Domain name abuse: ICANN’s masterplan for fighting bad actors


Domain name abuse: ICANN’s masterplan for fighting bad actors

Crystal Eye Studio /

In July ICANN proposed several measures aimed at clamping down on abuse of the domain name system. TBO looks at some of the proposals and assesses how effective they will be.

At some point in our lives, most of us will have stumbled across a website promising untold riches, discounted holidays to far-flung locations or cheaper-than-usual designer goods. When we get to the page we might be told to “enter your credit card details” in what seems like an obvious scam.

Although the majority of web users won’t fall for such tricks, the small percentage that do is enough to ensure bogus websites continue to crop up every day.

In a “revised report” on domain name system (DNS) abuse, ICANN proposed several measures aimed at clamping down on poor conduct—right down to the registries that grant domain names in the first place.

According to ICANN, although “no globally accepted definition exists”, variations of abuse include “cybercrime”, “hacking” and “malicious conduct”—from the phishing and spamming websites seeking to gain valuable security information, to cybersquatted domains that are confusingly similar to a brand owner’s trademark, to websites selling pirated or malicious software.

In its report, ICANN referenced its “Global Consumer Research” study, carried out in 2015. In that study, 6,144 consumers were surveyed on their knowledge of what constituted DNS abuse.

According to the study, 74% of respondents were aware of phishing, 79% of spamming and 40% of cybersquatting. Consumers also reported high levels of being “very/somewhat scared” of each abusive behaviour and a belief that these behaviours were also “very/somewhat” common.

The revised report, published on July 18 and written by ICANN staff, explores methods for measuring the effectiveness of safeguards to mitigate DNS abuse. It also looks at what activities may constitute DNS abuse and provides a preliminary review examining ways to combat the abuse.

The report will be reviewed by ICANN’s competition, consumer trust and consumer choice (CCT) review team as part of its analysis of how to prevent abuse. At the time of writing, the CCT was considering the report.

Main concerns

An initial draft of the report, which asked for suggestions on what the biggest threats were, was published in March this year and the latest version includes suggestions received during the comment period.

Four concerns were highlighted. They were: how to ensure that bad actors do not run registries; how to ensure integrity and utility of registry information; how to ensure more focused efforts on combating abuse; and how to provide an enhanced control framework for generic top-level domains (gTLDs) with potential for malicious conduct.

In its responses ICANN proposed vetting registry operators through background checks, requiring ‘thick’ Whois records and providing an expedited system for requesting registry security to address security threats.

On ensuring that bad actors do not run registries, ICANN said registry operators with a malicious or criminal history should be prevented from signing a registry agreement.

“In addition to merely providing a publicly-available abuse point of contact, all registries should be required to publicly post policies for handling abuse complaints.”

The report added that a thick Whois record would include the registrant’s contact information and administrative and technical contact details, in addition to the sponsoring registrar and registration status.

ICANN said: “This is in contrast to ‘thin’ Whois records, which only store information sufficient to identify the sponsoring registrar and status of the registration, and provide no information on the registrant,” adding that the use of thick Whois records may allow for “more complete and rapid data search during efforts to identify malicious actors operating in the DNS”.

Jonathan Uffelman, attorney at law firm Finnegan, Henderson, Farrabow, Garrett & Dunner, says he is particularly encouraged by this proposal.

“Such measures are critical in assisting rights owners in their ongoing enforcement efforts. We would also like to see ICANN consider any steps that could be taken to ensure that domain name registrants provide truthful and accurate contact information, even where privacy or proxy services are used,” he tells TBO.


Furthermore, the report suggested creating a draft framework for a high-security verification programme to establish criteria to ensure trust in gTLDs that have a higher risk of being targeted.

In the report, ICANN added that its governmental advisory committee had recommended the creation of a model for the verification and validation of registry operator credentials as public interest commitments (PICs). This, ICANN said, would apply to “highly regulated sectors” and would be used to establish and maintain the trustworthiness of the relevant domains.

Brian Winterfeldt, partner at law firm Mayer Brown, says he was pleased to see that the report highlighted PICs as additional DNS abuse safeguards “particularly with respect to trademark infringement and counterfeiting, among other important IP-related protections”.

But Winterfeldt adds that he was disappointed that comments from the IP community regarding how several registry operators with “dubious practice vis-à-vis trademark rights” were able to pass background screenings had not been assessed.

One thing he would have liked to have seen added to the report was a discussion on registry policies for handling complaints about abuse, and potential minimum requirements for such policies. 

“In addition to merely providing a publicly-available abuse point of contact, all registries should be required to publicly post policies for handling abuse complaints that comport with certain minimum requirements, such as set timeframes for responding, and providing guidance on what abuse complaints should contain in order to be actionable,” he says.

Uffelman expresses concern that the proposals do not go far enough in addressing the issues faced by online infringement and cybersquatting.

“Although ICANN states that addressing issues related to website content is outside its remit, the scope of its review nevertheless could and should expand to encompass safeguards aimed at protecting copyright and trademark owners specifically,” he says.

“The current system places a substantial burden on copyright and trademark owners to police and respond to online infringement and cybersquatting. This burden is particularly troubling with respect to trademarks because if companies fail to adequately police their brand, they run the risk that their marks will be diluted or lost altogether.”    

Winterfeldt adds: “Ultimately, while the revised report still falls short in some areas, we are hopeful that the report … will serve as an important and informative resource for the review team as they develop recommendations regarding ways to enhance trust in new gTLDs and the broader DNS.”

At first glance the proposals go some way to helping control DNS abuse.

However, at a time when the internet is expanding, with new domain names becoming available, it appears that thorough work is still required in order to keep consumers away from spurious links and counterfeit sites.

ICANN, domain names, new gTLDs, DNS abuse, copyright, trademark, online infringement,

Trademarks and Brands Online