Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

ICANN Publishes DNS Abuse Trends

22 March 2022

DNS abuse is one of the most important discussions for the ICANN community to have and ICANN is the right place to discuss issues related to technical abuse. However, depending on what you mean by DNS abuse, some types may not fall within ICANN's responsibility as the technical coordinator of the DNS. ICANN is not the Internet's content police. Instead, ICANN org has a program focused on DNS security threats, which adhere to ICANN's technical role and capabilities.

To facilitate and inform ICANN community discussions, ICANN publishes trends related to DNS security threat concentrations through the Domain Abuse Activity Reporting (DAAR) project, based on security threat domains listed in Reputation Block Lists (RBLs). DAAR tracks security threat data for phishing, malware, botnet command and control domains and spam. To learn more about the DAAR project click here.

Using DAAR data, ICANN recently published a report on DNS abuse. In contrast to many existing industry white papers and general discussions published on DNS abuse, this new report relies on four years of data. Typically, similar studies use data with a much shorter time span such as half a year. As a result, the report demonstrates that when discussing DNS abuse trends in general, we should be cautious because depending on the question asked, the data used, and the data timeframe, we will receive different results.

No one organization or data provider has a comprehensive overview of all security threats that are listed on the Internet. Nonetheless, ICANN's DAAR datasets are another source of reliable and unbiased data and another source of possible research.


Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Director, Security, Stability and Resiliency Research