How we handle domain abuse: a look behind the scenes
0 MIN READ TIME
Domain abuse is a growing concern – in April and May 2024 alone, ICANN received 1,558 complaints related to DNS and other types of abuse. At Openprovider, we take this issue very seriously. By using cutting-edge technologies (including AI and machine learning) and adhering to strict guidelines, we’re committed to mitigating DNS abuse and ensuring a safer internet. Here’s an inside look at how we handle domain abuse, straight from our experts: Marianna Siouti (Lead Product Manager Domains & DNS) and Akshay Rao (Business Analyst at Procys, Openprovider’s AI-focused sister company).
Protection against DNS abuse
Marianna: “At Openprovider, we’re primarily focused on tackling DNS abuse, which includes malware, botnets, phishing, pharming, and spam (when it’s used as a delivery method for other forms of DNS abuse). These efforts are guided by the CPH guidelines on abuse reporting.
One of the most effective ways to address these forms of DNS abuse is by taking action at the domain level. This means suspending the domain until the abuse has been addressed. In addition to DNS abuse, we also take firm action against domains involved in child abuse, and the sale of illegal drugs and opioids.
Other types of domain abuse, like website content abuse, often require intervention from hosting providers or registrants. In these cases, our role as a registrar is limited to informing our resellers and customers of the abuse. When it comes to Intellectual Property (trademark) infringements or other legal concerns, reporters must follow formal processes through entities like WIPO or local law enforcement. While this can be tedious, following the law is crucial to avoid unintended consequences, such as infringing on free speech or causing businesses to lose customers and damage their reputation.”
How do we find DNS abuse
“As an ICANN-accredited registrar, Openprovider has implemented proactive measures to handle abuse reports effectively,” says Marianna. “We offer forms and designated points of contact to allow law enforcement, cybersecurity organizations, and concerned individuals to report abuse. These forms guide users in providing all the necessary information for a thorough investigation.
In addition, we’ve implemented various account validations during sign-up and applied payment review rules to flag suspicious transactions. Payments are assigned risk scores based on industry benchmarks, helping us catch potential abuse early on. We’ve also put in place specific registration and contact validation systems to block fraudulent registrations before they become an issue.”
Tackling the biggest challenges in domain abuse
Managing abuse reports is a complex and often overwhelming task for registrars. “One of our biggest challenges is managing the sheer volume of abuse reports and accurately classifying them into the correct category, particularly when there is a dispute between the reporter and the domain holder,” says Marianna. “Many reporters are unfamiliar with the types of abuse that registrars can handle, leading to misdirected reports.
“To address this, we’ve integrated AI and automation into our abuse-handling strategy. These tools help us manage large volumes of reports more efficiently by automating the review process and ensuring that abuse reports reach the right inbox, whether it be a reseller or domain holder. For cases where we don’t manage the relationship with the domain holder directly, we respect our partners by informing them promptly, so they can resolve the issue with their customers.”
The role of AI in abuse detection and handling
AI is transforming all aspects of the domain industry – and protection against DNS attack is no difference. “When it comes to detecting abusive domains, we employ a hybrid approach, combining statistical rule-based models with data-driven insights,” says Akshay. “These models use heuristics and patterns from past domain behavior to flag suspicious domains. While we’ve experimented with more complex techniques like neural networks, we’ve found that combining human expertise with machine learning yields the best results. This hybrid model enhances detection accuracy while ensuring transparency—a key factor in maintaining trust with our customers.
Our AI system can scan and categorize incoming abuse reports, identify related domains and customers, and ensure that the reports reach the appropriate parties for further investigation. We’ve also developed rules that allow our resellers to respond to abuse reports in a structured way, enabling a smooth back-and-forth process between our abuse-handling team and resellers when needed.”
While AI poses new challenges to busineses, it also has the potential to give businesses the tools they need to proactively take control of their processes. “AI gives us an edge by offering flexibility that traditional rule-based systems lack”, says Akshay. “Where conventional methods rely on rigid rules, AI-powered systems can adapt to new and evolving threats. This allows us to catch edge cases, spot anomalies, and respond faster to large-scale data threats than we could with manual methods.”
“In terms of classification, we’ve established detailed internal guidelines and we conduct regular training sessions for our abuse-handling teams. These guidelines help teams quickly recognize various forms of abuse and act appropriately. By clearly outlining actionable evidence for each type of abuse, we’ve streamlined responses and reduced the need for escalation—although it remains an ongoing effort as new, complex cases continue to arise.”
Future predictions
As we continue to enhance our AI capabilities at Openrprovider, we believe that AI will play an even bigger role in the future, not just in abuse detection but also in owner verification processes. As regulations surrounding domain owner data accuracy become stricter, AI will be essential for keeping costs low while managing large volumes of domain registration data.
For the future, we’re also exploring advanced AI techniques, such as anomaly detection and unsupervised learning, to bolster our ability to detect more sophisticated forms of domain abuse.
Our general development roadmap focuses mostly on continuous system refinement. By adopting a continuous learning approach, we aim to keep our system proactive and resilient, ensuring that we can swiftly and accurately identify abusive domains, now and in the future.”
—
At Openprovider, we’e been at the forefront of domains for 20 years, and we are constantly evolving to stay ahead of the curve in combating domain abuse. By blending human expertise with innovative technology like AI, we strive to maintain a safer, more secure online space for everyone.
