May 2022 - DNS | Security

Let’s End Counter-Productive Anti DNS Abuse Reporting

Natasha Pelham-Lacey from CleanDNS, on improving an imperfect system to lower the bar for reporting abuse and increasing takedowns.

Let’s End Counter-Productive Anti DNS Abuse Reporting-web

Copyright: ©IvelinRadkov| istockphoto.com

Bad guys already have it easy enough, why make things easier for them? Abuse complaints often receive “push back” due to unrealistic thresholds.  Why?

It’s not for lack of good intentions, as most industry professionals care about doing what’s right. They want to end online abuse and victimization wherever and whenever they occur. Yet, while it is unfair to accuse most folks of not caring, especially those who are inundated with immense volume, the inconsistencies we find when it comes to acting on evidenced complaints cry out for improvement.

 

No excuse: If it’s abuse cut it loose

It’s an all-too-common story, a conscientious company wants to do the right thing for its clients and its industry. In this case, stop abusive domains and minimize the associated malfeasance. The analysts begin with a very idealistic approach when it comes to calling out bad actors.

Before long, however, reality sets in. Cleaning up the Internet is not easy, even in cases where the abuse is painfully obvious. That there is a lack of consistency in dealing with abusive domains, plagued by nuance across the board, is an understatement.

For example, bulk registrations engaging in spam cannot be considered a big problem one day and then ignored the next. And people who send us screenshots of their inboxes filled with spam messages as evidence are right that we should be able to do something about it. Their attitude is, if you are a well-intentioned, reasonable human being, please make it stop. And they’re correct, we should be able to. Why then, is it so difficult?

Lower the bar, increase takedowns

First, there is such a thing as setting the bar too high and being too nitpicky when it comes to evidence of an abusive domain. If you require a person to send an impractical amount of evidence, they won’t. If standards of proof, or of reporting, are unrealistic, we will not succeed in taking things down. The abuses are going to keep happening and we will all come off as if we are not even trying, and that’s not the truth.

As the registrar or the registry, if you can see the evidence and the timestamps, you can address what’s going on without placing an undue burden on the entity making the complaint.  Consider a few other examples that shine a light on the at-times absurd requirements often implemented for acting against abusive domain names.

  • Requiring full message headers when you have a screenshot of an individual’s whole inbox loaded with spam;
  • Giving a domain that is reported for abuse, and registered less than 30 days, a chance to fix the issue (it's not going to – it’s malicious!);
  • Only acting on some but not all bulk registrations; more specifically, reviewing individual abusive bulk registrations and not the whole group;
  • Using "is it currently listed as abusive?" as a decision-making tool to determine whether you should act on a particular domain. Simply not being listed does not mean the abuse was remediated;
  • Playing favorites with DNS abuse reporting sources, such as not accepting reports from one, but accepting them from another;
  • Shifting an issue to another party when the first party has the authority or policy to act;
  • Arguing that a website that is clearly a phish is an issue of trademark or content;
  • Taking too long to remediate abuse.  At what point should a decision be made to protect internet users versus harming the site/domain/registrant?

We can all agree that the system is imperfect. Making it better begins with pointing out where there is obvious room for improvement. Furthermore, reporters of abuse should know that once they've reported it, it's in the queue. If the reporter could be confident that action will be taken as warranted, once they have reported it, they would (hopefully) stop repeatedly reporting it.

A reasonable approach to a better Internet begins with ‘us’

Each situation above, and there are many more, demonstrates an opportunity where standardization using a reasonable person’s judgment would be enormously helpful and save lots of time. Until we do something about that, we are giving the wrongdoers an advantage they don’t deserve or need.

Frankly, most of these points are so commonly known and discussed as to be cliches. Everyone agrees that these issues can be readily resolved. The involved parties want them resolved. Most of us share the goal of making the Internet a better place: Why make that goal so difficult to achieve? The bad actors have it easy enough, they don’t need our help.

CleanDNS is about cleaning up the Internet for good. We believe standardizing how to act against abuse, using a reasonable person’s judgment and following the rules, is the best way to achieve that goal. Correcting the challenges discussed above represents the first logical steps toward reducing the abuse and mitigating the victimization, all with the added benefit of saving lots of effort and creating a safer internet along the way.

 

Natasha Pelham-Lacey is a cyber security professional. She works with Registries and Registrars to help manage and mitigate their abuse. Natasha earned a Bachelor of Arts in Forensic Psychology, and a Cybersecurity Professional certificate from NJIT.

 

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.