On 5 April 2024, ICANN Contractual Compliance began enforcing new Domain Name System (DNS) abuse obligations applicable to registries and registrars. That was the day that the global amendments to the Registrar Accreditation Agreement (RAA) and the Base Registry Agreement (RA) regarding DNS abuse mitigation obligations became effective. Since then, in addition to the mitigation actions already being taken by registrars and registries, registrars have suspended 2,528 domain names and disabled 328 phishing websites as a result of Compliance's enforcement efforts. This blog summarizes some of the enforcement actions we have taken since the amendments became effective.
On 5 April 2024, Compliance published new DNS abuse complaint forms, allowing anyone around the globe to report instances of noncompliance with the new DNS abuse requirements. In April and May 2024, we received 1,558 complaints related to DNS and other types of abuse. We closed 1,382 unactionable complaints, the majority of which lacked evidence that the complainant had first submitted its complaint to registrars or registry operators. The next largest group of unactionable complaints was duplicate complaints. The third largest group involved country-code top-level domains, which are outside of Compliance's enforcement authority.
For the remaining valid DNS abuse complaints, Compliance initiated 38 investigations with registrars and two with registry operators under the DNS abuse requirements, while others were initiated in June. The reported type of DNS abuse was mainly phishing only or phishing accompanied by other types of abuse (e.g., trademark infringement or counterfeiting) or other types of DNS abuse (e.g., spam used to deliver phishing or malware). The abusive domain names attempted to impersonate governmental institutions, as well as private entities rendering financial services, parking and mobility services, hotel and department store chains, trading companies, and others. The complaints were mostly submitted by self-identified information security researchers (13), representatives of the entities being impersonated (nine), and intellectual property lawyers (seven). No cases were initiated against registrars based on complaints submitted by law enforcement and other public authorities in the jurisdiction in which a registrar is established or maintains a physical office. During the same period, over 100 cases related to other types of abuse (no DNS abuse) were also initiated.
In these DNS abuse compliance cases, registrars suspended 2,528 malicious domain names and, in their capacity as web hosting providers, disabled 328 phishing websites utilizing subdomains after determining that the relevant second-level domains were compromised. Two registrars reported to us that they are undergoing their own reviews to refine their processes to address DNS abuse reports, while another is completing a remediation to ensure it provides abuse report confirmations.
At the end of June 2024, ICANN Contractual Compliance will begin including metrics related to enforcement of DNS abuse requirements in our regular monthly reports. These reports will include additional detail and more granular data broken out by DNS abuse type for registries and registrars. In the meantime, we hope that this update is informative and look forward to participating in DNS abuse discussions at ICANN80.
