The Zero-abuse naming space proposition

Whilst not commonly stated as a key driver behind the launch of the new gTLD programme over a decade ago, there was growing pressure on all stakeholders within the domain name industry to do something about domain abuse.  Abuse has a wide and a narrow definition in the online space – for instance there has been numerous, heated, debates over the years on the issue of what constitutes free speech where the line is in terms of abuse in terms of content. But abuse also means the actions of individuals in using domain names for the purposes of fraud and associated nefarious activities, which was a growing concern for brand holders, consumers, and governing bodies.

The consensual approach of the ICANN community considered the issue of domain name abuse and the responsibilities for mitigating it during the preparation for the first application round.  After much debate, the Applicant Guidebook, the single source of truth for how new gTLDs, including dotBrands, should be managed, defined the registry operator responsibilities for the management of abuse. Whilst there still would remain an accountability and responsibility on the registrars to be monitoring and taking action against registrations that both infringed intellectual property and posed harm to the wider internet community, ensuring that registry operators were on top of how domain names within their zone were being used was seen as a key requirement of the registry agreement.

The criteria laid out in the guidebook included the provision that all registry operators had to proactively scan the domains in their zone to ensure they are not being used for abusive purposes, including for the distribution of spam, malware, and bot nets, hosting intellectual property infringing material or being used for any other abusive purpose. For open gTLDs that utilised the accredited registrar network that could mean having to monitor millions of domain names, and there’s probably little surprise that levels of abuse in some gTLDs which have followed a (very) low-cost pricing model, or have been heavily discounted as part of promotions, have been those that have led to concern that abuse monitoring isn’t as effective as it could or should be.

Despite the restrictions on who could register domains as laid out in section 13 of the Applicant Guidebook on what defines a dotBrand TLD, the same level of abuse monitoring is required as if it was an open gTLD.  With a much smaller zone to monitor (it is worth noting that currently approximately half of the current delegated dotBrands have three or less domain names registered), the monitoring process is much easier but still as important not just for the wider intellectual property community but for the brand holder themselves in being able to claim they operate a Zero Abuse Name Space.

So why is operating a zero-abuse name space so important today and in the future?

Any brand holder who registers gTLDs and ccTLDs does so through a registrar or a reseller, who in turn will have a connection to the registry operator for that TLD.  The brand holder has no control over the checks and balances in place for an individual TLD in terms of monitoring for abusive registrations.  According to Spamhaus in their Top 10 Most Abused Top-Level Domains list, some TLDs have a “badness” rating of over 60%.

Whilst it would be unfair to say a brand holder is guilty by association if an organisation is actively using domain names under a TLD that has high levels of abuse registrations, web users may not be so forgiving and may actively avoid some websites using certain TLDs.

This is where organisations that own a dotBrand TLD have a significant advantage.  Because each dotBrand registry owner controls the registration process for each and every domain, they register, they can easily, and confidently monitor how they are used.  The brand holder has complete accountability and responsibility for the content.  This means that anyone engaging with the organisation, through their websites using a dotBrand domain name, they can have complete confidence they are interacting with the genuine brand holder, and that any risk of malware or any other domain-related nasties is mitigated again.

It may seem relatively obvious that if an organisation runs a dotBrand Top-Level Domain, it will be a zero-abuse domain space and consequently brand holder community has been lobbying ICANN in the last few years, as part of the first-round review working groups and through other channels to remove the need for dotBrand holders to continue to monitor for abuse in their zones in the future. The Generic Names Supporting Organization (GNSO) had argued that single-registrant TLDs (dotBrands) do not suffer abuse and thus it is an unnecessary cost and process, but the ICANN board said this could lead to abuse from compromised domains going unaddressed.

“The Board concludes that Recommendation 9.2, if implemented, could lead to DNS abuse for second-level registrations in a single-registrant TLD going unaddressed, unobserved, and unmitigated,” it said, effectively signalling that in the updated Applicant Guidebook, abuse monitoring will still be a necessity, whether a TLD is being operated as a generic, closed, IDN, community or dotBrand Top-Level Domain.

So, whilst this does mean there is a small burden for dotBrand holders to continue to monitor their zone, and submit reports to ICANN on a periodic basis, it is a very small ask considering the impact and benefit proving that each dotBrand registry operator is running a zero-abuse name space.