Dear DNSAM PDP1, Please find below the high-level notes and Action Items from today’s meeting, Out next meeting is scheduled for Monday, 4 May 2026 at 12:30. There is no meeting on 27 April due to the CP Summit. Safe Travels and a good time to all travelling to Manchester. Kind regards, Feodora on behalf of Support Staff 2026-04-20 DNS Abuse Mitigation PDP1 WG<https://icann-community.atlassian.net/wiki/spaces/DAMP1/pages/935952385/2026...> Action Items: WG Members · Review preliminary language for Charter Questions 3 and provide alternative language/changes/suggestions/etc. · Add comments and specific drafting suggestions for all “preliminary language/ CQ1-3” were relevant. · Review early input for Charter Questions 4 and 5 and provide comments and feedback to be discussed during next meeting. Leadership/Staff * Update collaboration document, develop preliminary language with today’s comments. Important documents/links: * Collaboration document: https://docs.google.com/document/d/1GxM-Yrgv6sZPEYU8ikW4cRM5YqWsJuWGiQyO39pL... * Wiki space/slides: https://icann-community.atlassian.net/wiki/spaces/DAMP1/pages/935952385/2026... * Recording: https://icann.zoom.us/rec/share/g9IUiTa38Sh-KUIzBeSMewHH70lrvVTQyHgHf_0Txki5... [icann.zoom.us]<https://urldefense.com/v3/__https:/icann.zoom.us/rec/share/g9IUiTa38Sh-KUIzB...> High Level Notes: 1. Welcome (5 min) · Farzaneh Badi noted she joined an organization as part of Digital Medusa work called Future of Freedom of Speech, based in Nashville. · Reminder given on ICANN standards of behaviour, anti-harassment policy, and code of conduct. · Zoom settings have been updated and no Email will be asked to join the webinar. This was an unintentional setting change and has been addressed during the meeting. 2. Update ICANN86 planning (5 min) · Prep-Week webinar: Wed, 20 May 15:00 - 16:00 UTC · ICANN86: 4 DNS Abuse sessions (local time) planned for ICANN86. · 2 on Monday 8 June - 11:45 to 13:15 and 14:45 to 16:00 · 1 on Wednesday 10 June - 10:00 - 11:15 · 1 on Thursday 11 June - 11:45 - 13:15. 3. Continue discussion on strawperson CQ2 (20 min) · Chair presented revised text with new green-highlighted language reflecting prior working group comments and mailing list input. · General support for language allowing registrars to use a flexible set of criteria rather than a fixed checklist. · Discussion focused on whether there should be: · a minimum baseline expectation of checks using reasonably available information, while · preserving flexibility across different registrar business models. · Some WG members suggested, if registrars are given flexibility in methods, there should be some transparency around what factors are used. Could be periodic reports (6-month or annual), not necessarily incident-by-incident. · Some WG members noted obligations should be business model agnostic. · Other WG members noted, this could give threat actors a roadmap to evade detection. · Transparency reporting is not currently required under the RAA. · May be broader than this PDP and outside scope of Question 2. · Chair noted to include the Transparency topic as “interesting topic” to the list of topics to keep in mind and potentially communicate to Council. · Some WG Members linked transparency to Charter Question 5. 4. Discussion on preliminary language on CQ3 (25 min) * Chair presented preliminary language on CQ3. * Some WG Members objected to wording requiring a “reliable” internal data point due to ambiguity. * Also objected to language that could imply mandatory purchase/use of third-party intelligence feeds. * Split language into: · Must check one internal data point. · May use additional technical or abuse intelligence signals. · WG members noted one abusive domain should clearly be enough to trigger ADC and wording should not retreat from that. · WG members noted noted potential inconsistency in CQ1 and CQ3: · Earlier language suggested ADC would occur after mitigation. · Preliminary language in CQ3 noted flexible ADC before/during/after mitigation. 5. Deliberation on CQ4 (20 min) * WG members said registrars already must comply with: RAA, GDPR where applicable, National/local privacy laws * Investigations must follow evidence where it leads. “Strictly necessary” is too restrictive and unclear. * Better wording might be reasonable or reasonably necessary. * WG members noted raised distinction between: · Investigations yielding no result · Investigations leading to mitigation · Data needed for compliance etc. · Others noted against creating new retention rules where RAA already covers record retention. 6. AOB (5 min)