Skip to main content

Keeping the DNS Secure During the Coronavirus Pandemic

The Internet’s value in bringing people together has never been more apparent than it is now. While most of us are under some form of “stay at home” order in an effort to slow the spread of the coronavirus, the Internet provides us with a lifeline. It brings us information and entertainment, allows some of us to continue our work and education, and brings us what we need most at times of isolation – social connections.

The role of the ICANN community, Board, and organization in maintaining a secure, stable, and unified Internet has always been important, but at this time, when reliance on the Internet has skyrocketed, our collective role has become all the more vital.

ICANN’s mission frames our concern about cybercriminals who are exploiting the pandemic by perpetrating scams and victimizing Internet users. Some are selling phony cures, treatments, and vaccines. Some are using domain names as part of their efforts to prey on people at this time when many are experiencing anxiety, fear, and loneliness.

The U.S. Federal Trade Commission reports that it has fielded more than 7,800 coronavirus-related complaints. The agency noted that U.S. consumers alone have collectively lost more than U.S.$5 million. 

Of course, ICANN cannot involve itself in content issues, both because of our Bylaws as well as practically, but that does not mean we are unaware or unconcerned about those who are using the domain name system (DNS) to victimize others. It is this concern that prompted me to contact the registries and registrars  thanking them for their efforts and actions aimed at helping to mitigate and minimize the abusive domain names being used to maliciously take advantage of the coronavirus pandemic. For example, the Registrar Stakeholder Group has posted a useful guide, entitled “Registrar approaches to the COVID-19 Crisisthat provides a number of steps and resources the registrar community can use in their efforts.

Many of our contracted parties already support a Framework to Address Abuse, which deals with DNS abuse and website content abuse. I continue to commend them for making this commitment to protect the DNS from those who would maliciously exploit domain names. In my correspondence to the registries and registrars, I expressed ICANN org’s appreciation for their work during the pandemic.

Additionally, I’m pleased to tell you that ICANN org has joined registries, registrars, security experts, law enforcement, Internet engineers, and others, in the COVID-19 Cyber Threat Coalition (CTC). The CTC’s mission is to, “operate the largest professional-quality threat lab in the history of cybersecurity out of donated cloud infrastructure and with rapidly assembled teams of diverse, cross-geography, cross-industry threat researchers.”

I am proud that so many in the Internet ecosystem are joining together during this crisis to stop those who prey on the desperate. We will continue to keep you advised of our engagement efforts to mitigate the misuse of domain names during these critical times.


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."