An Institute to Combat Abuse

By Brian Cimbolic, PIR Vice President, General Counsel and Graeme Bunton, Director of the DNS Abuse Institute

Over the last few years, it’s become clear that abuse of the Domain Name System—whether in the form of malware, botnets, phishing, pharming, or spam—threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse.

Fighting DNS Abuse is a fundamental part of PIR’s mission as an exemplary non-profit registry.  PIR hopes to build off the foundation of the DNS Abuse Framework, which it helped create. PIR is taking these efforts to the next level, and we have announced the creation of the DNS Abuse Institute.  The Institute is charged with creating initiatives that will establish recommended practices, foster collaboration, and develop industry-wide solutions to combating DNS Abuse.   

We know that PIR cannot eradicate DNS Abuse single-handedly, but efforts such as this new Institute can make a significant impact across the DNS. PIR may have created the Institute, but the Institute will support the entire DNS community. We are actively building an advisory council to guide the organization’s efforts in a way that reflects the diverse interests involved in combating DNS Abuse.

The first step will be to bring people together. Our intention is to host forums where we can convene leaders in the space to better understand the biggest challenges the community faces. The first of these will be held on March 16, 2021 and we encourage everyone committed to combating DNS Abuse to join us.

We know that the more we gather, the more we will all learn from each other, and the focus of the Institute will evolve and grow.  

But as a starting point, we are focused on three core areas:

• Driving innovation in the DNS.  The Institute will create recommended practices to address DNS Abuse with solutions for registries and registrars of various sizes and resources, provide funding to qualified parties to conduct innovative research on cybersecurity and DNS Abuse related issues, and develop practical solutions to combat DNS Abuse.

• Serving as a resource for interested stakeholders. This includes maintaining a resource library of existing information and practices regarding DNS Abuse identification and mitigation, promulgating abuse reporting standards (e.g., what is needed for a “good” notification on abuse), and publishing academic papers and case studies on DNS Abuse.
  
• Building a networking forum and a central sharing point across stakeholders. Collaboration with technical and academic organizations that work on DNS Abuse issues, registries, registrars, and security researchers will help enable the entire DNS to be better equipped to fight DNS Abuse.

No single organization has all the answers. From the outset, we intend to work closely with other organizations in the anti-abuse space, including technical organizations, and thought leading organizations, like the Internet and Jurisdiction Policy Network.

If you have ideas about how to combat DNS Abuse, we urge you to reach out and to join the conversation. We look forward to discussing the important questions surrounding DNS Abuse with stakeholders from across the DNS community.

We understand the challenge in front of us. We look forward to taking it on alongside so many others in our community.  We hope you’ll join us.