ALAC: DNS Abuse (R1)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| ALAC: DNS Abuse (R1) | AL-ALAC-ST-1219-03-00-EN | Phase 3 | Evaluate & Consider |
DESCRIPTION
Establish a clear definition of DNS Abuse. The GNSO has already produced consensus definitions of “abuse” and “malicious use of domain names” that are more expansive. According to that definition, “abuse” is an action that: 1) Causes actual and substantial harm, or is a material predicate of such harm; and 2) Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such a purpose is disclosed. The GNSO also recognized that “malicious use of domain names” include, but are not limited to: 1) spam, 2) malware distribution, 3) online child sexual exploitation and imagery abuse, 4) phishing, 5) botnet command-and-control. ICANN should clarify the purposes and applications of “abuse” before further work is done to define DNS abuse. Once those purposes are identified, ICANN should determine whether abuse definitions used by outside sources can serve as references for the ICANN community, or whether a new, outcomes-based nomenclature could be useful (including impersonation, fraud, or other types of abuse) to accurately describe problems being addressed.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
| Phase 3 | Phase Update | ICANN sent a letter (https://www.icann.org/en/system/files/correspondence/olive-to-zuck-13oct23-en.pdf) to the ALAC regarding this Advice item. |
| Phase 3 | Phase Update | As stated in the Board's response to DNS Abuse related recommendations from SSR2, the Board has asked ICANN org's DNS Security Threat Mitigation Program and the DNS abuse Board Caucus group to consider all of the pending advice and recommendations and develop a strategic and holistic approach. This process is underway and aims to complete at the latest by the end of 2023. |
| Phase 3 | Phase Update | As stated in the Board's response to DNS Abuse related recommendations from SSR2, the Board has asked ICANN org's DNS Security Threat Mitigation Program and the DNS abuse Board Caucus group to consider all of the pending advice and recommendations and develop a strategic and holistic approach. This process is underway and not yet complete. |
| Phase 3 | Phase Update | The Board is forming a caucus group to determine path forward on DNS Abuse. |
| Phase 3 | Phase Change | Now Phase 3 |
| Phase 2 | AP Feedback | ALAC agreed with understanding and provided feedback: Ideally, the ICANN community should continue its ongoing discussions regarding the definition of DNS Abuse, including the best vocabulary with which to discuss it. At the time of our comment even the term DNS Abuse was not in general use by the public but many of the "techniques" (phishing, malware, etcl) and "outcomes" (impersonation, fraud, etc.)are. None of this should stand in the way of improving the mechanisms and tools that are available to Contract Compliance and the ICANN Community to combat abuse. |
| Phase 2 | Phase Update | Understanding sent to ALAC. |
| Phase 2 | Board Understanding | ICANN org understands ALAC to advise the Board to direct ICANN org to establish a clear definition of ?abuse? that is within ICANN?'s remit. We assume that any such definition would, without limitation, include harmful activity insofar as they intersect with the DNS and involves the use of malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS abuse). ICANN org further understands ALAC to advise the Board to direct org to clarify the ?"purposes and applications of ""'abuse"" ' before further work is done to define DNS abuse.?" We are unsure, however, what ALAC?'s reference to ?'purposes and applications? ' of abuse is intended to mean and request clarification on this point. Is ALAC's advice to identify the characteristics of abuse (e.g., behavior that affects the DNS in specified ways) that would be within ICANN?'s remit? If so, ICANN org also understands ALAC to advise that once the scope and characteristics of abuse within ICANN?'s remit is identified, a determination should be made whether abuse definitions used by outside sources can serve as references for the ICANN community, or whether a new, outcomes-based nomenclature could be useful (including impersonation, fraud, or other types of abuse) to accurately describe problems being addressed. |
| Phase 2 | Phase Change | Now Phase 2 |
| Phase 1 | Phase Update | Acknowledgement sent to ALAC. |
| Phase 1 | Phase Update | ALAC published AL-ALAC-ST-1219-03-00-EN: DNS Abuse: https://atlarge.icann.org/advice_statements/13747. |