Dec 9, 2019 - by Matt Serlin

In Support of the Framework to Address Abuse

As the Internet has grown, so too have the abuses that go along with one of the worlds’ most transformative technologies. For all of the positives the Internet brings, negatives like phishing, malware and child exploitation are a reality online.

As of December 9, 2019, 48 registrars and registries have signed onto the “Framework to Address Abuse.” This initiative was launched last month by a number of domain name registries and registrars, just prior to the ICANN meeting in Montreal. It addresses many of the most egregious abuses of the Domain Name System (DNS). Brandsight is incredibly pleased to join this important effort.

Addressing myriad abuses online has been a topic in the ICANN community for years, but as these abuses have become more prevalent and visible around the world, pressure on registrars and registries to take meaningful action has increased. In order to address DNS abuse, it is critical to have a common definition within the community, and the Framework spells out the following types of abuse:

  • Malware (malicious software installed on a user’s device without their consent for the purpose of gaining sensitive information)
  • Botnets (malware infected devices that are commanded remotely to perform certain activities)
  • Phishing (using fraudulent or “look-alike” emails to trick a victim into providing sensitive personal, corporate or financial information)
  • Pharming (redirecting unknowing users to fraudulent sites or services generally through DNS hijacking or poisoning)
  • Spam (unsolicited bulk e-mail where recipients have not provided permission to be contacted)

As it relates specifically to Spam, the Framework includes it only when it is used as a delivery mechanism for the other forms of abuse listed above. Unsolicited e-mail alone does not constitute DNS Abuse. That said, when it is used as a vehicle to perpetrate a phishing attack for example, it would be considered abuse.

The Framework indicates that registrars and registries must act on these types of abuses. However, it’s also important to note that registrars and registries have limited options when it comes to taking action on abuses in general.

The only real option available for registrars and registries is the “nuclear option” which essentially entails disabling an entire domain name. Only hosting providers can take action on specific sites or content within domain names, which affords them with much greater flexibility. Registrars and registries need to ensure that when they take action against a specific domain name, there are no unintended consequences.

Often times, a legitimate domain name will have a vulnerability that allows a bad actor to host abusive content on the site. In this case, disabling the entire domain name would also remove legitimate content, as the “nuclear option” removes everything from the Internet connected to that domain.

The Framework also addresses website content issues which are generally not as clear-cut as the abuses defined above. While it’s important for registrars and registries to have discretion allowing them to potentially act when presented with a claim of content abuse, there are certain categories of content abuse that the Framework indicates should be acted upon. These include:

  • Child sexual abuse materials
  • Illegal distribution of opioids online
  • Human trafficking
  • Specific and credible threats to incite violence

These are all categories that should be acted upon. But again it’s important to note that the only option available for registrars and registries is the “nuclear option” which is why it’s critical for hosting providers to be the first point of contact to address content issues.

The Framework is a great first step and a good starting point for conversations within the community. While we have heard from many that it does not go far enough, there is also a strong contingent that believe it goes too far. Given this, it would seem that the Framework strikes a good balance as a starting point.

The Internet has arguably been one of the most significant technologies the world has ever seen. It has enabled the world to be more connected than many ever would have imagined. It also created opportunity for bad actors to find ways to use the Internet to perpetrate bad acts which this Framework attempts to address.

As a registrar, Brandsight is proud to stand with our industry partners in this initiative and we are hopeful this effort continues to gain support by others in the industry.

Tags: TAG1, TAG2, TAG3, TAG4


Matt Serlin

With a focus on security, service and support, Matt Serlin joined the company in 2017 to lead all domain operations, including client services and domain name provisioning. Matt has over 15 years of direct domain name experience most recently with MarkMonitor where he was instrumental in building the industry’s first dedicated client services team, which has become the de facto standard for all corporate registrars.

Recent posts from Matt Serlin

Request a demo.

See for yourself the power of the Brandsight platform.

Schedule a demo
Brandsight web application