February 9, 2022

DNSAI Newsletter February 2022

Gaining Momentum, Solving Problems

Today, February 8th, is ‘Safer Internet Day‘, which nicely reinforces the importance of our work, but also provides an opportunity to reflect. I am very excited to share how 2022 is shaping up, but before we look forward though, a brief look back:

I joined the DNSAI in February a year ago, and spent the first few months thinking about how to approach the problems DNS abuse presents. I needed to get a firm grasp on the puzzle pieces, like industry economics, issues around reporting and implementation, and even a broader understanding of exactly where DNS abuse was prevalent. I put these pieces together into a roadmap that we published in June last year which laid out where the DNSAI intended to spend it’s time for the next three years.

Seven months later, we’re in the thick of it and looking to deliver on those goals substantially ahead of schedule.

TL;DR:

CART and Intelligence are both launching in the first half of 2022. We are very excited.
We’ll be using the second half of the year to improve those initiatives, as well as to look at preventative approaches to abuse mitigation.
Continue building our capacity to collaborate and produce helpful best practice
Best,

Graeme

Centralized Abuse Reporting Tool (CART)

A centralized mechanism to report abuse that occurs across the domain name ecosystem was proposed in a number of ICANN outputs like SSAC115, SSR2, and the CCTRT. Not only was such a system important and necessary, but it appeared to be reasonably achievable. However, the quality and volume of abuse reports was clearly a problem for the Registrars we spoke with.

We’ve been working with vendors to put the pieces together and while it’s not done yet, I’m very excited by the progress of this project. The potential is massive. It is easy to submit standardized abuse reports which CART enriches with relevant and useful information, and then refers to the appropriate registrar via email or API.

As with all development projects, the timelines are speculative, but we’re working towards a registrar-only beta in late March, and a public launch at the end of May or early June. We’ll be doing webinars and outreach as we get that going.

Lastly, stay tuned for a new name for CART. While the acronym is handy, it makes no sense to anyone outside of ICANN and has name-collisions with dozens of other things. I am discovering just how hard branding is, and that I am pleased it’s not my job.

DNSAI Intelligence

The DNSAI requires its own accurate and robust understanding of how DNS abuse is distributed across the ecosystem. Much of the existing DNS abuse intelligence is either opaque, compromised by commercial interest, unevidenced, biased, inaccurate, or all of the above. The community and the Institute need to be able to accurately understand how much DNS abuse there is in order to move forward.

We’ve made really good progress on specifying the data we need to capture, establishing a transparent, robust methodology, and figuring out how we’re going to turn all that data into information. Our current plan is to provide registries and registrars with a preview in early June, and a public launch in July. Conversations on DNS abuse will never be the same.

Education and Collaboration

While they don’t have the glossy shine of new technologies, the DNSAI is working on producing a steady stream of educational materials and best practices. Soon, we will be releasing a three part series on the policies, tools, and procedures that registrars require to combat abuse. If you’ve got an idea you think would be helpful for the community, the DNSAI would be happy to help produce and share it.

The DNSAI has also been quietly building a space for registrars and registries to collaborate. To date, it’s been primarily focused on getting feedback on CART features and abuse pain points, but when we get it going the intent is to ultimately have a trusted space for sharing insights on abuse trends and mitigation. If you’re on the front lines of mitigating abuse and wish to participate, please reach out to graeme@dnsabuseinstitute.org.

Preventative Approaches to Mitigation

Preventing abuse before it happens saves people from harm, and in the long run is less expensive than cleaning up the mess it brings. But it’s also expensive to do, and introduces friction into the domain registration process.

With the planned launch of CART and Intelligence in the first half of this year, we’ve begun to turn our attention to preventative measures. We’re looking very carefully for places where business and anti-abuse incentives align, and we believe there are some potentially impactful opportunities. We’re hoping to preview some of these ideas during the Tech Day at ICANN 73, and will be gearing up to dig deeper into this area in the second half of the year.