Trust & Safety? Try Mistrust & Spin.
Going Beyond the Numbers: Elevating Trust and Efficacy in DNS Abuse Policy
CleanDNS Editorials: A discussion on the imperative of integrity and accuracy in DNS Abuse policy and statistics reporting, in reflection of discussions at ICANN83.
By Alan Woods, CleanDNS Chief Legal Officer | Article publication date: 17 June 2025.
With ICANN83 now concluded, attention has turned to the latest Governmental Advisory Committee (GAC) Communique, and the advice it contained on the future of DNS Abuse policy[i]. The GAC has called for progress on narrowly scoped policy development policy (PDP), with a focus on bulk registrations and the review of affected registrant accounts during DNS Abuse investigations. While this aligns with the direction proposed by the Contracted Parties House (CPH) earlier in the week[ii], one notable concern remains: the GAC was presented with, frankly, factually inaccurate claims by panellists, claims that would be immediately recognized as false by experienced anti-abuse practitioners, but which objectively risked misleading those less familiar with the complexities of DNS Abuse mitigation. Although the support of the GAC is welcome, it is of some worry that this advice (whether influenced or not) is presented in light of a skewed view of the issue at hand.
The straw that broke…
(Fig 1: Screen capture of a slide presented during the GAC Discussions on DNS Abuse Mitigation session at ICANN83. Source: ICANN83 public recordings.)
The slide in question (Fig 1) presented the ‘largest malicious bulk batch runs’ and “Arsenals of Domains” held at registrars who permitted DGAs (domain generation algorithms). Using the language of weaponization, the presenters were linking bulk registrations to bad actors. The issue? One of the registrars listed was the “Registrar of Last Resort” (ROLR). Anti-DNS Abuse practitioners in our industry know that ANY registration held at ROLR is, by definition, not only safe, but is actively aiding law enforcement. ROLR may receive transfers, or seek the registration of DGAs to prevent/block harms. It was therefore quite disappointing that during the course of an expert presentation, a clear indicator of immense remediation effort against DNS Abuse was nonetheless wielded as sword to attack a claimed lack of action. It is difficult to see this as anything other than misleading.
Although this is a single recent example, it is not the first of its kind. The ongoing debate of bulk registrations and their relation to abuse is regularly the focus of presentations, reports, articles and interventions from various parties. Presentations such as these, with less than effective methodology, tend to focus on raw numbers of abuse reported without reference to validation or evidence, from a small number of sources. On this occasion, perhaps this was simply an error by the presenter, but enough is enough. Whether an error not, the issue was instantaneously obvious to those of us fighting this battle daily, but to other less attuned observers, this was gasoline to an open flame. At this level of discourse, especially under the heading of ‘expertise’, it simply should not happen.
The Imperative of Integrity: Transparency, Validation, and Verifiable Facts in International Discourse
To be clear, nobody is denying that DNS Abuse is occurring. From CleanDNS’ perspective, we take our mission exceptionally seriously: to clean up the Internet, for good. CleanDNS and our clients are constantly improving and innovating, getting stronger, better and faster for the benefit of the clients themselves and victims of online harms alike.
|
Why Our Independence Matters A quick but important point: CleanDNS is an independent abuse mitigation company. That means we are not tied to a registrar, registry, host, or enforcement body. While our day-to-day business centers around remediating and mitigating online harms with our industry clients, our mission is to “clean up the Internet” by providing actionable intelligence, streamlined reporting and escalation, and rapid action to prevent victimization and future harms.
|
|---|
We are experts with an immensely important voice – let’s start acting like it.
This recent example aside, the bigger picture here is that those of us who are subject matter experts in the industry, working every day to fight online harms and make the Internet a better place through measurable actions and policy, must understand our influence. ICANN policies can have global reach and have serious impacts; integrity and analysis of data is not optional – it’s foundational. The opportunity to partake in these policy discussions is a privilege. Critical decisions about internet infrastructure, user protections, and security occur with regularity, and they must be rooted in verifiable facts and robust methodology, not unsubstantiated claims or anecdotal narratives.
We are in the position to regularly influence the policy architecture for the backbone of the DNS, and we can use that voice to pave the way for the enhanced safety of end-users around the world. Given that immense responsibility, participants must seek to act with clarity and precision, and to do so transparently, precisely and with due care. Unverified claims or misleading statistics can distort the understanding of abuse, misdirect limited resources, and result in policies that are either too heavy-handed—causing collateral damage to legitimate domain owners—or too weak to address the actual threats. This misalignment has real-world consequences, harming users, businesses, and the stability of the DNS ecosystem.
Credible policy-making depends on stakeholders having the ability to independently assess and verify information. Data and expert analysis, when presented as such, must be transparent, reproducible, and evidence-based. When presentations lack this rigor, they undermine trust, foster misinformation, and erode the legitimacy of the multistakeholder model.
In short, experts bear a profound responsibility. Their conclusions must be accurate, independently verifiable, and presented with intellectual honesty. Anything less not only hampers progress, but also threatens the credibility of the very institutions working to safeguard the open internet.
Conclusion: A Call for Collective Accountability and Progress
The internet governance community must evolve beyond superficial metrics. A robust, evidence-driven, and lifecycle-aware approach to DNS Abuse mitigation is essential—not just for operational improvement, but to preserve trust, ensure meaningful outcomes, and safeguard the health of the global internet.
The ICANN community, including policymakers, technical operators, and civil society, must collectively commit to this higher standard. This means abandoning the illusion that “abuse” can be measured by overly simplistic approaches, whether that is counting raw reports, measuring takedowns alone, or simply ignoring remediation. True progress comes from assessment of the bad, as well as actually recognizing and rewarding strategies that prevent, disrupt, and remediate harm.
We must foster a culture of continuous improvement, grounded in transparency, data integrity, and measurable outcomes. By anchoring discussions in verifiable facts and prioritizing precision over drama, we can ensure that DNS Abuse mitigation evolves into a mature, impactful discipline capable of meeting today’s—and tomorrow’s—challenges.
The path forward lies not in sensationalism, but in a shared commitment to responsibility, clarity, and collaboration.
–
By Alan Woods, CleanDNS Chief Legal Officer | Article publication date: 17 June 2025.
###
CleanDNS Editorials: Insights from the people on the front lines of the fight against DNS Abuse. CleanDNS Editorials offer a look into our mission of detecting, evidencing, escalating, and mitigating, DNS Abuse and online harms through actionable reports and streamlined processes. Take an inside view at what’s being done to reduce victimization across the Internet, straight from the people who know it best.