Skip to main content
Resources

DNS Abuse Mitigation Program

(Last updated November 2025).

The Internet Corporation for Assigned Names and Numbers (ICANN) has established a Domain Name System (DNS) Abuse Mitigation Program. This program serves as a centralized platform for ICANN to address various aspects of DNS Abuse and aims to support the ICANN community in mitigating harmful activities associated with domain names.

DNS Abuse, as defined by ICANN, refers to:

  1. Botnets
  2. Malware
  3. Pharming
  4. Phishing
  5. Spam (when spam serves as a delivery mechanism for the forms of DNS Abuse listed above)

This set of harms was recognized by the ICANN Board as actionable elements of DNS Abuse for ICANN, and aligns with the 5 April 2024 amendments to the Registrar Accreditation Agreement (RAA) and the Base Generic Top-Level Domains (gTLD) Registry Agreement regarding DNS Abuse mitigation obligations.

Addressing the Issue

ICANN org strives to combat DNS Abuse in accordance with ICANN Bylaws, and policies. An ICANN cross-functional team supports a three-pronged approach to combating DNS Abuse. This includes:

  1. Contributing data and expertise to fact-based discussions.
  2. Providing tools to the ICANN community.
  3. Enforcing contractual obligations with registries and registrars.

ICANN coordinates the allocation and assignment of names in the DNS root zone. It also develops and coordinates the implementation of policies for registering second-level domain names in generic top-level domains when coordinated or uniform resolution is needed to help keep the DNS open, interoperable, secure, stable, and resilient. In performing this function, ICANN is focused on DNS-level activities and actions. ICANN's Bylaws expressly prohibit ICANN from imposing rules and restrictions on services that use the Internet's unique identifiers or the content that such services carry or provide, except in narrow circumstances set out in the ICANN Bylaws.

Contributing Data and Expertise to Fact-Based Discussions

ICANN Domain Metrica aims to improve the way domain data is captured, measured, and analyzed. Built to evolve over time to incorporate new data sources, measurement methodologies, and metrics, the platform provides information on many aspects of domains, and groups of domains. Learn more in the ICANN Domain Metrica brochure.

ICANN's Identifier Technology Health Indicators (ITHI), or ITHI Metrics, also provide a way to analyze trends in DNS security threats for the community. For more information, visit the ITHI webpage.

Capacity development and training includes the DNS ecosystem security offerings on ICANN Learn, as well as virtual and in-person training delivered by the ICANN's Office of the Chief Technology Officer (OCTO) Technical Engagement and Global Stakeholder Engagement teams, and in collaboration with community partners.

Providing Tools to the ICANN Community

Inferential Analysis of Maliciously Registered Domains (INFERMAL) is an ICANN-funded project aimed at exploring attackers' preferences regarding DNS Abuse. Cybercriminals often register domains to launch Internet-scale attacks, including phishing, malware distribution, and spam campaigns. Various factors may influence why these bad actors prefer certain registrars over others. INFERMAL is the first study to systematically analyze these preferences. After two years of rigorous research, the final report is now available, exploring key findings and recommendations that can inform registrars, registries, and the wider Internet community.

Generic Names Supporting Organization (GNSO) policy development was anticipated as an additional mitigation against DNS Abuse, as the contractual amendments were being developed. The GNSO has requested an Issue Report on DNS Abuse, the necessary first step in initiating a Policy Development Process (PDP). The data, expertise, and additional tools established by ICANN will aid the PDP in its efforts to further mitigate DNS Abuse.

The Special Interest Forums on Technology (SIFT) is an online discussion platform that provides an ad hoc forum for the ICANN community and org. They use this forum to engage in technical discussions and review contributions by interested technical participants on emerging technologies and trends related to the Internet's identifier system. This includes domain names and the DNS, Internet Protocol (IP) addresses, autonomous system numbers, and various protocol parameter assignments. More information about SIFT can be found here.

Resources for Registries and Registrars

Resources for End Users

After a reporter has submitted an abuse complaint to the registrar of record regarding the abuse of a domain name in a gTLD, and after a reasonable time, if the reporter believes the registrar did not fulfill its obligations according to the Registrar Accreditation Agreement (see Section 3.18), then the reporter may file a complaint with ICANN Contractual Compliance here: abuse involving a domain name. For more information on abuse complaint handling, visit the ICANN Contractual Compliance Handling Report webpage.

Enforcing Contractual Obligations with Registries and Registrars

ICANN Contractual Compliance (Compliance) enforces the contractual obligations set forth in ICANN's policies and agreements, including the Base Registry Agreement (Base RA) and the Registrar Accreditation Agreement (RAA). The abuse-related provisions enforced by Compliance include Specification 6 Section 4 of the Base RA and Section 3.18 of the RAA which, since 5 April 2024, contain requirements for registry operators and registrars to take mitigation actions against well-evidenced DNS Abuse. Compliance enforces these requirements, and all other obligations across all ICANN's policies and agreements, through the processing of external complaints and by conducting certain proactive monitoring activities and regularly scheduled audits. Additional information about Compliance's Audit Program can be found on the Contractual Compliance Audit Program webpage.

Additionally, Compliance publishes monthly reports with information about complaints received and related enforcement actions. These include reports dedicated to the enforcement of DNS Abuse requirements that are updated every month.

More information about the interpretation and enforcement of the DNS Abuse requirements can be found by reviewing the Advisory: Compliance With DNS Abuse Obligations in the Registrar Accreditation Agreement and the Registry Agreement.

Compliance has also published "Submitting DNS Abuse Complaints To ICANN: A Step-by-Step Guide", which provides clear instructions for submitting actionable DNS Abuse complaints to ICANN. We invite you to read it and learn more about how to engage with ICANN's enforcement processes.

Latest Publications

2025 Publications
2024 Publications
2023 Publications
2022 Publications
2021 Publications
2020 Publications

If you have questions about ICANN's program, please direct them to globalsupport@icann.org.

Archive

DNS Abuse Mitigation Program (October 2024)

DNS Security Threat Mitigation Program (September 2024)

DNS Security Threat Mitigation Program (April 2023)

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."