JUNE 2021 EDITION

DNSAI: FORUM 2 - DEFINING DNS ABUSE

It’s hard to make progress on combating DNS Abuse when everyone is talking about slightly different issues. As such, the Institute focused its second online forum on a discussion about what DNS Abuse is, and how stakeholders with different perspectives approach the definition. We had a fantastic, insightful, and enjoyably humorous panel that really dug into how the speakers define DNS Abuse. While we did not conclude with everyone agreeing on a single definition, we did discover that there are merits to the different perspectives and that the complexity of DNS Abuse requires sophistication in how we discuss it.

You can read a longer summary, as well as watch the forum in its entirety here: https://www.circleid.com/posts/20210608-examing-real-examples-of-dns-abuse-overview-of-2nd-dns-abuse-forum/

DNS ABUSE INSTITUTE ROADMAP

The Institute has existed for about four months now. I’ve spent much of that time learning more about DNS Abuse, talking with interested people both inside and outside the domain name industry, and working to aggregate those learnings and conversations into a coherent plan to mitigate DNS Abuse.

In May, over the course of two meetings, I shared that plan with the DNSAI Advisory Council (AC) for feedback and input. The response from the AC was overwhelmingly positive, and after incorporating their input we’ve now made the roadmap public. It’s not a crazy long document at 15 pages, but as we approach summer here in the Northern Hemisphere I suspect it’s not beach reading material and to that end we’ll summarize the key pieces below. We will also link to a more lengthy summary, the document itself, and the mechanism to provide feedback.
.

ROADMAP KEY CONSIDERATIONS

The DNSAI Roadmap is based on two related ideas; the tactics for reducing DNS abuse, and the economic realities of working with the domain registration industry. DNS Abuse reduction tactics fall into two categories: preventative and reactive. Preventative measures work by stopping potentially harmful domains from either completing the registration process or from resolving. These solutions require operational changes to domain registration platforms. 

Reactive approaches to reducing DNS Abuse are focused on implementing quick and efficient mitigation techniques after a report of abuse. Reports may be submitted directly to the  Registrar or Registry, or consumed by them in the form of Reputation Block Lists (RBLs) or via abuse feeds.

The domain registration industry has its own particular dynamics. It’s generally a high volume, low margin business that requires scale for success. It’s also a mature industry that has seen, and will likely continue to see, substantial consolidation. The result is an industry that is very cost sensitive and is already spending considerable resources to maintain older platforms, consolidate acquisitions, and adjust to the changing regulatory environment.

Within this context, the DNS Abuse Institute has chosen to focus its efforts, at least for the short to medium terms, on areas that it can impact directly and don’t require the industry to dedicate valuable and scant engineering resources to the cause. There is still lots of work to be done in this space, which we’ve prioritized into three cornerstone initiatives.
 

CORNERSTONE INITIATIVES

DNSAI: Learn - The Learn initiative will fulfill the educational mandate of the Institute. The Institute will produce educational content on a regular basis, resulting in the best DNS Abuse resource library available. This content will include best practices for registries and registrars to mitigate abuse, both preventatively and reactively. This initiative will also include resources for law enforcement, businesses, intellectual property interests, and end-users. The Institute will also gather and curate academic research, industry white papers, and case studies.

DNSAI: Centralized Abuse Reporting Tool (CART) - This initiative is designed to rectify a gap: there are currently no industry standards on how to implement abuse reporting, what abuse may be reported, and where to report it. As such, there is a substantial amount of diversity in abuse reporting methods employed by registries and registrars, which can lead to unevidenced reports of abuse, often in duplicate, and frequently unactionable. These reports fill service queues and require a substantial amount of time and resources to triage and address. Stakeholders reporting abuse must identify exactly where and how to address abuse reports across a myriad of registries and registrars with their own mechanism and evidence requirements. To solve these issues the DNS Abuse Institute will build a centralized abuse reporting tool.

DNSAI: Intelligence - Through the DNS Abuse Intelligence initiative, the Institute will offer an understanding of the DNS Abuse landscape. The Institute intends to build its own DNS Abuse Intelligence platform to publish DNS Abuse statics by registrar, registry, and TLD, including both ccTLDs and gTLDs. The information will be based on evidenced data that measures persistence as well as existence and distinguishes between compromised websites and malicious registrations.

You can read a similar summary here on our blog: https://dnsabuseinstitute.org/the-dns-abuse-institute-roadmap/

But you should definitely consider reading the actual document here: https://dnsabuseinstitute.org/wp-content/uploads/2021/06/DNS-Abuse-Institute-Roadmap.pdf

COLLABORATION AND FEEDBACK

One of the Institute’s pillars is collaboration, and we see that not just as a goal or tool to implement, but also as a part of our processes. To that end, we’ve shared a google form for capturing feedback on the Roadmap.  

We want to hear from you what you think it’s right, what’s wrong, and what you think is missing. I’ve learned a lot from my conversations with many different stakeholders over the past four months, so I’m confident that there is valuable input within the DNS community and we would love to have it.

Please share with us your thoughts here: https://forms.gle/yMDcqFTJ8T4drG227

TIME TO GET TO WORK

The publication of the Roadmap is a pivot point for the Institute as we turn from planning to doing. We’re hard at work on detailed project plans and in discussions with stakeholders and potential partners to make sure we get these initiatives right and out the door as soon as possible. We aim to begin the DNSAI: Learn initiative in the next few weeks, with work on other initiatives to begin in earnest in Q3.