With my IP lawyer hat on I hear lots of lawyers and trademark
owners claim that they are being abused by a malicious domain
when, in fact, all that is happening is that someone beat them to
the name registration of a name that they feel is standing too
close to one of theirs.
From where I sit claims of "malicious" and "abuse" are often mere
whining about acts that are neither actually malicious nor
actually abusive.
From an end-user PoV I don't think there's any such thing as a malicious registration. A domain only becomes malicious when it becomes the source of
- Botnets
- Malware
- Pharming
- Phishing
- Spam
which constitutes the definition of DNS Abuse according to the ICANN Board and described at https://www.icann.org/dnsabuse.
Many others including myself consider a much broader definition of abuse, which depending on personal preference may include:
- Fingerprinting and cross-site tracking
- Advertising based on said tracking
- Adult content
Is there a good reason not to keep the At-Large discussion focused on DNS Abuse that matters to end-users? In other words in the minds of Interisle, a domain that somebody
puts onto some block lists within three months is adjudged,
usually without further inquiry, as "malicious".
Well... by definition, any entry in a list of malicious sites is malicious to someone. It all boils down to whether you trust the list maker to have (a) a clear definition of what constitutes a malicious site to them and (b) an effective and transparent mechanism to address both false positives and false negatives.
Or to put it another way around, what is "malicious" depends on
the opinions of some unknown block listing agencies.
Because some people like myself have a broader definition of malicious than ICANN's.
Indeed, one definition of malicious does not fit all. The ControlD public DNS server enables
six different levels of abuse blocking. And that's just the free service, the paid one enables much more fine-grained control.
That is not not a definition. Rather it is an invitation to
vigilante and inconsistent behaviour.
One man's vigilante is another's hero.
I've been relying for decades on the Spamhaus blackhole list to filter out sources of spam. It has been utterly consistent and extremely useful.
Now public DNS servers such as Cloudflare's 1.1.1.2 (and including
one created by a ccTLD registry) offer similar methods for end-users to block the abusive domains that ICANN can't or won't.
Might the definitions in some lists be arbitrary? Maybe, but so what? I'm the end user, I want to be in control of the definition and list that works for me.
Please don't fearmonger. SSAC 127 notes that about 21% of Internet users are using public and filtering DNS servers. They all depend on blocklists and they seem to work pretty well.
- Evan