Down Arrow
User Icon
Hamburger Icon



Work Efforts

The GAC regularly considers a broad range of public policy issues impacting the DNS and other matters regarding the functions of ICANN. This work can result in consensus advice for the ICANN Board or public comment guidance to the ICANN community. This part of the website shares information related to those ongoing topics and activities.

DNS Abuse Mitigation

Last Updated: 29 Jan 2019
Status: Active


Malicious activity on the Internet routinely threatens and affects domain name registrants and end-users by leveraging vulnerabilities and features of all aspects of the Internet and DNS ecosystems (protocols, computer systems, domain registration processes, users, etc). When at scale, some of these nefarious activities may threaten the security, stability and resiliency of the DNS infrastructures.


These threats are generally referred to as DNS Abuse within the ICANN Community and include activities such as Distributed Denial of Service Attacks (DDoS), Spam, Phishing, Malware, Botnets and the distribution of illegal materials.

Public Policy Interests at Stake

  • Consumer Protection
  • Crime prevention and attribution
  • Stability, Security and Resiliency of the DNS

Expected Outcomes of this Activity for the GAC

Mostly through work of its Public Safety Working Group (PSWG), the GAC is currently and continuously engaged in initiatives, studies and developments seeking to assess the threat landscape and to implement effective mechanisms in ICANN policies, contracts and procedures to prevent the occurrence, and mitigate the consequences, of such abuse.

Ongoing Work


The GAC, assisted by its growing body of law enforcement experts in the PSWG, has been instrumental in the adoption of contractual provisions seeking improve ICANN’s ability to prevent and mitigate DNS Abuse.


However, the effectiveness of these provisions has been limited by challenges in their implementation or by evolutions in the threat landscape. As a consequence, the GAC remains closely engaged with the ICANN organization and relevant initiatives in the ICANN Community to raise awareness, address deficiencies and development relevant and effective Abuse Mitigation capabilities.

Effectiveness of DNS Abuse Safeguards in Registries and Registrars Contracts

Building on the Law Enforcement Due Diligence Recommendations (October 2009), the GAC successfully sought the inclusion of DNS Abuse Mitigation Safeguards (among other Safeguards) in ICANN’s contracts with Registries and Registrars:


By the ICANN57 meeting (November 2016) the GAC had identified a number of provisions and related safeguards for which it could not assess the effectiveness. As a consequence, in its  Hyderabad Communiqué (8 November 2016) the GAC sought clarifications from the ICANN Board on their implementation. This led to a dialogue between the GAC and the ICANN organization until the sharing by ICANN org of a set of draft responses (30 May 2017) which were discussed in a conference call between the GAC and the ICANN CEO on 15 June 2017. A number of questions remained open and new questions were identified as reflected in a subsequent working document (17 July 2017).


Among the outstanding topics of interest to the GAC, an Advisory, New gTLD Registry Agreement Specification 11 (3)(b) was published on 8 June 2017 in response to questions from some registry operators concerning what practices they could implement to establish compliance with Section 3(b) of Specification 11 of the New gTLD Registry Agreement. The Advisory offers one voluntary approach registry operators may adopt to perform technical analyses to assess security threats and produce statistical reports as required by Spec 11 (3)(b).


More recently, the ICANN organization published a blog (8 November 2018) highlighting efforts by its Contractual Compliance department to address DNS Infrastructure Abuse by conducting audits focusing on process, procedures, and handling of DNS infrastructure abuse and reviewing security threat reports for completeness and comparing them against publicly available reports.

Effectiveness of the Framework for Registries to Respond to Security Threats

As part of the New gTLD Program, the ICANN Board resolved (25 June 2013) to include the so called “security checks” (Part of the Beijing Communniqué GAC Safeguards) into Specification 11 section 3b of the New gTLD Registry Agreement. However, because it determined that these provisions lacked implementation details, it decided to solicit community participation to develop a framework for “Registry Operators to respond to identified security risks that pose an actual risk of harm (…)”.


In July 2015, ICANN formed a Drafting Team composed of volunteers from Registries, Registrars and the GAC (including members of the PSWG) who developed the Framework for Registry Operator’s Response to Security Threats that was published on 20 October 2017, after undergoing public comments.


This framework is a voluntary and non-binding document designed to articulate guidance as to the ways registries may respond to identified security threats. In particular, the Framework introduces a 24h maximum window for responding, upon acknowledging receipt, to High Priority requests (imminent threat to human life, critical infrastructure or child exploitation) from legitimate and credible origin such as a government law enforcement authority or public safety agency of suitable jurisdiction over the Registry Operator.


Consistent with recommendation 19 of the CCT Review (8 September 2018), the GAC may wish to consider reviewing the effects and effectiveness of the of the Framework.

Awareness: ICANN Community Engagement

The PSWG has led a number of cross-community engagement at ICANN meetings over the past few years seeking to raise awareness and explore solutions with relevant experts, most notably:


Awareness: DNS Abuse Studies

[Content forthcoming]


New Capabilities: Domain Abuse Reporting Capabilities

[Content forthcoming]


New Capabilities: CCT Review Recommendations

[Content forthcoming]