The DNS Abuse Institute (DNSAI) was created in 2021 by the Public Interest Registry (PIR) in pursuit of its non-profit mission to tackle the complex global issue of DNS abuse and make the Internet safer. Our work at DNSAI is structured under three pillars — education, collaboration and innovation.
We think of DNS abuse as phishing, pharming, malware, botnets, and spam, where spam is used as a delivery service for the other types of abuse. One of the most important trends we’ve seen in DNS abuse is that the domain industry is beginning to wake up and galvanize toward tangible action to address the issue. This turning of the tide is reassuring and exciting.
DNS abuse is the digital pollution of this important connectivity, an unfortunate byproduct of running the DNS. Like most industry challenges, voluntary collaboration is likely to be the most effective and efficient way to tackle the problem. The industry benefits from inside knowledge, experience, and technical skillsets that come in handy for taking responsible action. It tends to be a lack of inclination that holds an industry back, especially if solutions appear to be expensive.
While DNS abuse has been a discussion point for many years, we’re increasingly seeing a willingness to spend time and money taking tangible actions. The creation of the DNSAI was part of this movement, and the feedback and interest we’ve had across the industry is further evidence that we’re at a pivotal point. There is no shortage of issues for government policymakers and regulators to tackle. Taking DNS abuse off the list would be a win-win for industry, public safety, and all parts of society that rely on a trusted and secure DNS.
Focusing completely on DNS abuse has given us unique insight into which aspects would most benefit from industry action. To help the community, we’ve created free and accessible resources that set out best practice advice. This post gives an overview of three pragmatic steps the industry can take to address DNS abuse.
1. Have an abuse policy
The first place a registrar or registry should start with tackling abuse is to make sure they have a published abuse policy. A clear abuse policy and a reputation for enforcing it will deter bad actors from using a service. It helps everyone understand what is acceptable and provides predictability. Writing an abuse policy isn’t always easy, especially if you don’t have an in-house legal and policy team to help you. This is why we teamed up with the Internet & Jurisdiction Policy Network to write a generic abuse policy. You’re welcome to use this as a starting point and customize it to fit your needs.
2. Understand the difference between malicious and compromised
When you’re writing and implementing your abuse policy, you’ll want to think carefully about what action you take when you find each type of abuse. This requires a registry or registrar to differentiate between domains that have been maliciously registered and websites that have been used in good faith, but later compromised by a malicious actor and used for abuse. This difference is important because a compromised website often means the registrant is also a victim. Suspending the domain name might not be the right option, and the registrant may need some support to secure their website. We’ve set out guidance on how to distinguish between compromised websites and malicious domain registration to help the industry tackle DNS abuse.
3. Secure your website and help others do the same
Speaking of compromised websites, we’ve also got some great info on why it’s important to secure your website, and how you can do this with our Secure Your Website, Save the Internet article. This advice applies to anyone who runs a website or helps others host or run websites. It’s a great starting point to share with end users.
The other issue we’ve noticed relevant to the APNIC audience is that many of the tools and discussions are Eurocentric and English language based. We’re very conscious of this at DNSAI and are working towards making our output accessible and relevant around the world. The Asia Pacific community has a valuable role to play here, and we encourage anyone who has an interest in helping us reduce DNS abuse to reach out. The more input we get from a variety of regions, the better our outputs will be.
Finally, we have two live innovations that we are excited to bring to the DNS community.
The first is a project to measure DNS abuse, which aims to provide a more rigorous understanding of DNS abuse.
The second is NetBeacon, a free, centralized abuse reporting service to make reporting abuse easier by reducing friction and improving the quality of reports that registrars and registries receive. NetBeacon is live and has been developed with the support of CleanDNS.
There are a lot of low-hanging fruit to tackle and pragmatic action we can take collectively. We look forward to continuing the journey and making the Internet safer. Sign up to our mailing list or contact us.
Rowena Schoo is Director of Programs and Policy at the DNS Abuse Institute.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.