closed Preliminary Issue Report on a Policy Development Process on DNS Abuse Mitigation

Outcome

On 14 August 2025 the GNSO Council requested an Issue Report on DNS Abuse Mitigation based upon the DNS Abuse Small Team Report from July 2025. ICANN org delivered the Preliminary Issue Report on 8 September, and the community was invited to comment on the identified issues and draft charter.

The Preliminary Issue Report received 27 comments from across the ICANN community. ICANN Org will consider all comments submitted and update the Preliminary Issue Report where necessary. Once the Final Issue Report is ready, it will be shared with the GNSO Council for their consideration.

What We Received Input On

The GNSO seeks input on the Preliminary Issue Report on a PDP on DNS Abuse Mitigation. Feedback received will inform the Final Issue Report that the GNSO Council will consider in determining next steps, which could include the initiation of a PDP.

Your input will be reviewed in preparing the Final Issue Report that the GNSO Council will consider in determining next steps.

Background

The impetus for this Issue Report stems from the recognition by the GNSO Council that DNS Abuse as defined in the Registrar Accreditation Agreement (RAA) and the Base Generic Top-Level Domain (gTLD) Registry Agreement (RA) remains a significant challenge to the security, stability, and trust in the DNS. For the purpose of the RAA and the RA, DNS Abuse means malware, botnets, phishing, pharming, and spam (when spam is used as a delivery mechanism for any of the other four types of DNS Abuse). Recent contractual amendments, while impactful and a big milestone for the ICANN community in addressing DNS Abuse, could not address all mitigation gaps. The GNSO Council’s request for an Issue Report is grounded in the DNS Abuse Small Team’s findings that certain DNS Abuse mitigation gaps may be best remedied through GNSO consensus policies. 

In early 2025, the GNSO Council reconvened its DNS Abuse Small Team with a revised assignment form to re-examine DNS Abuse mitigation considering new developments, research, and data. The previous Small Team (2021–2022) had identified obligation gaps and issued recommendations, some of which were addressed through contractual amendments to the RA and RAA. Those amendments (effective since April 2024) strengthened abuse mitigation obligations, and ICANN Contractual Compliance has since reported initial data on their impact. With these measures in place and new research available, the Small Team was tasked to consider new insights and discuss potential next steps on DNS Abuse. Drawing from community input, compliance data, and external studies, the team was tasked with identifying remaining gaps and assessing whether further policy development is warranted. 

The DNS Abuse Small Team conducted a review of data and source documents noted in their assignment form, focusing on identifying potential gaps in DNS Abuse mitigation efforts across multiple phases of the DNS Abuse lifecycle (as proposed by the Small Team in 2022). The Small Team compiled a matrix of DNS Abuse “gaps,” noting areas where abuse prevention, reporting, response, or obligations could be strengthened after further investigating the identified gaps. Findings were categorized by lifecycle stage and further grouped by thematic clusters to support potential prioritization and future policy scoping.

Staff has completed its review and analysis of the identified gaps and has distilled a list of issues that could be considered for GNSO policy development. The DNS Abuse Small Team, in alignment with community support, recommended a narrowly scoped PDP on three issues. While staff found all three issues to be within the remit of GNSO policy development, and two meriting prompt attention through initiating a PDP, one of the priority issues could be implemented outside the contractual requirements. Therefore, staff recommends initiating a PDP that is limited, at this stage, to focusing on only two issues: 1) Unrestricted Application Programming Interface (API) access for high-volume registration and 2) Associated Domain Checks.