About ICANN
- Acronyms and Terms
- Courses and Learning
- ICANN for Beginners
- Participate
- President's Corner
- ICANN Management Organization Chart
- Staff
- Careers
- In Focus
- Media Resources
Board Activities and Meetings
Accountability
- Accountability Mechanisms
- Reviews
  - Organizational Reviews
  - Specific Reviews
- Expected Standards of Behavior
- Employee Practices and Resources
- Enhancing ICANN Accountability – Work Stream 2 Implementation
Governance
- Governance Documents
- Evolving ICANN’s MSM
- Agreements
- Annual Reports
- Financials
- Planning
  - Strategic Plan
- Presentations
- RFPs
- Litigation
- Newsletter
- Correspondence
  - 2023
  - 2022
  - 2021
  - 2020
  - 2019
  - 2018
  - 2017
  - 2016
  - 2015
  - 2014
  - 2013
  - 2012
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
  - 1999
  - 1998
- Quarterly Reports
Groups
- 2023 ICANN CEO Search Committee
- RSSAC
  - Charter
- SSAC
- GAC
- At-Large
- ASO
- ccNSO
- GNSO
- Technical Liaison Group
  - Technical Experts Group (TEG)
- NomCom
  - Past NomComs
- Customer Standing Committee
- Root Zone Evaluation Review Committee (RZERC)
Business
Civil Society
Complaints Office
- Complaints Report
Domain Name System Abuse
Contractual Compliance
- About
- Programs
- Complaint Submission & Learn More
- Reporting & Performance Measurement
Registrars
- Accreditation Agreement
  - Global Amendments
    - 2024 Global Amendment to the RAA
    - 2023 Global Amendment to the RAA
- Registrar Library
- News & Communications
- How to Become a Registrar
- Changes to Existing Accreditation
- Privacy and Proxy Service Providers
- Registrar Resources
Registry Operators
- Advisories & Consensus Policies
  - Advisories
  - Consensus Policies
    - Registration Data Policy
      - Data Processing Specification (DPS)
      - Registration Data Policy Implementation Resources
    - Registry Service Evaluation Policy (RSEP)
- News & Events
- Registry Agreements
  - Global Amendments
- Registry Resources
- Services for Registry Operators
Domain Name Registrants
- About Domain Names
- ICANN Policies
- Registration Data Policies
  - WHOIS and Registration Data Directory Services
    - The Domain Name Registration Process
      - Using Domain Name Registration Data
      - Keeping Registration Data Accurate
    - Access and the Evolution of the WHOIS System
- Domain Name Industry
- Registering Domain Names
- Managing Domain Names
  - Contact Information and WDRP
  - Securely Managing Your Domain Name
- Transferring Domain Names
- Renewing Domain Names
- Rights and Responsibilities
- Spam, Phishing, and Website Content
- Trademark Infringement
GDS Metrics
Identifier Systems Security, Stability and Resiliency (OCTO-SSR)
ccTLDs
- Background Materials
- Agreements
- Delegation
- Root Zone Database
- Model MOU
- Workshops
- ICANN and ISO
Internationalized Domain Names
- Root Zone Label Generation Rules (LGR)
- IDN Variant TLD Implementation
- LGR Toolset
- IDN ccTLD Fast Track
- IDN Implementation Guidelines
- Second-Level LGR Reference
- Resources
- Announcements and Blogs Posts
New gTLD Program
Universal Acceptance Initiative
- Make your systems UA-ready
- Universal Acceptance Steering Group (UASG)
- UA Training
- UA Day
- UA Readiness Evaluations
- Announcements and Blogs Posts
Policy
- Policy Mission
- Policy Staff Goals
- Presentations
- Global Addressing
- Policy Updates
Operational Design Phase (ODP)
Implementation
Public Comment
- Open
- Upcoming
- Archive
Root Zone KSK Rollover
Technical Functions
- Tech Day Archive
ICANN Locations
- Report Security Issues
- PGP Keys
- Certificate Authority
- Registry Liaison
- Ombudsman
I Need Help
- Dispute Resolution
- Domain Name Dispute Resolution
- Name Collision
- Registrar Problems
- Whois Data Correction
- Independent Review Process
- Request for Reconsideration
- Document

DNS Security Threat Mitigation Program

How to address malicious use of domain names, broadly referred to as Domain Name System (DNS) abuse, is a topic of great interest and discussion. The ICANN community has not yet reached a consensus definition for "DNS Abuse". At this time, consistent with ICANN's remit as defined by the ICANN Bylaws, the ICANN organization's efforts are primarily focused on supporting the mitigation of DNS security threats.

DNS security threats include five broad categories of harmful activity:

Botnets
Malware
Pharming
Phishing
Spam (as it is used to propagate other DNS security threats).

ICANN org's DNS Security Threat Mitigation Program (Program) strives to make the Internet a safer place for end users by reducing the prevalence of DNS security threats across the Internet.

The ICANN organization-wide program is built upon these three pillars:

Be recognized as a trusted source of information: Provide research, data and expertise to help the community have fact-based discussions about the topic.
Provide Tools to the Community: Help support mitigation of DNS security threats.
Enforce Contractual Provisions: Enforce Registry Agreement, Registrar Accreditation Agreement and ICANN Consensus Policies through audits and pursuit of complaints.

This Program enables ICANN org a collaborative platform which provides visibility and clarity over the org's various DNS security threats related initiatives and projects, and allows for the formation and execution of a centralized strategy. This page will act as a hub for the variety of projects, initiatives and activities ICANN undertakes related to the mitigation of DNS security threats.

If you have questions, please direct them to [email protected].

News and Events

Blog: New ICANN Project Explores the Drivers of Malicious Domain Name Registrations (April 2023)
Blog: ICANN and Contracted Parties Negotiate About Improved DNS Abuse Requirements (January 2023)
Guest blog (APNIC): DNS abuse trends (14 June 2022)
Blog: Keep Up to Date With ICANN's DNS Security Threat Mitigation Program (9 June 2022)
Blog: ICANN Publishes DNS Abuse Trends (22 March 2022)
Announcement: The Recording is Now Available for the ICANN Informational Session on DNS Abuse (8 November 2021)
Announcement: Informational Session on DNS Abuse: Panel Discussion with the ICANN Board (18 October 2021)
Blog: Update on ICANN's DNS Security Threat Mitigation Program (19 July 2021)
Announcement: Webinar: ICANN DNS Security Threat Mitigation Program Update and Community Discussion (1 July 2021)
Announcement: Adding Linguistic Diversity to the Domain Name Security Threat Information Collection and Reporting Project (14 June 2021)
Blog: ICANN Org's Multifaceted Response to DNS Abuse (20 April 2020)

Meetings and Sessions

22 October 2021

Informational Session on DNS Abuse: Panel Discussion with the ICANN Board

Video Recording
Audio Recording – Session 1: Arabic | Chinese | French | Russian | Spanish
Audio Recording – Session 2: Arabic | Chinese | French | Russian | Spanish
Presentation: PDF

22 July 2021

DNS Security Threat Mitigation Program Update and Community Discussion

Video Recording
Audio Recording: Arabic | Chinese | French | Portuguese | Russian | Spanish
Presentation: PDF

Domain Abuse Activity Reporting

ICANN's Domain Abuse Activity Reporting (DAAR) system monitors domain abuse and registration activity across top-level domains (TLDs). DAAR continuously collects registration and security threat data from numerous reputation data feeds. Using the data, ICANN analysts identify and report the use of domain names for activities such as phishing, malware distribution, botnet activity, and spam as a delivery mechanism. The DAAR data can be used to monitor DNS security threat levels and concentrations across participating TLDs. For more information, as well as DAAR monthly reports, visit the Domain Abuse Activity Reporting webpage. ICANN's Identifier Technology Health Indicators (ITHI), or ITHI Metrics, also provide metrics related to DNS Security Threats for the community. For more information, visit the ITHI webpage.

Domain Name Security Threat Information Collection and Reporting (DNSTICR)

The DNSTICR project produces reports on recent domain registrations that we believe to be using the COVID-19 pandemic for phishing or malware campaigns. These reports contain the evidence that leads ICANN org to believe the domains are being used maliciously, along with other background information to help the responsible registrars to determine the correct course of action. More information about DNSTICR can be found here.

Capacity Development and Training

Capacity development and training includes the DNS ecosystem security offerings on ICANN Learn, as well as virtual and in-person training delivered by OCTO Technical Engagement, Global Stakeholder Engagement, and with community partners.

Resources for Registries and Registrars

Framework for Registry Operators to Respond to Security Threats
Advisory re: Technical Analysis and Statistical Reporting of Security Threats (Specification 11 3b of the Base gTLD Registry Agreement)
Security Response Waiver (SRW) for Registrars
Security Response Waiver (SRW) for Registry Operators (formerly Expedited Registry Security Request)
gTLD Registries Stakeholder's Group (RySG) resources for registries
- Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets jointly drafted by the Governmental Advisory Committee Public Safety Working Group (PSWG) and the Registries Stakeholder Group (RySG)
- Combating DNS Abuse: Registry Operator Available Actions
ICANN Monitoring System API (MoSAPI) user guide - In addition to service level agreement (SLA) performance information, registries can access daily feeds from ICANN's DAAR system via the MoSAPI.

Resources for End Users

After a reporter has submitted an abuse complaint to the registrar of record regarding abuse of a domain name in a gTLD, and after a reasonable time, if the reporter believes the registrar did not fulfill its obligations according to the Registrar Accreditation Agreement (see section 3.18), then the reporter may file a complaint with ICANN Contractual Compliance: Abuse involving a domain name. For more information on abuse complaint handling, visit ICANN Contractual Compliance Handling Report webpage.

Contractual Compliance Audit Program

The audit program is an integral part of the ICANN Contractual Compliance function. The goal is to ensure that contracted parties, registrars and registries, comply with their agreements and the consensus policies. It is the opportunity and means by which ICANN enhances community transparency through fact based and measurable reporting while proactively addressing any potential deficiencies. For more information, visit the Contractual Compliance Audit Program webpage.