Hi Brian,
removing any requirement of there being any reasonable indication of there actually being further domains to look for is unreasonable and will ultimately achieve the opposite of our goal:
Instead of taking a targeted approach to likely occurrences of DNS abuse, this new language would require Registrars to go on wild goose chases for potentially existing affiliated domain names. So instead of actioning multiple abuse tickets received by a registrar,
the abuse desk has to spend time doing a victory lap each time we take action on one ticket, greatly reducing the capacity to timely act upon incoming reports.
There must be an element in the ADC requirement that only triggers the requirement to do an ADC when it can be reasonably assumed that such ADs exist, instead of triggering the ADC every time an action is taken. This would be a gift to threat actors as it would
force us to spend time engaging in Kabuki theatre rather than actioning actual reports of abuse.
Also, I am missing any hint of a suggestion of what Registries might be able to contribute. If we look at this solely from an individual registrars' perspective, we will not achieve anything. We are already seeing many abuse campaigns span that across multiple
registrars and that can be detected on a registry level.
Sincerely,
Volker Greimann
General Counsel & Head of Policy and Compliance - Online Division
volker.greimann@centralnic.com
Office: +49-172-6367025
Web: www.teaminternet.com
Team Internet Group PLC (AIM:TIG). Registered Office: 4th Floor, Saddlers House, 44 Gutter Lane, London, United
Kingdom, EC2V 6BR. Team Internet is a company registered in England and Wales with the company number 8576358.
From: Brian F. Cimbolic via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Sent: 18 March 2026 10:14 PM
To: Reg Levy <rlevy@tucows.com>; anil Jain via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Subject: [Gnso-dnsabuse-pdp] Re: Straw Proposal
Hi all - First, thank you all for some great sessions to kick this work off in Mumbai. I thought we already made a lot of progress in our first working session.
In advance of Monday’s call, I wanted to float a slightly modified version of the Strawman that Reg (very helpfully!) provided below. I provide a clean version, as well as a screenshot of Redlines so we can all see exactly what I’m proposing we change.
Summary of proposed tweaks:
-
The actual obligation to mitigate DNS Abuse in the RAA is found in 3.18.2, rather than the broader 3.18, which includes other unrelated provisions. Tightening that subsection reference should make
it clearer where an Associated Domain Check comes into play.
-
I tried to harmonize the language from Reg’s version with the terms and definitions set forth in the RAA already. So rather than “domains,” it’s “Registered Name” (again, simply to match the RAA defined terms).
3.18.2 also references “mitigation action(s)” so I incorporated that verbiage rather than the more generic “action."
-
3.18.2 already requires that Registrars take mitigation action(s) when they have actionable evidence of DNS Abuse. If the Associated Domain Check is fruitful and the Registrar finds such actionable evidence of
abuse, it is similarly obligated to take mitigation action(s). So, I suggest striking the “and take action against those domains where appropriate” as redundant.
REDLINE:
CLEAN:
When a registrar takes mitigation action(s) on a Registered Name under Section 3.18.2 of the Registrar Accreditation Agreement, the registrar shall promptly review other reasonably associated Registered Name(s) to determine
whether such Registered Name(s) may be involved in DNS Abuse using information reasonably available to the registrar at the time of review.
Looking forward to the call on Monday. Please let me know if you have any questions.
Thanks,
Brian
Confidentiality Note: Proprietary and confidential to Public Interest Registry. If received in error, please inform sender and then delete.
From: Reg Levy via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Date: Monday, March 9, 2026 at 6:19 AM
To: anil Jain via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Subject: [Gnso-dnsabuse-pdp] Straw Proposal
All—
As noted in the chat in the session today, this is the straw proposal a number of us have been working on for the last few days and we’d love additional input:
When a registrar takes action under Section 3.18 of the Registrar Accreditation Agreement, the registrar shall promptly review other domains that are reasonably associated with that domain when there are clear indicators that other domains registered by the
same customer may be involved in the same abusive activity, using information reasonably available to the registrar at the time of review, and take action against those domains where appropriate.
Servus,
Reg
--
Reg Levy | Associate General Counsel – Domains
+1 (323) 880-0831
Tucows #MakingTheInternetBetter
UTC +5:30
