The Path to Combatting Abuse

By Graeme Bunton, Director of the DNS Abuse Institute

Completely eradicating malware, botnets, phishing, pharming, and spam from the Domain Name System is not possible. That may be an odd statement from someone who just took the leadership position at the DNS Abuse Institute, but it’s meant to underscore the scope of the work ahead of us. There will always be bad actors exploiting the DNS for their own criminal purposes, but working together, we can mitigate their impact.

This begins with bringing the domain name community and other interested stakeholders together to collaborate on making the DNS safer, and we took an important step in that direction with the inaugural DNS Abuse Forum co-hosted by CircleID.

Efforts to combat DNS Abuse are not new.

Leaders came together in 2019 to publish a framework for the industry to address issues, and Public Interest Registry regularly updates its data on DNS Abuse within the .ORG domain name and its takedown efforts. But DNS Abuse forum panelists Ashley Heineman (GoDaddy), Jeff Bedser (iThreat), John Crain (ICANN), and Chris Lewis-Evans (UK National Crime Agency) forged a path for how the industry can be more effective.

For example, John Crain pointed out that malware and phishing tends to be campaign driven, which means the industry needs to be nimble and organized when it identifies these attacks. That requires greater collaboration.

Ashely Heineman noted that only a fraction of the DNS Abuse reports that GoDaddy receives are unique, evidenced, and actionable. Improving the quality of abuse reporting will enable Registries and Registrars to be more efficient with their time and efforts.

One of the challenges raised during the forum was the emergence of reusing domains for abuse. Chris Lewis-Evans pointed out how bad actors will utilize a domain, then park it to keep it under the radar, before deploying it again for phishing or spam emails. Sophisticated techniques are leading to an increase in the resale of victim data, which reinforces the need to combat bad actors.

Lewis-Evans also pointed out that the number of domains doesn’t equate to the level of harm attributable to abuse. He called for a greater emphasis on educational materials and awareness campaigns and wider and more standardized abuse reporting.

Jeff Bedser echoed that message, pointing out that the standardization of definitions and escalation paths as well as evidentiary standards are critical to combating abuse, especially reducing the “life cycle” of an abusive domain. He laid out a “best practice” scenario:

• DNS abuse is reported
• Abuse is well evidenced
• Escalation path is followed to appropriate party for action
• Mitigation occurs within a relatively short period of time
• Victimization window is reduced

To achieve this best-case scenario will require a new level of collaboration. As a next step, the Institute will hold a follow-up forum later this spring focused on the overlap of civil society and intellectual property concerns with regard to DNS abuse.

The Institute welcomes all who want to join our effort to facilitate discussions, raise awareness, and create solutions. One way you can do that is by signing up for the DNS abuse newsletter at dnsabuseinstitute.org. Also, feel free to reach out to me directly via email: Graeme@dnsabuseinstitute.org.

The domain community will never be able to rest when it comes to DNS Abuse.

What we can do is work together to develop, harmonize, and propagate best practices that create a safer, more responsible Internet. The Institute is committed to serving in a central role in these efforts.