DNSAI Newsletter March 2023

With ICANN 76 in Cancun drawing near, it seemed a good time to provide an update on the activities of the DNS Abuse Institute.  Below we’ve got news on our measurement project DNSAI Compass™, NetBeacon™, and some recent work on bulk domain registrations.

DNSAI Compass

We have now been publishing data as part of our measurement initiative for over 6 months. The intention of Compass is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement, help us understand through these reports which factors, policies, and processes are effective, and empower the industry with evidence.

As Compass matures, we’re working towards public reporting on individual Top Level Domains (TLD) and registrar performance. Our aim is to celebrate and recognize observed good practice, as well as shine a spotlight on potential for areas of improvement in the industry.

We’ve also been working on developing individualized reports for registrars and TLDs ahead of ICANN76 in Cancun. These are the reports we show to registrars and registry operators when we meet with them directly to give them a sense of how they’re doing. These are not for public consumption and we do not intend to publish them. However, they do contain a number of metrics which could be used as part of an approach to public reporting.

For those of you headed to ICANN76, we’ll be presenting at the CPH DNS Abuse Outreach Session during the ‘upcoming community work’ section, and giving a preview of some of the data we hold (with permission from the relevant registry and registrar). This session takes place at 13:15 Cancun (UTC-5), 13 March 2023.

We’re offering an opportunity for all registries and registrars to meet with us and view the domain registration and abuse data we have collected on your registrar/registry. If you would like to chat with us in person in Cancun, Please contact us for more information or book a time directly. Alternatively, we can organize a virtual meeting later in March/April 2023.

NetBeacon 

When we began developing NetBeacon, our free abuse reporting system, we concentrated on ensuring it had the features needed to improve the experience of receiving reports for Registrars. This meant ensuring reports were standardized, enriched with useful information, and distributed to where registrars wanted to get them. While there is always more work to do on the recipient side, we’ve been recently working to add useful features for the people and organizations that wish to report DNS Abuse.

We’re pleased to announce that NetBeacon now has the ability to “verify” abuse reporters. Anyone who represents an organization can request verification from the Identity settings page in NetBeacon. This allows verified abuse reporters to include their organization name in report subject lines, and to include boilerplate text on every abuse report they submit. We’ve got a number of other reporter-specific features in the pipeline we look forward to sharing soon.

Check out NetBeacon here.

Publications

Letter to the GNSO on Bulk Registrations

In January, the DNSAI received a letter from the GNSO asking for information on the relationship between bulk domain registration and DNS Abuse. We recently published our response here. Briefly, we surveyed all the research we could find on bulk registrations, and found that there were no consistent definitions of the issue. In addition, none of the research attempted to understand what proportion of bulk registered domains were abusive, only that some abusive domains were registered in bulk. While we’re conducting our own investigations into the issue, it seems clear to us that more research would be necessary to justify work from the community.

Best Practices 

• Anti-Fraud Tools and Registration Flows for Registrars
• Making Phishing Reports Useful
• Abuse Reporter Expectation Management
• Generic Abuse Policy for Registrars and Registries
• Secure Your Website, Save the Internet

DNSAI in the news 

DNSAI Compass: Six Months of Measuring Phishing and Malware

An article the Institute published in CircleID to share information on lessons learnt six months on measuring phishing and malware. 

Introduction to the Institute in Spanish

Thank you to .ec for hosting us on their webinar and translating our introduction to the Institute into Spanish. Available online (at 38 mins).

Upcoming Events

ICANN Cancun

We will be available for meetings with interested parties. In particular, if you’re a registrar or registry and you haven’t met with us to view your unpublished data we encourage you to do so. You can book a meeting here.

Nordic Domain Days

Graeme will be in Stockholm for Nordic Domain Days, May 8th & 9th, 2023.  We’ll be participating in a DNS Abuse workshop, and introducing everyone to NetBeacon and our Compass reporting. If you’re planning on attending and want to catch up, please reach out.