[At-Large] The DNS Abuse Institute

Fri Feb 19 08:58:23 UTC 2021

Karl, 

You are correct it is a stretch, but it is what we registrars can do on a volunteer basis on a technical level. 
The reality is of course that most cybercrime we all read about and experience is happening at very different parts of the DNS, and often simply related to the DNS and happening outside the DNS. 

At the registrar, I work for we process 75 different RBL feeds our data goes back to 2017 and our reality is that the average abuse levels on our registrar backend platform are 0.04%. Of the 0.04% abuse, 98% of the abuse is not actionable and outside of the DNS Abuse Framework, we created as CP's. 

I understand that the ICANN community wants to crack down on abuse, we are all on the same page there. But the time that the CP's are low hanging fruit to bring down abuse levels, that ship has sailed a few years ago. 

Best, 
Theo

On Thu, Feb 18, 2021, at 9:58 PM, Karl Auerbach wrote:
> On the website, if you dig deep enough, they have a link to a document that defines what they mean by abuse.

> http://dnsabuseframework.org/media/files/2020-05-29_DNSAbuseFramework.pdf

> It is essentially a list of ill thing like spam, malware, botnets, and phishing and the like.  In other words the "abuse" is not directly an aspect of DNS but rather of something that uses DNS, among other technologies.

> That same logic could also be used to tie the enumerated ills to "abuse of electricity" or "abuse of computers" or "abuse of IPv6".

> In their list of "DNS abuses" it is Pharming that is perhaps the closest to DNS itself.

> There is no doubt that the things are bad and deserve to be slowed, blocked, denied, and otherwise prevented.  And if that prevention may involve some changes to the way we administer DNS or operate it, or even how it is defined in the RFCs.

> But to call these bad things "DNS Abuse" is, to my mind, rather a stretch.

> And if we are to talk about these things we should very clearly understand whether we are talking about the name registration machinery via registrars and registries and provisioning protocols and whois, versus the actual machinery of resolving DNS names via name servers.

> I would add, however, that some of this is of our own making - my favorite being the five minute update period between someone changing record at a registrar and that change appearing out there on the net.  Much as that five minute period is really nice when I am making changes I am of the opinion that convenience to those of us who make updates should be outweighed by the public interest in avoiding threats that are facilitated by fast (five minute) updates to the mappings of 2nd tier names (e.g. names directly under the TLDs - there's not much we can do about rapid updates deeper in the hierarchy.)

>     --karl--

> On 2/18/21 1:02 PM, Matthias M. Hudobnik wrote:
>> Dear all,

What do you guys think about this initiative: https://dnsabuseinstitute.org/ :-)?
Have a nice evening!

Kindest regards,
Matthias

__________________________
Ing. Mag. Matthias M. Hudobnik, CIPP/E
>> matthias at hudobnik.at
>> http://www.hudobnik.at
@mhudobnik

>> 
>> 
>> _______________________________________________
At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large

At-Large Official Site: http://atlarge.icann.org
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> 
> At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20210219/4291c3cd/attachment-0001.html>