Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.
هذا المحتوى متوفر فقط باللغة (أو اللغات)
INTA is generally supportive of the Preliminary Issues Report. We believe that initiating PDP work on DNS Abuse is essential, so that Consensus Policy can be developed and apply to all registrars and registries. In terms of the specifics of the report, INTA submits the following:
In General
INTA recommends keeping the API Access and Associated Domain Checks in different PDPs rather than one PDP. This should make it easier to focus the work of the PDP onto a singular issue.
INTA has concerns with the representative model proposed. Instead, INTA proposes utilizing an Open + Representative Model. This means that the representatives can be used as points of contact with different groups, while ensuring that the full range of views are considered in the PDP. As there are a limited number of community members who have the background to participate in the PDP, the membership is likely to be self-selecting, so the Representative model is redundant.
Phase 0: Preventative Measures
INTA agrees with focusing on targeting the unrestricted API access and supports consensus policy requiring added friction to the process to gain access to APIs to register domains per P1 (Unrestricted Access to APIs Allowing For High-Volume Registrations). On P9/10, INTA suggests introducing an incentive program for lower ICANN fees for registrars who are not repeat offenders, meaning registrars with low levels of abuse by volume of sponsored domains and low levels of compliance inquiries or non-compliance notices related to DNS abuse.
Phase 1 & 2: Abuse Reporting
INTA notes in A1 (Unactionable Complaints to ICANN) that there is no mention of whether ICANN Compliance provides feedback to complainants on why their report was unactionable when closing a report. A1 also appears to suggest that the reporter bear the burden for decisions for what are deemed unactionable contractual compliance complaints. However, INTA members note, and ICANN abuse reporting workshops continue to demonstrate, that responses to certain abuse reports remain highly subjective with completely different results between different registrars. For example, INTA members and a minority of registrars agree that “fake web shops” constitute phishing, whereas most registrars will not action DNS abuse reports related to “fake web shops”—even though Internet users are still defrauded and sensitive financial information is still misappropriated by such “fake web shops” regardless whether, or how well, the registrant has impersonated one or more brand owners. There should be some level of guidance for what constitutes specific actionable complaints. INTA recommends ICANN add language to A1 that addresses our concern regarding the subjectivity of responses and require ICANN compliance to report the reasons why a report is unactionable when closing the file.
Phase 3: Mitigation by Contracted Parties
The Issues Report should consider the overlap between C1 (Limited Transparency in Mitigation Actions Taken) and A1 (Unactionable Complaints to ICANN) and identify that there is a common theme of needing to close the feedback loop to reporters. INTA agrees that C2 (No Requirement to Check for Associated Domains) is a gap that needs policy work and INTA supports such a requirement as a contractual mandatory Consensus Policy.
Phase 4: ICANN Compliance Enforcement
Per E2 (No clear Escalation of Sanctions for Recurring Non-Compliance), INTA suggests that an intermediate sanction could be introduced by creating two tiers of registrar fees – lower fees for registrars who receive less than a given number of compliance inquiries and non-compliance notices in a billing period, and, likewise, higher fees for registrars who exceed this number. This number could vary by registrar depending on the number of domains under management utilizing a proportional model.
Periodic Review of the Definition of DNS Abuse
INTA supports the SSR2 Review Team’s Recommendation 10.2, which calls for ICANN to establish a staff-supported, cross-community working group (CCWG) tasked with evolving the definition of DNS Abuse on a predictable biennial cycle. INTA believes this mechanism is essential to ensure that DNS policy remains responsive to the rapidly changing and variegated landscape of online abuse. As noted by the Security and Stability Advisory Committee (SSAC) in SAC115, DNS abuse definitions must be capable of expanding over time to address emerging threats. Criminal actors continuously innovate, and static definitions risk leaving gaps in enforcement and mitigation. INTA urges ICANN to initiate this review process immediately in some form, engaging stakeholders from consumer protection, cybersecurity, law enforcement, and e-commerce, as envisioned in the SSR2 recommendation.
The current ICANN definition of DNS Abuse incorporated in the Registrar and Registry Agreements —limited to malware, botnets, phishing, pharming, and spam-as-delivery and more accurately considered Technical DNS Abuse —fails to capture additional types of abuse and newer abuse vectors such as mass “imposter” domains (e.g., exact-match brand spoofing) and large-scale “social engineering” campaigns which can readily be identified as . All of these tactics also pose significant risks to brand owners, consumers, and the integrity of the DNS. INTA’s May 2023 Board Resolution on DNS Abuse reinforces this position by defining DNS Abuse as:
“Any activity that makes, or intends to make, use of domain names, the Domain Name System protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity.” https://www.inta.org/wp-content/uploads/public-files/advocacy/board-resolutions/INTA-Board-Resolution-on-Domain-Name-System-Abuse-May-2023.pdf
This definition reflects INTA’s commitment to protecting consumers and brand owners from deceptive and illegal activity, while also recognizing the need for clarity and adaptability in the face of emerging technologies. It addresses concerns that current definitions are either too narrow to be effective or too vague to be enforceable.
INTA members are prepared to actively participate in the proposed working group and contribute its expertise in trademark protection and consumer trust. We believe a standing DNS Abuse Working Group, operating on a regular update cycle, would complement existing policy development processes by identifying emerging issues and recommending timely policy adjustments. ICANN should assist the community in implementing this plan, consistent with the SSR2 final report. DNS abuse policy must be a living framework—one that evolves in partnership with experts and reflects the realities faced by rights holders and consumers alike. INTA would be willing to participate and engage in any of the PDP work that follows consistent with its commitment to brand holders and such consumers.
N/A
INTA thanks ICANN staff for preparing the issues report. We support further work on developing policies for mitigation of DNS Abuse across the information stack including at the Registrar and Registry level. Key issues to consider are: mitigation efforts at the Registrar level, requiring more transparency during the ICANN Compliance Process in terms of when complaints are deemed are "non actionable," and ongoing review of what methods of attack constitute DNS Abuse and priorities for approaching threat vectors such as misuse of intellectual property to enable such attacks. INTA members are committed to continuing our engagement in such critical work.