Dear CPWG Members,

I just wanted to provide a brief update on the work of the GNSO Council DNS Abuse Small Team, to whom the recent series of At-Large input (i.e. DNS Abuse gaps, gaps amongst gaps, and prioritization of all such gaps) has been relayed.

Cutting through the clutter, based on all input received to-date from SG/C/At-Large, that Small Team intends to recommend to the GNSO Council the following:

Recommendation 1: Initiate a comprehensive Issue Report on DNS Abuse Mitigation Gaps. The DNS Abuse Small Team recommends that the GNSO Council initiate an Issue Report to further investigate the identified DNS abuse mitigation gaps and to support informed policy action.

The aim/purpose of the Issue Report would be:

To confirm a given issue is within ICANN's mission,
To explain what the issue is, who it affects, what support there is to address the issue
To recommend whether the issue(s) is within the scope of ICANN’s Mission and properly within the scope of the GNSO policy development process
To suggest, via the development of a draft charter, whether the PDP needs to be modular, allowing for separately scoped and phased work, depending on the topic’s complexity and interdependence,
To identify when a gap/issue is better addressed in a mechanism other than a PDP.

Recommendation 2: Structure the Issue Report around Three Primary Gaps while maintaining flexibility for broader coverage. The ST recommends that the Issue Report focus on three gaps identified through the Small Team’s review of compliance/research data, community input, and gap matrix analysis. The ST suggests to only narrowly charter a PDP on three gaps and complete that work expeditiously. Subsequent PDPs could then be initiated from the original Issue Report, when the initial PDP completes its work.

Recommendation 3: Prioritize the following Three Identified Gaps.
Based on data analysis, community consultation, and input from stakeholder groups, the Small Team recommends the following three gaps be prioritized for early scoping and possible PDP initiation under the Issue Report:

Unrestricted API access for new customers: The INFERMAL study and other community inputs indicate a strong correlation between abuse and unrestricted API-enabled bulk registrations.
Associated Domain Checks: The CPH update during ICANN83 indicated that there is currently no contractual requirement or best practice standard requiring contracted parties to investigate domains associated with known malicious actors.
Limited coordination on DGA-based abuse: The current system for responding to Domain Generation Algorithm (DGA)-based threats commonly used in botnets and malware campaigns seems to be fragmented. No single trusted platform or protocol for real-time information sharing between registries, registrars, hosting providers, and law enforcement means fragmentation causing delays and inconsistent responses.

I note that these somewhat align with At-Large's input of:

12. Gap 2 Withhold unrestricted API access for new customers
08. Gap 1: Investigate associated domains
13. Gap 5: Inefficient coordination on DGA-based abuse to support LEA

I will report on any further progress post GNSO Council's August 2025 meeting.

Kind regards,
Justine

On Thu, 17 Jul 2025 at 15:40, Justine Chew <justine.chew.icann@gmail.com> wrote:

Dear CPWG Members,

As indicated during the CPWG call of 16 July 2025, I was unable to present the results of the At-Large CPWG Poll on prioritizing identified DNS Abuse Gaps at the call itself.

With the short extension of time given, we got a few more responses.

I am now sharing the results of the poll which was closed on 16 July at 23:59 UTC.

These 2 screenshots are drawn from the slide deck posted on the CPWG 16 July agenda wiki.

I will be sharing the results of the At-Large High Priority Gaps in order of prioritization (i.e. the first screenshot) with the GNSO Council DNS Abuse Small Team shortly.

Thank you to the respondents of this poll and the earlier survey on these DNS Abuse Gaps.

Kind regards,
Justine

_______________________________________________
CPWG mailing list -- cpwg@icann.org
To unsubscribe send an email to cpwg-leave@icann.org

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.