DAAR – ICANN’s Domain Abuse Activity Reporting Project

DAAR – ICANN’s Domain Abuse Activity Reporting Project

There was another part of ICANN I was interested in, which there was much community interest in. That was the DAAR system, which stands for Domain Abuse Activity Reporting and is currently being developed by the Office of the Chief Technology Officer (OCTO) at ICANN.

To boil it down quickly, it takes a number of the abuse lists that a lot of people use for Mal servers, etc. and combined all that information into one place for “statistical” monitoring at this stage. One of the eventual aims of this project could be to be able to enable ICANN compliance to react far more quickly to issues or to allow service providers access to these lists to help reduce the number of malware, phishing and spam operations out there.

Now that all sounds fine and dandy until you start to comprehend the issue. ICANN is combining many different lists from Spamhaus to phishing lists together to form this list. And while you might use an RBL (Real-time Black LIst) on your mail server, denying DNS to domains ultimately could become a serious nightmare.

As a web host provider in a previous life, I cannot tell you the number of times innocent customers have had their sites hacked or cracked to pieces, and then malware or phishing sites uploaded. Now they have no clue about this until somebody comes along and suspends their service and then they get told to clean shop. The real issue, in this case, is end users not understanding the significance of keeping their software up to date and then having it cracked wide open.

In the scenario above, the domain would be removed entirely from the DNS system – which is pretty extreme. Yes, people are going to be safe from phishing on this particular domain, but it does nothing for the reputation of the web host provider and their customer who are going to get into argy-bargy over it. And in my view, there is no point in trying to lay this at the feet of the service provider. Because no matter how many sophisticated systems you have installed, there will always be those who just want them turned off for the sake of convenience. It has to be a provider-wide effort to get this under control.

While I have not yet looked into every single list that is being aggregated, I hope that ICANN has NOT included anybody who makes you pay money to delist. I have always had a policy; I am not paying to delist – go fly a kite. I think once, and only once I did it – and I was not impressed with myself by the end of it. We ended up back on ye olde blacklist almost straight away because a rouge piece of spam got through or something ( a long time ago now).

And another issue with these sorts of lists, a web hosting provider or domain name registrar/registry – it is essential for us to have evidence and faith in the system before acting on it. What if their domain or hosting is suspended hours after the initial breach and the customer have already cleaned up shop? Overkill, not to mention puts a significant strain on the provider and may potentially activate legal ramifications. If I am going to suspend a domain or web hosting, you had better believe I am going to have checked it before I click the magical button to stop a customers service in its tracks. That’s just not being fair; it’s common sense!

I do think it has a great future, we just need to make sure it’s adequately thought through and implemented before unleashing upon the unsuspecting masses, and it is left up to the end service providers to mop up the mess.

If you are interested in the project, you can find more details by following the link below.