Introducing the Identity Digital, Anti-Abuse Report

At Identity Digital, we work hard to foster a healthy, functional and trustworthy Internet, playing our role in ensuring a secure, safe and resilient domain name system (DNS). As an original drafter and signatory of the Framework to Address Abuse, Identity Digital has always taken an active and consistent approach to remedying abuse of the Domain Name System (DNS Abuse).  To that end, we invest a significant amount of time and resources to identify, understand, and disrupt DNS Abuse occurring within the Identity Digital portfolio of top-level domains, including doing significant analysis on the reports and evidence we find.  Today we publish our first Anti-Abuse Report so that we can actively share our data and related statistics.  We hope you find it as interesting as we do and look forward to your input on how we can all work together toward a better DNS.

Our first report covers these three areas:

• DNS Abuse Actions  

The principal focus of our anti-abuse reporting relates to how we handle DNS Abuse identified in our top-level domains, including how we collaborate with our registrar partners, trusted notifiers, and end users (in more limited circumstances).

• Data Disclosure Request Statistics

These statistics relate to requests we receive for the release of registrant data through our data request resources. These resources have been built to account for the introduction of the European Union’s General Data Protection Regulation (GDPR) and similar data privacy regulations from other jurisdictions.

• Law Enforcement and Other Government Request Statistics

These statistics relate to requests from law enforcement and other government requests for our intervention. These include court orders, or other specific requests from applicable government entities with verified, specific, and stated authority.

Why publish statistics on DNS Abuse management matters?

As a registry operator there are only a limited set of actions we can take to address DNS Abuse. The most severe action, which is also the most imprecise, is to “suspend” the domain in question.  This stops the domain and all associated services from resolving (i.e., connecting) on the internet.

Given the severity and lack of precision with a domain suspension, there can be significant, far-reaching, and unintended consequences.  Not only will websites using that domain cease to be accessible, but any email addresses, applications, or software using that domain also will become critically impaired. For example, suspending a “marketplace” domain because of a verified report of an illegal or abusive product may at first seem appropriate, but given the impact on other legitimate users of the domain and the enterprise as a whole, it may not at all be proportional or appropriate.  In other instances when a domain appears to be registered entirely for the purpose of DNS Abuse, a domain suspension may be appropriate and proportional.  Accordingly, we do not take the action to suspend lightly; however, when we do believe the registry is the appropriate party to intervene, then we do so, as quickly as we can. By publishing our statistics on DNS Abuse and how we handle such abuse, we hope to provide insight both into our actions and our decision-making process.

We are very happy to present our Anti-Abuse Report. We plan to publish these reports periodically. We hope you find these reports both comprehensive and comprehensible.  With that in mind, if you have questions or suggestions on how we may improve our reports, please contact us at compliance@identity.digital.

¹ For information on what Trusted Notifiers in the context of our business, please see:
https://www.rysq.info/wp-contenUuploads/archive/Final-CPH-Notifier-Framework-6-0ctober-2021.pdf

² https://identity.digital/abouUpolicies/whois-layered-access/

‍