Domain Monitoring and Domain Abuse Management
Interview with Rickard Vikström, Founder at DomainCrawler
Rickard Vikström is a Swedish entrepreneur with quite an impressive professional resume. Over the years of his career, he was involved as a founder and a board member in several companies such as Stay Secure, Holm Security, Wincher and Internet Vikings. The latter has become one of the biggest domain name registrars for the iGaming industry in Europe. In 2008, driven by the vision of indexing the entire Internet, he started DomainCrawler which became a pioneer in domain data collecting and structuring.
What is the importance of domain monitoring and abuse management?
For registrars and registries, proactive domain name monitoring and abuse management is important because it can reduce support needed and spot issues within a network. As for brand owners, it's a key element in protecting a brand in today's digital world -- your domain is your business. One of the things we see regularly is that weak domain monitoring and management can lead to all kinds of problems for a business, including cybersquatting, business impersonation, and loss of sales.
At the moment approximately 0.3% of domain names are discovered from a reputable source and listed in a DNS abuse report. On further analysis of the data, reported DNS abuse is a fairly regular event for top-level domain names.
For a long time now, malicious activities have been a regular and serious issue, affecting online security, with negative consequences for both users and third parties alike, even undermining trust in the Internet itself. We can say such actions are DNS abuse and consist of threats to cybersecurity and networking of harmful or illegal materials. Unfortunately for everyone, there seems to be no common agreement as to what constitutes DNS abuse amongst stakeholders, or what is the definition of DNS abuse and what should be collectively done to prevent or fight it.
What constitutes a domain abuse case?
There is no exact definition of DNS abuse that everyone agrees with. In simple terms, anyone who is trying to use a domain asset to either scam or engage in unlawful activities is guilty of DNS abuse. DNS Abuse framework includes the following activities in the definition: phishing, malware, spam as a vector, botnets, pharming. These activities are commonly recognized in most countries and jurisdictions as illegal or at least harmful. However, there is some criticism of this definition. The framework does not mention trademark/copyright infringement, counterfeiting, piracy, or cybersquatting. In addition, it separaes DNS abuse from website content abuse which is meaningless in terms of reviewing and addressing online abuse.
How does domain monitoring differ from the registries and registrars' points of view?
Well, regarding DNS abuse involving domain names, such as CSAM, phishing, IPR infringement, malware etc., the DNS intermediary that first finds or is notified of the abuse must primarily check if a given case is related to content abuse and/or DNS infrastructure itself. Then, they should identify and inform an appropriate person or body that might be able to assess the situation better, and furthermore address the abuse. Really, in our opinion, the whole issue needs to begin at the lower-level and progress upwards.
Registrars should perform this activity in order to reduce issues for their customers that might experience spam and/or blocked IP addresses or domain names, for example. On the other hand, registries use domain monitoring mostly to analyse their networks and create statistics to show what their top-level domains (TLDs) are being used for.
What approaches and technologies do registries in different countries implement?
Directive 2013/40/EU does provide that an .eu registry needs to adopt clear policies aiming to ensure the timely identification of abusive registrations of domain names and, where necessary, cooperate with competent authorities and other public bodies.
At international level some multilateral treaties exist but do not expressly provide an exact definition even if they do recognize the importance of the DNS itself and combating its misuse. Mostly such treaties are used by countries to shape domestic policy rather than any single unified approach.
As for technology, there are many tools available from different suppliers in different countries and most registries have some kind of abuse monitoring whereby they can see their own TLD/domain names for example.
The DomainCrawler tool enables the registry to observe the health of zone files gaining a deep understanding of a user base, conduct research to identify the riskiest zone files, check the most important details that surrounds any given domain name... It is easy to use, scalable, cost-effective and powerful with many UI filters.
Is there a difference in approaches between gTLD and ccTLD registries?
gTLDs, ccTLDs registries need to provide a unified and scalable method for accessing complete registration (WHOIS) information (which is in compliance with data protection laws), using the RDAP protocol. This is required to attribute abused and vulnerable domain names to the respective registrars and extract necessary contact information.
However, data from a recent EU study showed that EU based ccTLDs are by far the least abused in absolute terms and relative to market share. Only 0.8 percent of all abused (compromised and maliciously registered) domain names were registered under EU ccTLDs. This must be due to stronger compliance within the region.
What kind of technology or approach do data registries and registrars require in order to fight domain abuse better?
We at DomainCrawler would of course say look outside your immediate environment. Abusers are cross border and cross domain, and we need some kind of coordinated, unified approach to fight this on a national and global level.
The common adoption of good practices, which are widely published, would reduce and effectively mitigate DNS abuse plus enhance both online security and businesses’ trust in the DNS and generally in the Internet.
Is there a need for deeper communication amongst registries? Why so? Is it possible from a legal perspective?
For a lasting impact on malicious behavior such as DNS abuse to exist, I believe strongly there needs to be a realisation of the entire ecosystem. All who are involved in the delivery of service should be aware of what is going on, and share information with others in the same or similar business: Registries with Registrars, and Registrars with Resellers.
Therefore, there is a need to communicate on a deeper level in order to fight abuse within national borders and internationally to increase joint effectiveness of the fight. The main problem arises because of the legal issues surrounding GDPR and integrity of registries. Currently, it's not even possible to share data with each other.
How can registries and registrars collaborate in fighting abuse?
Well, one thing that registries and registrars could focus on is registrant details, making sure that information is at least validated with a domain record containing the correct information for a domain owner. This way it's possible to help each other and reduce wasted effort trying to track down dead ends.
But if all the actors involved were to adopt one or possibly more of the widely published good practices then its highly likely as a collective effort we can reduce and effectively mitigate.
Is it possible to prevent abuse from happening? If so, how?
I would say that's not really realistic, but of course it is important to try. With the right tools and application, plus adherence to common good practices, I feel by monitoring and taking a proactive approach it's possible to reduce the amount.
Some of the research which has already conducted together with extensive analysis of the regulatory framework and good practices suggest we can all make a few improvements. Without delving too much into the technical aspects here are a few: improve DNS metadata research (for identifying resources and their attribution to intermediaries); improve quality of contact information by validating ID and email addresses and then report suspicious activities; mprove detection and mitigation of maliciously registered domain names by using tools; improve detection and mitigation of domains distributing malicious content; improve protection of DNS operations relating to the operation of the DNS and other infrastructures; improve DNS abuse awareness by training and knowledge building.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Would you like to learn more about the latest developments in the field of domain monitoring? Then join the free webinar "Developing domain monitoring strategy for registries and registrars" featuring:
- Rickard Vikström, Founder at DomainCrawler
- Danny Aerts, Senior Adviser at DomainCrawler
- Peter Van Roste, General Manager at CENTR
- Philip Du Bois, General Manager at DNS Belgium
The webinar will be conducted on April 27 at 16:00 CET. To find more details please visit https://domaincrawler.com/developing-domain-strategy-for-registries-and-registrars/
For press inquiries please contact
Volodymyr Holovash
+38 066 32 53 061
vova.holovash@domaincrawler.com
DomainCrawler is a leading B2B provider of quality domain and backlink data via easy-to-integrate solutions. With one of the most comprehensive and frequently updated databases in the world, DomainCrawler provides domain registries and registrars with the most accurate web data, allowing them to conduct thorough domain monitoring and abuse case management.
Tags: