry standards rather than ICANN regulations. This distinction is crucial because it helps to delineate the scope of responsibility and influence each type of provider has over abuse mitigation.

Content Location, Trusted Notifiers and the Future

The DNS itself does not host content; it contains only domain names and data associated with each name, providing a way to navigate to content on the internet. DNS operators have no control over content hosted on websites. Even if a registry or registrar were to suspend or delete a domain name, the content still exists and can be accessed by anyone who knows the IP address of the website. In situations where malicious or illegal activity is identified by a relevant authority, registries and registrars play a supporting role in addressing it but actual removal or modification of content requires action by the hosting provider or website owner.

An established and expanding network of third-party “trusted notifiers” collaborates with law enforcement, as well as DNS and internet infrastructure providers and the cybersecurity community to identify, verify and report illegal and abusive behavior online while protecting free speech. In the United States, the National Telecommunications and Information Administration (NTIA) and the Food and Drug Administration (FDA) work with DNS infrastructure providers to combat illegal online opioid sales. The Internet Watch Foundation and law enforcement around the world are working to combat hosting of child sexual abuse material (CSAM). The Internet & Jurisdiction Policy Network, a multi-stakeholder group addressing the tensions between the cross-border internet and national jurisdictions, developed a trusted notifier toolkit and continues to work with more than 400 participants from governments, internet companies, technical operators, civil society groups, academia and non-governmental organizations around the world to address legal challenges and content-related abuse on the internet.

As the internet continues to evolve, the challenges of DNS abuse and other online harms will remain dynamic, requiring adaptive and well-coordinated responses. While ICANN’s role is specifically tailored to the operational security of the DNS through its contractual relationships with DNS infrastructure operators, the broader internet community—including hosting providers, content creators and users—must play a key role in combating abusive content and abuse of and via the DNS.

Effective mitigation of online harms, including DNS abuse, is not just about adhering to contractual obligations but also about fostering a collaborative ecosystem where stakeholders work together toward the common goals of safety and stability.