Please Share This Story!
Most ISPs have their own way of dealing with domains that deal with malware, botnets, phishing, pharming and spam. A global registrar could easily be expanded to include misinformation and disinformation regulated by opinionated fact-checkers. Like Orwell’s 1984, your domain could be erased from existence. ⁃ TN Editor

The DNS Abuse Institute (DNSAI) is currently developing a Centralized Abuse Reporting Tool (CART).  This tool is intended to provide a single platform to report DNS Abuse by outlining the evidence requirements for each abuse type, properly formatting and enriching the request details provided, and then forwarding it to the appropriate registry or registrar.  The goal is to standardize reliable processes to improve both the act of reporting abuse and the abuse reports that registrars and registries receive.

As part of it’s requirements gathering, the DNSAI researched the reporting processes of the largest registries and registrars in order to better understand how they accept reports of abuse.  Publicly available information from registry and registrar websites was collected to obtain data on their abuse reporting implementations and processes.  In an attempt to mimic the experience of an abuse reporter without prior knowledge of the registry or registrar, the search for information always started on each registrar or registry homepage, followed by more extensive site navigation when required, or a separate google search if insufficient information was found on the website.

Note that the data only reflects the information found at the time of searching and not necessarily what may currently exist. Factors such as language and large or complex websites may have effectively hidden some of the information sought, but in this case it could also be reasonably assumed that abuse reporters would be similarly impacted.

It should also be noted that this work was not intended as an audit, and was not conducted with an eye towards any applicable ICANN contractual obligations. Further, a substantial amount of the information we were looking for goes above and beyond what ICANN accredited registrars and registries are required to do. The data includes results from ccTLDs that are entirely outside of the ICANN contractual regime.


Research was conducted on the top 50 registrars by the number of registered domains, comprising over a quarter of all registered domains, and a significant majority of gTLD domains.

Research was also conducted on the 32 registries that operate the 15 largest TLDs by names under management as well as the 30 largest gTLDs by names under management. This represents a majority of all domains.

Remember, these results were gathered by beginning to search through the relevant registrar or registry sites and expanding from there, so it is possible that additional resources exist but were not found after reasonable diligence. That said, if we were unable to locate the resource after reasonable diligence, it is likely an abuse reporter would have the same experience.

The data collected from registrar and registry websites indicated the following:

Information available on abuse reporting % of Registrars % of Registries
Dedicated abuse reporting page 78% 47%
Link to abuse reporting page from their homepage 46% 34%
Required search beyond the homepage or a separate google search to find the abuse reporting page 32% 12%
No abuse reporting page located 22% 53%
Abuse contact email 74% 56%
Abuse email contact was not listed on the abuse reporting page, but found via the contacts page, site search, or google search 20% 19%
Webform for abuse reports 54% 25%
Only webform is available (no email, etc) 14% 6%
Webform has a single set of response fields for all abuse types 22% 19%
Abuse contact mailing address 4% 22%
Abuse contact telephone number 16% 12%
No abuse contact 10% 34%
Specification of abuse types 64% 25%
Evidence requirements for each abuse type stipulated 40% 9%
Separate processes for law enforcement and the use of court orders/subpoenas 22% 3%

Read full story here…

This post was originally published on this site