Hi Farzaneh (and everyone else) - I wanted to note that Section 3.18.2 of the RAA has language that might account for these considerations in the language highlighted below: 

 

"When Registrar has actionable evidence that a Registered Name sponsored by Registrar is being used for DNS Abuse, Registrar must promptly take the appropriate mitigation action(s) that are reasonably necessary to stop, or otherwise disrupt, the Registered Name from being used for DNS Abuse. Action(s) may vary depending on the circumstances, taking into account the cause and severity of the harm from the DNS Abuse and the possibility of associated collateral damage.”

 

Perhaps that language would be helpful in any ultimate Policy to take those concerns into consideration. 

 

Thanks,

 

Brian

 

	Brian Cimbolic | Chief Legal and Policy Officer brian@pir.org | www.thenew.org | Power your inspiration. Connect your world.

 

Confidentiality Note:  Proprietary and confidential to Public Interest Registry.  If received in error, please inform sender and then delete.

 

From: farzaneh badii via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Date: Sunday, April 12, 2026 at 10:31 AM
To: Naoum MENGOUDIS <n.mengoudis@cybercrimeunit.gov.gr>
Cc: Feodora Hamza via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Subject: [Gnso-dnsabuse-pdp] Re: Another numbers request.

Hi Naoum,

You mentioned earlier that ADC would have no adverse effect on rights (I include access in it too). I did not respond at the time because I think that conclusion is premature and needs to be assessed in context.

 

First, when we talk about human rights in this setting, we are not only concerned with established violations but with risk, that is, the likelihood that certain practices could lead to disproportionate or unjustified impacts on registrants and end users.

 

In your example, you effectively illustrate how that risk can increase with ADC check: 

“PLUS, you can use heuristics, like, if you verify that 20 of the 100 domains of the customer are abusive, and using other available information and indicators (e.g. everything being registered via API and on the same day), you can just deactivate all 100 of the domains and nobody will complain about it (without even having to check further, saving lots and lots of resources)” 

 

This approach introduces a clear risk of overbroad action, where domains that have not been individually assessed are nevertheless subject to the same outcome. Even if some domains are abusive, extending action to the entire portfolio without further verification raises questions of proportionality, accuracy, and potential impact on legitimate uses.

Best regards 

 

 

Farzaneh 

 

 

On Sun, Apr 12, 2026 at 7:33 AM Naoum MENGOUDIS via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> wrote:

Dear all,

 

Following the numbers being thrown around in the recent emails, It would be of interest to know the average number of domains an end customer holds. And maybe also the maximum number of domains an end customer holds, to have an idea of the extreme case scenario. This would give us a better estimate of the work needed to be done when doing ADC. [End customer means actual registrants, excluding Resellers and Privacy & Proxy Services]

 

Having 100.000 abusive reports in total says nothing about the overhead of a possible ADC. Maybe ADC would actually help because the reports would be handled in groups instead of one by one (because, as you know, when you are "in the zone" you get more work done compared to starting and stopping and constantly switching contexts).

 

For example, if the average ownership is 100 domains per end customer, you would have to check an additional 99 domains of that customer when one of his domains is reported. Better do it as a group, instead of waiting to do it 100 times in total at some point. PLUS, you can use heuristics, like, if you verify that 20 of the 100 domains of the customer are abusive, and using other available information and indicators (e.g. everything being registered via API and on the same day), you can just deactivate all 100 of the domains and nobody will complain about it (without even having to check further, saving lots and lots of resources). On the contrary, acting on each of the reports that will come in the future is way more resource intensive.

 

And can we have some examples of real scenarios when an ADC would be detrimental to the resource use of the Registrar? So we can validate or not this argument, or any other related argument, or plan appropriate safeguards, instead of dismissing a good practice (i.e. the ADC triggered every time).

 

Regards,

Naoum

 

ΜΕΓΓΟΥΔΗΣ Ναούμ

Αστυνόμος Α'

Διεύθυνση Δίωξης Κυβερνοεγκλήματος

Τμήμα  Διαδικτυακής  Προστασίας  Ανηλίκων 

Λ. Αλεξάνδρας 173, 115 22, Αθήνα

 

MENGOUDIS Naoum

Police Major

Cyber  Crime  Directorate

Online Child Protection Department

Alexandras Avenue 173, 115 22, Athens

T: (+30) 2106476475

E: n.mengoudis@cybercrimeunit.gov.gr
-------------------

Email  Disclaimer

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.If you  are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

Think green before printing

 

_______________________________________________
Gnso-dnsabuse-pdp mailing list -- gnso-dnsabuse-pdp@icann.org
To unsubscribe send an email to gnso-dnsabuse-pdp-leave@icann.org