Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

Update on ICANN-Funded INFERMAL Project Designed To Combat DNS Abuse

25 October 2023

I am happy to update you on progress made in a recently announced, ICANN-funded research project called Inferential Analysis of Maliciously Registered Domains (INFERMAL). The INFERMAL project aims to uncover cyberattackers' preferences in maliciously registering domain names and study the pragmatic measures employed to mitigate against Domain Name System (DNS) abuse. As you may know from my previous blog, we have funded Kor Labs for the project and Dr. Maciej Korcynszky is conducting the research.

Domain names are a shorthand for Internet Protocol addresses, and enable the easy navigation on the Internet. While the overwhelming majority of domain name registrations are harmless and the amount of DNS abuse has declined over the years, cybercriminals continue to register new domains to launch large-scale attacks, such as phishing or spam campaigns. This poses significant threats to Internet users and the security of the entire Internet ecosystem.

The project is relevant to ICANN, its community, and end users for several reasons. Since October 2013, ICANN has incorporated hundreds of new generic top-level domains (gTLDs) into the DNS. We are now preparing to add even more through ICANN's New gTLD Program.

Notably, previous ICANN-funded research revealed a shift in attackers' behavior as they transitioned from exploiting legacy gTLD domains to targeting domains in the new gTLD domain name space. The study also found that exceptionally low registration prices attract cyber criminals. This poses a significant challenge to the domain name market: attracting legitimate gTLD registrations while simultaneously implementing robust measures to deter malicious registrations.

Below is a timeline of this important project.


Phase 1: By the end of November 2023, the project team intends to extract malicious domain names from large samples of domain names and map them to their corresponding registration information at the time of their registration.

Phase 2: By July 2024, the team plans to perform an analysis of identified security measures that help mitigate DNS abuse. The team also intends to summarize a study on how quickly abusive domain names are suspended after operators are notified about the abuse.

Phase 3: Finally, by September 2024, the team plans to publish a final report in the form of a research paper. The project will also propose best practices to effectively mitigate abuse.

To learn more details about the project, please see the project's dedicated website.


Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Director, Security, Stability and Resiliency Research