Dear All,

 

Today, the Internet Corporation for Assigned Names and Numbers (ICANN) announced that country code top-level domain (ccTLD) operators will now be able to actively participate in the Domain Abuse Activity Reporting (DAAR) system.

 

ICANN's DAAR system is used to study and report on domain name registration and security threat behavior across top-level domain (TLD) registries. The data is obtained from a curated list of Domain Name System (DNS) reputation providers.

 

Now, ccTLD operators can pull their own aggregated DAAR data via the Monitoring System Application Programing Interface (MoSAPI). The MoSAPI interface allows registry operators to retrieve information collected by the ICANN Service Level Agreement Monitoring (SLAM) system. While ccTLD operators will not be subject to the SLAs the SLAM system monitors, using MoSAPI will allow a consistent interface for all registries participating in DAAR. The aggregated data counts security threats broken down by threat type (e.g., phishing, botnet command and control, malware distribution, and spam) per TLD. These data sets will be similar to those of the generic top-level domains (gTLDs) that are currently provided via MoSAPI. Having access to such data will enable ccTLD operators to monitor the DAAR security threat levels per threat type per month in the same way as gTLD operators.

 

The ICANN organization invites all ccTLD operators to participate in the DAAR project to promote a greater understanding of DNS abuse across the global DNS. To participate, ccTLD operators should send a request to globalsupport@icann.org to begin the process.

 

More Information

For additional discussions regarding DAAR project data sharing and any other measurement of DNS security threats and abuse related topics please join the DNS-Abuse-Measurements mailing list.

DAAR webpage: https://www.icann.org/octo-ssr/daar.

Read this new alert here: https://www.icann.org/news/announcement-2019-11-19-en

 

Best regards,