<!DOCTYPE html><html><head><title></title><style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style></head><body><div>Karl, <br></div><div><br></div><div>You are correct it is a stretch, but it is what we registrars can do on a volunteer basis on a technical level. <br></div><div>The reality is of course that most cybercrime we all read about and experience is happening at very different parts of the DNS, and often simply related to the DNS and happening outside the DNS. <br></div><div><br></div><div>At the registrar, I work for we process 75 different RBL feeds our data goes back to 2017 and our reality is that the average abuse levels on our registrar backend platform are 0.04%. Of the 0.04% abuse, 98% of the abuse is not actionable and outside of the DNS Abuse Framework, we created as CP's. <br></div><div><br></div><div>I understand that the ICANN community wants to crack down on abuse, we are all on the same page there. But the time that the CP's are low hanging fruit to bring down abuse levels, that ship has sailed a few years ago. <br></div><div><br></div><div><br></div><div>Best, <br></div><div>Theo<br></div><div><br></div><div>On Thu, Feb 18, 2021, at 9:58 PM, Karl Auerbach wrote:<br></div><blockquote type="cite" id="qt" style=""><p>On the website, if you dig deep enough, they have a link to a
document that defines what they mean by abuse.<br></p><p><a class="qt-moz-txt-link-freetext" href="http://dnsabuseframework.org/media/files/2020-05-29_DNSAbuseFramework.pdf">http://dnsabuseframework.org/media/files/2020-05-29_DNSAbuseFramework.pdf</a><br></p><p>It is essentially a list of ill thing like spam, malware,
botnets, and phishing and the like. In other words the "abuse" is
not directly an aspect of DNS but rather of something that uses
DNS, among other technologies.<br></p><p>That same logic could also be used to tie the enumerated ills to
"abuse of electricity" or "abuse of computers" or "abuse of IPv6".<br></p><p>In their list of "DNS abuses" it is Pharming that is perhaps the
closest to DNS itself.<br></p><p>There is no doubt that the things are bad and deserve to be
slowed, blocked, denied, and otherwise prevented. And if that
prevention may involve some changes to the way we administer DNS
or operate it, or even how it is defined in the RFCs.<br></p><p>But to call these bad things "DNS Abuse" is, to my mind, rather a
stretch.<br></p><p>And if we are to talk about these things we should very clearly
understand whether we are talking about the name registration
machinery via registrars and registries and provisioning protocols
and whois, versus the actual machinery of resolving DNS names via
name servers.<br></p><p>I would add, however, that some of this is of our own making - my
favorite being the five minute update period between someone
changing record at a registrar and that change appearing out there
on the net. Much as that five minute period is really nice when I
am making changes I am of the opinion that convenience to those of
us who make updates should be outweighed by the public interest in
avoiding threats that are facilitated by fast (five minute)
updates to the mappings of 2nd tier names (e.g. names directly
under the TLDs - there's not much we can do about rapid updates
deeper in the hierarchy.)<br></p><p> --karl--<br></p><div class="qt-moz-cite-prefix">On 2/18/21 1:02 PM, Matthias M.
Hudobnik wrote:<br></div><blockquote type="cite" cite="mid:000001d70639$57fab670$07f02350$@hudobnik.at"><pre class="qt-moz-quote-pre">Dear all,
What do you guys think about this initiative: <a class="qt-moz-txt-link-freetext" href="https://dnsabuseinstitute.org/">https://dnsabuseinstitute.org/</a> :-)?
Have a nice evening!
Kindest regards,
Matthias
__________________________
Ing. Mag. Matthias M. Hudobnik, CIPP/E
<a class="qt-moz-txt-link-abbreviated" href="mailto:matthias@hudobnik.at">matthias@hudobnik.at</a>
<a class="qt-moz-txt-link-freetext" href="http://www.hudobnik.at">http://www.hudobnik.at</a>
@mhudobnik
<br></pre><div><br></div><pre class="qt-moz-quote-pre">_______________________________________________
At-Large mailing list
<a class="qt-moz-txt-link-abbreviated" href="mailto:At-Large@atlarge-lists.icann.org">At-Large@atlarge-lists.icann.org</a>
<a class="qt-moz-txt-link-freetext" href="https://atlarge-lists.icann.org/mailman/listinfo/at-large">https://atlarge-lists.icann.org/mailman/listinfo/at-large</a>
At-Large Official Site: <a class="qt-moz-txt-link-freetext" href="http://atlarge.icann.org">http://atlarge.icann.org</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="qt-moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="qt-moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<br></pre></blockquote><div>_______________________________________________<br></div><div>At-Large mailing list<br></div><div><a href="mailto:At-Large@atlarge-lists.icann.org">At-Large@atlarge-lists.icann.org</a><br></div><div><a href="https://atlarge-lists.icann.org/mailman/listinfo/at-large">https://atlarge-lists.icann.org/mailman/listinfo/at-large</a><br></div><div><br></div><div>At-Large Official Site: <a href="http://atlarge.icann.org">http://atlarge.icann.org</a><br></div><div>_______________________________________________<br></div><div>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<br></div></blockquote><div><br></div></body></html>