As gTLD registry operators and ICANN accredited registrars prepare to vote on the new DNS Abuse contract provisions, let’s take a moment to discuss (and hopefully help settle) a vital term found in the proposed amendments – that of ‘actionable evidence’ of DNS Abuse. As the first in a series of CleanDNS articles, this piece is focused on, not only explaining why this wording is so vital, but how, with the correct tools, compliance (or more) can be achieved with confidence, by both registry and registrar alike.
Essentially under the proposed amendments, where ‘actionable evidence’ of DNS Abuse is available to the contracted party, this would crystallise into a follow-up requirement; to take a reasonable action to contribute to stopping or disrupting that abuse from occurring. This may seem daunting at first glance, but this language is essential and quite welcome.
First, needing ‘actionable evidence’ means that mere allegation alone is not actionable without supporting and sufficient evidence. Assume a registry or registrar is made aware of an allegation of DNS Abuse (say phishing) on a domain, via a public blacklist. This listing, unless reasonably substantiated by evidence, should not trigger any further obligation. Now, ICANN’s draft advisory does make it clear that if evidence is ‘readily available’ to that operator, then that evidence must be considered. Realistically however, where the substantiation of a mere allegation would require considerable time, effort or money, then this would not be likely considered objectively reasonable.
Secondly, and indeed, a very welcome addition, is the now clear acceptance that evidence-based escalations and due process are key. Actions taken at the DNS level, such as suspending a domain name, can have far reaching impacts across an exceptionally large numbers of internet users. Such drastic actions should only ever be taken where ‘actionable evidence’ is present. Just because an entity CAN take an action, does not mean they SHOULD. ICANN and the contracted parties have done well in working in a clear and vital support for basic due process. This should be welcomed and applauded.
‘Readily available actionable evidence’
Let’s just level set here; most registries and registrars want a safe and secure DNS; it also doesn’t hurt, that a good reputation in abuse management, is also good for business. Answering ‘why’ the new amendments are an incredibly positive thing, should be clear – it is the ‘how’ that may keep people up at night. To start, a sense of calm is necessary; don’t try to boil the ocean. Readily available ‘actionable evidence’ should include information that can be gleaned through abuse intake forms, abuse emails, or any monitoring that may be carried out. These are for the most part existing requirements in all contracts; all these new amendments do, is make sure these evidence-based reports are not ignored. (Which is a positive thing). Don’t panic, focus on setting reasonable evidence thresholds, apply them consistently, add a healthy dose of good record keeping, and the rest will follow.
Compliance should not be a cause of concern to any contracted party. Simply put, with the right tools, anything is achievable. CleanDNS, for instance, was built to make this task as simple as possible. The platform and expert analyst team, support a mostly automated and fully auditable, end-to-end abuse management process, for registry or registrar alike. CleanDNS can help achieve these goals, whether those goals are contractual compliance, or following industry best practices, such as the Framework to Address Abuse, of which most of CleanDNS’s registry and registrar clients are signatories.
CleanDNS welcomes and supports ICANN and the Contracted Parties’ efforts in dealing with DNS Abuse, and sincerely hopes these amendments will be adopted.
By Alan Woods, CleanDNS General Counsel
Initially published with on Central Nic Partner News.