On September 4, 2023, ICANN and the DNSAI hosted a Day of DNS Abuse Discussions as part of the DNS Symposium / OARC 41 week in Da Nang, Vietnam.
The first event of its kind, Day of DNS Abuse Discussions functioned similarly to a CPS event, focusing exclusively on issues of DNS Abuse that directly impact registries/registrars.
The event offered attendees that chance to get to the heart of practical issues without the accompanying noise that can come with the community wide dialog of the thrice yearly public ICANN meeting. This meeting focused directly on what is defined as DNS Abuse and was not a broad discussion of online harms and hosted around 150 participants in a mix of in person and remote attendance.
Speakers on a variety of abuse and compliance issues included Prudence Malinki of MarkMonitor, Reg Levy of Tucows, Graeme Bunton of the DNSAI, Michele Neylon of Blacknight, Brian Cimbolic of PIR, James Bladel of GoDaddy, Thomas Rickert of ECO/ Top DNS, Jeff Bedser of Clean DNS, Keith Drazek of Version and Nguyen Thang of VN Nic (and hosting country).
The first half of the day, which centered on discussions on the RA/RRA Amendments, featured iQ Global COO Su Wu, who spoke during the second session on how Registries and Registrars are planning to meet these obligations. Su discussed how to train a team to verify and act on abuse reports.
During Su’s talk, she explained the importance of defining and sticking to a prescribed procedure for your abuse team. Su suggested the procedure include:
Defining who within your team will be responsible for abuse.
Being clear about what kind of reports you deal with.
Defining what the actions will be for different kinds of reports and reporters.
A clear time window for action
Monitoring your name space
Staffing your team
Su also touched on abuse management systems and taking care of your abuse agents.
Su explains: “Training and coaching is important, along with well documented procedures and systems. You should also provide an escalation path within your abuse team. Cases where the initial abuse agent is uncertain about, can be escalated to a more experienced team member.
Remember, it is also ok for your abuse agents to make the wrong call. It can be hard to identify abuse, and erring on the side of caution and putting a hold on a legitimate domain is possible. Remember that server or client holds can be removed if an error is made.
It is also valuable for management to be an abuse agent for a day. This allows managers to understand the types of abuse and assess how the processes are working.”
The second half of the day was dedicated to deep dives on Phishing, reducing DNS Abuse as a community and a session on proactive approaches during which IQ SVP of Strategy and Development
Kelly Hardy addressed those who may be new to taking action on abuse providing quick and inexpensive wins that can aid in reducing the chances for abuse in your environment, including:
Personal education on issue and its parameters
Making 2FA a non negotiable
Not sweeping abuse reports under the rug
Using free resources like NetBeacon, ACID Tool and abusestats.com
3rd party monitoring
Making sure your TOU and policies include up to date definitions of DNS Abuse and the ability to action abuse of the TOU
Kelly explains: "DNS Abuse mitigation can seem overwhelming if you are new to consistently approaching it.
The reality is that it can seem like such a vast problem that you freeze or think it may be easier and cheaper to do nothing. Maybe you want to start but are incapacitated by not being able to immediately conduct mitigation practices perfectly or maybe you don’t have the support of your organization. There are plenty of perceived obstacles but the reality is that you don’t have to jump in all at once or instantly be an expert with perfect execution.
You just need to start with one step and gradually increase the momentum by continuing to ante in. We all get good at things through practice."
Both Su and Kelly stressed that as the community is learning to deal with these issues, there will be bumps in the road and that as a group there is a need to give each other grace when mistakes are made. The barrier to entry on DNS abuse mitigation can’t be so high or exclusive that it discourages companies from acting.
Su, Kelly and the iQ Global team would like to extend thanks to the DNSAI and ICANN teams for putting this event together and for inviting iQ Global to participate in the event.