Login:
Password:
Registrars who want to carry out operations on domain names or to view their invoices have to connect to the new Afnic ccTLDs management web interface

What are the possible actions against domain name abuses?

13 September 2018 - By Stéphane Bortemeyer

Last week we detailed the various things that are grouped under the name of "fraudulent or abusive use" in domain name management.Let's take a look at the various measures that the registry can consider taking when faced with such fraudulent activity.

There are several important points to keep in mind:

The registry is not necessarily responsible for fraudulent or abusive use of domain names by registrants. On the contrary, registration rules often specify that the registrant is solely responsible.

That responsibility can be difficult to assess. For example, if a company's website is hacked, which is a relatively commonplace occurrence, and a phishing site is installed on it, is it fair to delete the domain name? And if a name is used for spam, given the lack of authentication of email, should we take action against the registrant of the name, when the latter cannot do much? We therefore have to avoid behaving like the superheroes of American films, who shoot first and think afterwards.

There is no magic technical solution to solve all of these problems at once, without causing any inconvenience.

It is important that the registry takes action, both because of its contractual obligations, and also to maintain its reputation. A registry that is perceived, rightly or wrongly, as a haven for criminals would risk seeing its domain names frequently blocked, as suggested by Brian Krebs in a recent article. But the registry must not act without thinking, for example by deleting innocent domain names without good reason.

An important part of a registry's work involves the monitoring of "black" lists, managed by various stakeholders, which list addresses or domain names that are problematic in one way or another. Regular monitoring of these lists can alert the registry, for example, that criminals have suddenly decided to make massive use of its TLD.

Among the measures that are possible, the register must first read the reports addressed to it. This is not as simple as it sounds, because a large majority of these reports are too vague, do not always concern the registry (hacking a website in a delegated subdomain), written in excessively brutal terms, or claim things that are impossible, such as the application of an untranslated ruling by a foreign court. Nevertheless, the degree to which the register is seen to be responsive depends very much on the response it provides to reports of this type.

The registry can also enable DNSSEC security technology, and encourage its customers to use it. It is important to understand that DNSSEC does not protect against all the types of fraudulent activity mentioned above. But it would have protected, for example, MyEtherWallet from being hacked, which also activated DNSSEC after the attack occurred.

Finally, the registry can check the social data submitted when registering a domain name, such as verifying that the city indicated in the address exists in the country in question. (Such verifications are tricky, especially in an international environment, because there may be more than one way of spelling the name of a city.)

Our abuse detection service: Abuse Report

Abuse Report is an Afnic service which compares the list of domain names registered in a TLD with certain databases of domain names used for malicious purposes (Spamhaus, Google Safebrowsing, SURBL).

Abuse Report has two main functions:

Sending, by e-mail, an alert to the registry, to the registrar and to the registrant if potential fraudulent or abusive use of a domain name has been detected,

Sending a monthly report to the registry detailing the potential abusive activity in the previous month.

The monthly report includes the following data:

An overview of the registry's activity in terms of abusive use (number of domains, number of potential abusive uses detected in the month, number of abusive uses per type of abuse, per abuse base, etc.),
The distribution per registrar,
The history file of fraudulent activity over the past 12 months, and the history file of types of fraudulent activity over the past 12 months,
The types of actions performed. By default, the report is sent by mail to the registry and to the registrars. On option: sends a message to registrants. The message indicates the exact data related to the domains that are the subject of potential fraudulent use (domain, date of creation, date of detection, age of the domain, abuse base in which the domain was detected),
A glossary that details the abuse bases monitored by the Abuse Report service, as well as a definition of the types of fraudulent use detected and the actions taken into account.

Discover Abuse Report in detail

Lire cette ressource en français Top of the page

Stéphane Bortzmeyer

Ingénieur R&D

Twitter

Is this domain
available ?

News

October 19, 2020 Webinar ‘How to create and test your DNS-over-TLS and DNS-over-HTTPS (DoT/DoH)...
September 29, 2020 Results of the 2020 Registrar client satisfaction survey
September 28, 2020 Global Citizens' Dialogue, France Edition
September 10, 2020 Forum Afnic - Domain names: protecting against and reacting in response to abuse...
September 2, 2020 .fr turns 34!

See all news

Tweets de @AFNIC

The .fr TLD Sector-based .fr domains Become a Registrar	The .re TLD Become a Registrar and help develop the .re ccTLD	Other French TLDs (top level domains)	FRWATCH
Services Whois Data Access Qualified Service (SQUAW) .FR Lock .FR Performance DNSSEC Whois IDN convertor Daily list of registered domain names	Afnic Consulting Marketing strategy and Sales Competitive Intelligence DNSSEC expertise New TLD opportunity assessment IPv6 expertise DNS Expertise Secure your domain name portfolio New TLD preparation ICANN Compliance, institutional and regulatory monitoring	New gTLDs : Registry solutions Abuse Report	FRWATCH

Presentation AFNIC key dates Orgaization Directors Committee Excellence Afnic’s missions and 2020-2022 strategic focuses Members	Organisation Consultative Committees International cooperation Become a member of Afnic Articles of Association Rules of Procedure Afnic Board International College	News General news Operations news	How to come to Afnic
Recruitment Jobs & Training Our values Job Offers	Press Room Media Library Press kits	Calendar
Contact

Public Consultations EXPERTS WIPO ADR / Public Consultation Opening of domain names with 1 or 2 characters / Public Consultation	Reference Processing of Registrant personal data Charters Registry policies Technical guidebooks Registry policies deployment Legal framework	Statistics Quality of service performance Detailed data on domain names	Videos Subscriptions and social networks Afnic Newsletter
Publications Viewpoints Scientific Council The .fr is turning 25 Annual reports Studies Reports of meetings of governing and consultative bodies Practical Guides French Domain Name Industry Report Issue Papers Legal brochures	Blog About the attack on French ISPs’ DNS resolvers Using Afnic open data : example with the term COVID Hosting a domain name with compound characters Eligibility of a holder located in the United Kingdom post Brexit Can compound characters be used in a domain name? Functioning of Afnic during lockdown Which Top Level Domains have an IP address? Lala Andriamampianina, may you rest in peace Resolutions for 2020: Afnic goes elliptic 6 tips to prevent your website from being hacked In search of low-cost nTLDs Exploring the city through the .paris community .org - an alternative perspective Looking back on the success of the first meeting of the Cercle des .marque Key success factors for Internet extensions: an evaluation grid [Video] Conclusions on the Internet Governance Forum (IGF) France 2019 A brief example of using Afnic Open Data Food for thought on the "new TLD" business models 30 years of success and danger: the Web, URLs and the future [Success stories] Strengthen your infrastructure to suit your ambitions February 1, 2019: is the DNS going to shake? [Success stories] They chose to have their own TLD [Success stories] .museum, how a historic Internet suffix was revived The main steps in effectively launching your .brand 6 secrets on how to improve the renewal of domain names [Video] Back to IGF 2018 in Paris A .BRAND to enhance customer experience Afnic commits to DNS security at the international level Replacement of the KSK of the root zone: Are you ready? How the SNCF implemented its new digital strategy with oui.sncf Franco-Dutch research project on automatic classification of domain name abuse The auditive memorization of domain names What are the possible actions against domain name abuses? Identity theft by domain name: what Afnic does Cybersquatting, Spam, Phishing… the different types of domain name abuses [Video] Review of the French Internet Governance Forum 2018 Custom Internet extensions: the opportunities for brands How to avoid inadmissibility in the SYRELI procedure Which English terms are most used in .FR domain names? Domain name security, the example of cryptocurrencies What are the terms most used in .fr domain names? Personality test: Are you ready for GDPR? Do GeoTLDs like .alsace have an effect on local SEO? The 11 vital locations to display your domain name! What means of action for a Right-holder ineligible under the Naming Policy? Domain name litigation: the recognition of an AOC rights in the SYRELI procedure Why choose a domain name under a geoTLD? Afnic, a community first and foremost! The defense of personality rights in the SYRELI procedure When will the next round of the new gTLDs take place? A million good reasons for coming to the Afnic Forum... Yeti DNS-over-TLS public resolver 2016, the beginning of a new cycle for Afnic .fr has just passed the 3 million domain names milestone My experience inside the Afnic Legal Department Future of ICANN Privatization? Internationalization? Supervision? Excellence at Afnic - Our coming-out Speech at the transmittal of the IANA Stewardship Transition Plan Exclusive offer: 100% money back on your domain name*! 8 tips for choosing the right domain name IPv6 and DNSSEC are respectively 20 and 19 years old. Same fight and challenges? L.45-2 paragraph 1 of the CPCE: When a domain name disrupts the French law How to avoid getting your domain name stolen by email? Accountability and IANA transition: behind the scenes Stop selling domain names! abc.xyz : erratum.xyz A comprehensive approach to French regional branding abc.xyz : Meanwhile, back in France… abc.xyz: Why not alphabet.com? (The conspiracy theory version) abc.xyz : The controversial success of .xyz Corporate Communications, Constant Crisis abc.xyz : Why not alphabet.com ? alphabet.xyz : How Alphabet got its domain name abc.xyz : Don't worry, we're still getting used to the name too! IANA transition crosses a major milestone in Buenos Aires A day in the life of the Icann empowered community IANA transition : the machine is moving, but the deadline is approaching Corporate Social Responsibility and the DNA of ccTLDs China Changing in Leaps and Bounds Towards a less intrusive DNS ICANN: what does accountability stand for? ICANN Singapore. A debate at the other end of the world ICANN Reform, or opening Pandora's box Internet Governance Forum: What is to be done? Slam spam! Icann : freeze ! Scams and identity theft, the experience of a SYRELI reporter French Regional Reform Does Not Mean the End of GeoTLDs Lessons Learnt from NETmundial Suggestions for a successful IANA transition Wind of change at Afnic! Back to the future of the Afnic Legal Service The US Backs ICANN for Internet Governance Should the registrars streamline their gTLD strategy? The IANA elephant in the room 2014 : change of course for the naming system Why do regions want a place online? What can Afnic do? Internet governance: let’s get to work!	FAQ General FAQ Registrar FAQ
Glossary	Certificates