NetBeacon: Providing Registrars with Actionable, High-Quality Abuse Reports

The DNS Abuse Institute, supported by Public Interest Registry (PIR) and CleanDNS, is launching a free service to reduce the friction for reporting and mitigating DNS Abuse.

NetBeacon, formerly known as CART, is targeted at two interrelated problems: 

• Complexity: Reporting DNS Abuse to registrars and registries currently requires technical knowledge and ability to navigate the entire ecosystem. This is onerous, confusing, non-standardized, and extremely difficult to do at Internet-scale. 
• Quality: The DNS Abuse reports that registrars and registries receive are frequently duplicative, unevidenced, unactionable, and often contain domains that aren’t related to them. This can consume time and resources with little of that effort improving the Internet. 

Registrars

NetBeacon aims to make it easier for registrars to receive actionable, high quality reports of phishing, malware, botnets, and spam. It also includes customisation to suit your individual needs. 

NetBeacon reports are: 

• Evidenced: Our standardized abuse reporting forms prevent reporters from submitting a report that does not meet a basic evidentiary standard. We then enrich these reports with additional external API sources (like Reputation Block Lists, Hybrid Analysis). 
• Relevant: Our service associates the domain name with the relevant registrar to ensure you only receive reports relevant to your domains under management. You can also redirect potential reporters to use NetBeacon instead of providing your abuse teams with reports you cannot action. You are also able to embed the NetBeacon tool in your abuse reporting webpage, filtering out the irrelevant reports and sending them to NetBeacon for redirection to the relevant registrar. 
• Flexible on format: You can choose which email address the standardized report should go to, and pick human readable format or XARF. You can also consume reports via API. 
• Customisable: Decide if you want reports instantly, or compiled and sent daily. Choose which types of reports you want to receive (phishing, malware, botnets and spam). 
• Simplifying Triage: If you find some reporters send you particularly useful reports (or not), you can label them and their subsequent reports to speed and simplify your triage processes. 

Data collection 

NetBeacon will keep metadata on submitted abuse reports for analysis and management purposes, but will not store the substance of each report beyond the time necessary to address quality assurance issues, or to identify misuse of the service. On personal data, we will collect the minimum possible to achieve our purposes and prevent misuse of the service. You can read more in our Privacy Policy after NetBeacon is live. 

Next steps

NetBeacon grew out of a genuine need in the domain community that has been flagged time and time again (e.g., in ICANN’s Second Security, Stability, and Resiliency (SSR2) Review Team’s Final Report, and ICANN’s Security and Stability Advisory Committee (SSAC)). 

We want to engage with registrars to make sure you get the most out of this free service, we’ve included customizability to make this as useful as possible for your specific circumstances. 

Registrars can contact us now to create an account ahead of the launch in June 2022: info@dnsabuseinstitute.org