Skip to main content

DNS Abuse Review

Review Areas


View archived news.


The DNS Abuse Review aims to aid the work of the Competition, Consumer Choice and Consumer Trust Review Team (CCTRT) and will:

  • Provide an overview of the state of Domain Name System (DNS) abuse during the first three full years (2014 – 2016) of the New gTLD Program
  • Compare rates of abuse in new and legacy gTLDs
  • Provide options for measuring the effectiveness of the safeguards to mitigate malicious conduct in the DNS

Review Areas

DNS Abuse Study ("Statistical Analysis of DNS Abuse in gTLDs")

The CCTRT requested a study that would measure and compare rates of common forms of DNS abuse, such as phishing, spam, and malware distribution. Following the public issuance of a Request for Proposal (RFP) in August 2016 and interviewing a number of qualified candidates based on their submissions to the RFP process, SIDN Labs was selected to carry out the study given its experience in DNS abuse measurement and analysis.

The report was published on 9 August 2017.

New gTLD Program Safeguards to Mitigate DNS Abuse Report

Ahead of the launch of the New gTLD Program, ICANN solicited advice from stakeholders to a) examine the potential for increases in abusive, malicious, and criminal activity in an expanded DNS and b) make recommendations to pre-emptively mitigate those activities through a number of safeguards. Read the original report.

Areas of potential abuse were identified by experts in a diverse array of groups, including the Anti-Phishing Working Group (APWG), the Registry Internet Safety Group (RISG), the Security and Stability Advisory Committee (SSAC), Computer Emergency Response Teams (CERTs) and members from the banking, financial and Internet security communities. After extensive consultations, the below recommendations were made to address each issue area:



How do we ensure that bad actors do not run registries?

Vet registry operators through background checks to ensure no potential registry operator has been party to criminal, malicious, and/or bad faith behavior.

How do we ensure integrity and utility of registry information?

Require Domain Name System Security Extension (DNSSEC) deployment on the part of all new registries to minimize the potential for spoofed DNS records.
Prohibit "wild carding" to prevent DNS redirection and synthesized DNS responses that may result in arrival at malicious sites.
Encourage removal of "orphan glue" records to minimize use of these remnants of domains previously removed from registry records as "safe haven" name server entries in the TLD's zone file that malicious actors can exploit.

How do we ensure more focused efforts on combating identified abuse?

Require "Thick" Whois records to encourage availability and completeness of Whois data.
Centralize Zone File access to more efficiently obtain updates on new domains as they are created within each zone.
Document registry- and registrar-level abuse contacts and policies to provide a single point of contact to address abuse complaints and to have a publicly-available description of their anti-abuse measures. Registry operators may also require all registrars with whom they contract for services to provide an abuse point of contact and publish a documented abuse policy consistent with the registry's.
Provide an expedited registry security request process to address security threats that require immediate action by the registry and an expedited response from ICANN.

How do we provide an enhanced control framework for TLDs with intrinsic potential for malicious conduct?

Create a high security zone verification program to establish a set of criteria to assure trust in TLDs with higher risk of targeting by malicious actors—e.g. banking and pharmaceutical TLDs—through enhanced operational and security controls.

The DNS Abuse review will focus on analyzing the implementation and effectiveness of these safeguards in mitigating DNS abuse in new gTLDs, which will serve as an input to the work of the Competition, Consumer Choice, and Consumer Trust Review Team.


DNS Abuse Review Activity Timeline

Updated 12 February 2018

News Archive