In July 2020, we announced the first eight country code top-level domains (ccTLDs) that joined the Domain Abuse Activity Reporting (DAAR) system designed by ICANN's Office of the Chief Technology Officer (OCTO). One year later, I'm happy to report that we now have seventeen ccTLDs included in DAAR. Principality of Liechtenstein (.li) was the most recent to join.
DAAR is a system for studying and reporting on domain name registration and security threats across top-level domain (TLD) registries. The overarching purpose of DAAR is to develop a robust, reliable, and reproducible methodology for analyzing security threat activity, which the ICANN community may use to make informed policy decisions.
The system was launched in 2018 with generic top-level domains (gTLDs). Since November 2019, ccTLDs operators were also invited to join and participate in the DAAR project. Their participation enables them to pull their own aggregated DAAR data daily. This data enables them to monitor the DAAR security threat levels per threat type per day. The DAAR system tracks four types of security threats: phishing, malware, botnet command-and-control domains, and spam (click here for more information on each type of security threats).
ccTLD operators participating in DAAR as of July 2021:
We thank these ccTLD managers for their voluntary participation in the DAAR project, and we invite other ccTLD operators to join our efforts to better understand domain name abuse and security threats.
To join, ccTLD operators should send a request to firstname.lastname@example.org to begin the process, which includes a couple of technical and administrative steps to make sure ICANN is able to download ccTLD's zone file and the ccTLD is able to pull the data via the Monitoring System API (MoSAPI). There is also a Memorandum of Understanding (MoU) process in place for those ccTLDs who wish to have one.