Blog Uncategorized

ICANN 54, Dublin. Hot topic: abuse

0 min read

Mid-October, the Convention Centre Dublin was the stage of the 54th ICANN meeting. These thrice-a-year meetings are the perfect opportunity to learn what’s going on at the highest level of internet governance (and to get involved in that matter), to meet all kinds of registries and other suppliers and to get in touch with our customers worldwide.

ICANN meetings move across the five continents over the years. Although there is a group of people that you’ll see everywhere (including Openprovider), one of the inspiring elements is the local attraction. In Dublin I met many suppliers, customers and potential customers from all over Europe, known or not yet known to me.

In this blog I will focus on one topic that was omnipresent this time: abuse. This topic was preluded at the last ICANN meeting in Buenos Aires, although then the main focus was on the identification and validation part. In Dublin it continued with a couple of constructive, interactive workshops, sessions and meetings.

Those interested in other sessions can take a look at the full schedule. Most sessions are recorded and made publicly available, in video, audio and/or transcription. Several sessions are interpreted into up to seven languages, including Spanish, French and Chinese.

What is abuse?

First of all, it is important to understand that “abuse” can have many different faces. It can be as clear as child porn or malware distribution; it can be phishing or spamming; it can be trademark infringement or illegal drugs sale; it can be command and control servers; it can be invalid whois records; and it can be as unclear as somebody wanting to get his name removed from a website.

Secondly, it is important to understand the nature of abuse. If a website called is reported as abusive, this might have been set up deliberately, while a phishing website on could be the result of a compromised WordPress installation.

Each type of abuse requires its own specific approach. From Openprovider’s perspective the scope is limited to abuse on the domain name itself, whereas the responsibility of the website is with the domain holder and sometimes the hosting company. This is a mere theoretical distinction: in real life, Openprovider may have to act on this second type of abuse as well.

Receiving abuse complaints

The first session on abuse at the ICANN meeting was already on Sunday afternoon and covered the reporting part. Currently, abuse requests are received in all different forms: from well-formed and complete reports listing the website, full URL and clear explanation why this website was reported as abusive to simple notes as “One of your websites uses our brand name, please shut down”, regularly without even mentioning the domain name…

In an interactive session the two sides of abuse handling – registrars on the one hand and the public safety community (including law enforcement, consumer rights protectors, private companies and others) on the other – tried to find “the perfect way of reporting”.

This effort can really bring the two sides closer together, and that’s really what all of us want, because the current perception is (okay, I admit it’s a bit exaggerated) that registrars think abuse complainants don’t do any serious analysis and abuse complainants think registrars never co-operate.

The parties involved in this session were the “big guys”: hosters like GoDaddy and Endurance and law enforcement organizations like the FBI and UK National Cyber Crime Unit. It’s good to see a beginning of consensus between those parties and I am pretty confident that we will be able to figure out a more standardized form of abuse reporting. The question is how we can persuade the smaller companies to co-operate.

The Registrar Stakeholder Group initiated an informal follow-up in a nearby pub, allowing registrars and law enforcement to blend. This led to a couple of valuable contacts and insights.

Handling abuse complaints

Once an abuse report is received, it’s important to act. Registrars are contractually bound, through the agreement with ICANN, to act within 24 hours upon reports by official instances. The requirements for reports from non-official instances are less strict: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately.”

The first problem that arises is how to distinguish an official from a non-official instance? This is particularly a problem with law enforcement outside of the registrar’s own jurisdiction. Additionally, official instances using a free e-mail address like Gmail or AOL don’t make the life of registrars easier…

A couple of ideas are boiling, including a centralized database or a centralized law enforcement contact, but neither of these ideas are concrete yet.

The next question is: how to act? ICANN does not define strict procedures. The registrars have worked together to form a document that summarizes a wide range of potential abuse cases and provides a suggested approach to handle them. This document will lead to a better understanding of each other’s position.

As a wholesale registrar without hosting or e-mail services, Openprovider has a special position in the chain of online content. We handle abuse through strict procedures. If possible, we act through our customer rather than ourselves. Why? Simply because we do not know the domain holder, it’s our customer who knows him! Still, if the situation requires us to do or the customer does not act appropriately, we may put the domain on hold ourselves.

What else?

Although my focus at this ICANN meeting was on the abuse business, there are other things that I can quickly share:

  • Plans to replace whois by the new RDAP (Registration Data Access Protocol) are becoming more concrete. This protocol is much more standardized and allows for easier retrieval of data.
  • Related is the wish to have thick whois at all registries: currently Verisign’s .com and .net are the only generic top level domains that provide thin whois: whois without any contact details. The migration from thin to thick might lead to legal questions for some registrars. For Openprovider, it will not be a problem at all as we have always aimed at thick whois.
  • People are starting to ask explicitly what milestones are blocking the next round of new gTLDs. Many studies are going on, all aiming at a smoother next round, but is it really required to wait until 2017 – when the last studies are expected to be finished?
  • There were a couple of interesting meetings with European registries that could lead to mutual opportunities.
  • And of course the evening events (I’ve counted at least 15 in 4 evenings…) have led to very interesting encounters, from GoDaddy to huge Chinese registrars, all kinds of registries and many providers of other services.

And I certainly do not neglect the many sometimes surprising ad hoc encounters which always make ICANN meetings a most inspiring experience. Next time, in March 2016, ICANN will land in Marrakesh, Morocco. Before that date a couple of local events are coming up, like the SIDN, NIC AT and NIC IT registrar days and in February next year the Domain Pulse, an event which I highly really recommend to all companies operating on European scale!

Subscribe to our newsletter

What are you waiting for?

Create an account today - it’s fast and free