Security and Stability Advisory Committee (SSAC)

The SSAC is a volunteer group of specialists in the technical security field that provides advice and insight to the ICANN community and the Board.

SAC038 | Executive Summary for Registrar Abuse Point of Contact

[PDF, 102 KB]

In this document, SSAC examines some of the difficulties law enforcement, CERTs, online reputation protection services, and others may experience when they attempt to contact ICANN accredited registrars to make inquiries regarding the possible involvement of a domain name in a malicious, illegal or criminal activity. SSAC concludes that currently available registrar point of contact information does not meet the community's needs in two respects: first, point of contact information is not readily accessible for all registrars, and second, the contact information that can be accessed does not always identify a party at a registrar who can handle abuse claims or criminal complaints.

SSAC recommends that registrars and resellers assist in the investigation and mitigation of abuses and illegal activities in cases where attackers exploit domain name resolution and registration services. Specifically, SSAC recommends that each registrar should provide an abuse point of contact and that the staff handling abuses should be responsive, empowered to take effective action, and that abuse claims should be auditable by the claimant.

SSAC further recommends that registrars should publish abuse contact information, that the information a registrar publishes for the abuse point of contact should reach staff able to process an abuse claim, and that registrars make the information available in a uniform, machine readable format. Lastly, SSAC recommends that ICANN maintain a public repository for registrar abuse points of contact and should periodically verify that the contact information is accurate.