Dear DNSAM PDP1, Please find below the high-level notes and action items from the DNSAM PDP1 WG Session 3 and 4 and ICANN86. Our next meeting is scheduled for 22 June at 12:30 UTC. Please note, we have archived the last version of the Prelim Rec Review Doc for reference purposes. In the updated version we have added a column to each table noting the status of the “cannot live with item” etc. Further changes based on action items will be added and shared in due time prior to the next meeting. * Prelim Rec Review Doc: https://docs.google.com/document/d/1udLt1o9rwCc4xNRsuw6B-5onjpI63VDA/edit?us... Kind regards, Feodora on behalf of Support Staff DNS Abuse PDP1 ICANN86 Session 3 and 4 Action Items: * LT with support from Staff to provide updated language and Rec Review Document prior to next WG call. * WG members to provide alternative language to currently unresolved/still in discussion “cannot live with” items. * WG members to review Prelim Recs and provide any further feedback. Important Docs/links: * Session Link: * Session 3; https://icann86.sched.com/event/2NQNK/gnso-dns-abuse-mitigation-pdp-1-3-of-4 * Session 4: https://icann86.sched.com/event/2NQQf/gnso-dns-abuse-mitigation-pdp-1-4-of-4 * Prelim Rec Review Doc: https://docs.google.com/document/d/1udLt1o9rwCc4xNRsuw6B-5onjpI63VDA/edit?us... * Scoped Impact Assessment: https://docs.google.com/document/d/18xVFX-IXfEgPnIj2UaXmwiXsWE8FY-Jo/edit?us... High- Level Notes: Session 3: * Implementation Guidance vs Compliance Guidance: WG members noted about references to “implementation guidance” throughout the review doc. LT clarified that Implementation Guidance (IG) accompanies policy recommendations and is intended for the Implementation Review Team (IRT). It captures WG expectations and considerations for implementation. In some cases, a working group wants to recommend that the contracted parties MUST take some action and, in addition, the working group generally shares a view about the details about how, why, etc that action MUST happen. However, the how/why/etc is viewed by the WG as the preferred implementation approach or path envisioned by the WG based on the information available to them. This could be included in IG instead of in a policy recommendation to provide some flexibility in the implementation process. This guidance is duly taken into account during the implementation process and should be followed, unless there is a clear reason why the IG should be deviated from. In this case, a rationale would be shared with the IRT for their input. * Charter Question 8: Rec direction is a review should be conducted two years after implementation to assess whether the policy is achieving its intended purpose. Whether improvements are needed. * Some WG members suggested that reviews should not rely solely on ICANN Org and should incorporate stakeholder input to identify implementation challenges. * LT noted that upheld complaints concerning wrongly suspended domains could be included in effectiveness assessments. * Monthly reporting (incorporated into current ICANN DNS Abuse Mitigation reporting) was proposed to provide visibility from implementation onward rather than waiting two years. * Charter Question 9: Rec focuses on registrars must be able to demonstrate compliance through records and documentation maintained in the ordinary course of business. * Some WG members noted that argued that the Rec should include the time of when the trigger occurred. * Some WG members noted that compliance requirements could become a bureaucratic burden, because some ADC activities are simple database queries that are not currently logged. Session 4: * Scoped Impact Assessment: Chair provided executive summary of the Scoped Impact Assessment done by the WG on current Rec language. * Chair asked the WG to review and provide feedback in case anything is missing. * The final review will be done once all Recs are more stable. * “CANNOT LIVE WITH” Discussion: * NPOC proposed changing the trigger standard so that registrars would need a reasonable basis to believe that other domains are associated with the same abusive actor, activity, or campaign before conducting an ADC. After discussion NPOC indicated the concern had largely been addressed by the updated recommendations. * The GAC highlighted scenarios where domains are used intermittently for abuse or Malicious activity may be active only briefly. The concern was that ADC obligations could be circumvented by claiming the domain was not abusive at the precise moment reviewed. WG members recognized the concerns but noted one should avoid creating obligations based on speculative future abuse. GAC to provide alternative language they can live with, that covers language to address established abuse patterns and intermittent abuse scenarios. * IPC noted the definition on “reasonably accessible data” is placed within implementation guidance. They would prefer it moved up to Policy Rec. WG members noted that this could be interpreted by Compliance as requiring registrars to review every available data source whenever conducting an ADC. LT clarified that the Policy Rec already clarifies and provides language on that a Rr does need to review each and every data source for every ADC. * RrSG/NPOC/NCSG noted to remove language from Rec 5 “unless necessary and proportionate to establish sufficient and reliable evidence”. * NCSG added language to Rec 3 that an ADC is not to be confused with a general Audit. LT and WG members clarified that the word “proportionate” in the Rec language provides that caveat. More language in glossary or rationale could provide further clarification.