Since the introduction of the new Domain Name System (DNS) Abuse mitigation requirements in April 2024, ICANN Contractual Compliance has taken a multifaceted approach to enforcement that blends complaint-driven investigations with proactive and audit-related actions.
Key Achievements
Between 5 April 2024 and 5 August 2025, we initiated 400 investigations related to the new DNS Abuse mitigation requirements. We issued four formal Notices of Breach and launched targeted audits of registries and registrars, with a strong emphasis on these requirements.
As a direct result of our actions, nearly 20,000 malicious domain names were mitigated. More importantly, our enforcement efforts prompted multiple registrars and registries to develop systems and processes for ongoing compliance that led to the mitigation of hundreds of thousands of additional domains. It's impossible to quantify the full scope of harm prevented by these measures implemented to comply with the new requirements; however, an example of these actions can be found in a previous blog post and webinar update.
How Enforcement Works
Our enforcement efforts follow two channels:
- Informal Process: Most cases are resolved here. We contact the contracted party, request evidence of compliance or remediation, and track the resolution. The details of these actions are not public; they are reported monthly in aggregate.
- Formal Process: If informal engagement fails, we issue a public Notice of Breach, which may escalate to suspension or termination of the agreement.
Both processes adhere to established procedures, ensuring thoroughness, fairness, and transparency.
Remediation: Addressing Root Causes
A cornerstone of our approach is requesting remediation plans, where needed, to address the underlying causes of noncompliance. These plans go beyond the individual cases and often involve enhancing abuse contact systems or revamping abuse-handling procedures. Between April 2024 and August 2025, 31 remediation plans related to DNS Abuse requirements were completed, while others are still in development. We continue to monitor these plans.
Challenges and Looking Forward
One ongoing challenge is the volume of invalid or incomplete complaints we receive. Many fall outside our remit or lack sufficient detail for action. Processing non-actionable complaints consumes considerable Contractual Compliance time and resources. We are preparing to publish clear guidelines translated into multiple languages to help users submit actionable complaints. Our team also provides direct guidance to complainants and is exploring new ways to streamline the complaint submission process.
Looking ahead, we are developing a more structured and proactive enforcement framework to complement our current complaint-based and audit-driven activities.
We are also following the community's ongoing commitment to combating DNS Abuse, including the recent Preliminary Issue Report on a Policy Development Process (PDP) on DNS Abuse Mitigation. If the Generic Names Supporting Organization Council initiates a PDP, we will provide input as appropriate to ensure that any new requirements are clear and enforceable. We will continue to vigorously enforce existing requirements and ensure adequate resources to enforce any new community-developed requirements.
