Abusive behavior that leverages the domain name system (DNS) continues to be a problem, with a reach that has been widely and credibly documented. There is little doubt that bad actors continue to use the DNS for nefarious and costly purposes. While the amendments made in 2024 to ICANN's Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) were a step in the right direction, more advanced tools are needed to bring abuse rates down.
Notably, developments in the European Union have once again outpaced ICANN's contracts, with the EU Network and Information Security Directive (NIS2) Guidelines directly addressing elements of DNS abuse. ICANN should apply these new security standards across the globe to protect the public from the harms resulting from DNS abuse. The domain industry has a short window to upgrade the RA and RAA before it risks additional governmental intervention.
Some will recall the 2012-2013 time period as one that was extraordinarily busy for all involved in ICANN:
It's been a long decade since, but today, we face a similar opportunity to move the DNS further toward stability and security. As the new round of gTLD applications approach -- more than ten years after the last round -- we should seize the chance now to revamp these agreements to advance the ongoing fight against DNS abuse and other harms.
While ICANN Org smoothly and professionally gathered and represented the community's concerns in the 2013 round of contractual updates, it missed the mark in its handling of the 2024 amendments.
Specifically, ICANN Org did not -- as it had done so thoroughly before -- engage in meaningful and good faith dialogue with the community prior to commencing negotiations. Nor did ICANN Org, other than when it staged a cursory comment period (where it took on exactly none of the community's additional input), do much to negotiate anything beyond what contracted parties themselves sought from amendments. This shortcoming is of concern to the many other stakeholder groups, advisory committees and constituencies that make up the ICANN multistakeholder model.
We hope for much broader engagement from all going forward.
In terms of process, one can harken back to the 2013 RAA improvements.
Importantly, transparency was a hallmark of the process. Along the negotiation road, ICANN Org kept the community in the loop. There were dozens of consultations, ranging from public comment periods to in-person updates to a dedicated wiki page for community interaction. The community was respected as a collaborator in the process.
ICANN Org should follow this precedent. No one expects or requests a role in the negotiating process itself; however, the community deserves a voice in matters of public interest such as this.
There are previously established standards for such a request. In the instance of the RAA:
In the instance of the RA (both the base agreement and individual gTLD contracts):
The above is a non-exhaustive list of various community inputs and serves as a reminder to ICANN Org's then commitment to partnering with the community to ensure important priorities were reflected in final agreements.
The community recognizes that there exists now an inflection point within the ICANN sphere, one that has begun to favor productivity and results after years of stagnation. With a new CEO joining ICANN Org, it is the hope of many that this translates as well to real and far-reaching results on the issue of DNS abuse, and not merely is a box to be checked.
In terms of useful tools for pushing back on DNS abuse, the following would be useful tools:
These are just a few of the improvements that would demonstrate ICANN Org's commitment to partnering with the broader community to ensure important priorities were reflected in agreements.
The community stands ready to contribute productively and in good faith to this important initiative.