Internet has turned 50 years old and many people are unaware that the domain name system (DNS) supports the ability of the network to connect to its users and devices. This system is crucial for Internet’s growth because it is the basis in cybersecurity and, of course, just as the Internet, it is not immune to abuse.
The main domain name registries and registrars published a joint document on how to address DNS abuse. In the text they mention five categories of harmful activity; and according to the extent on how they intersect with the DNS, they are classified as: malware, botnets, phishing, pharming and spam (when it serves as a delivery mechanism for the other forms of DNS abuse).
In the same publication, they provide the definitions for each of these activities, in accordance with the approaches, standards, criteria and operational mechanisms of the network of jurisdictional and Internet policies:
Malware: is a malicious software, installed on a device without the user’s consent, that interrupts the operations of the device, collects confidential information and / or obtains access to private computer systems.
Botnets: they are collections of computers connected to the Internet that have been infected with malware and have been ordered to perform activities under the control of a remote administrator.
Phishing: or phishing, occurs when an attacker tricks a victim into revealing confidential personal, corporate or financial information, either by sending fraudulent or “similar” emails, or by attracting end users to websites of imitation.
Pharming: is the redirection of unknown users to fraudulent sites or services, usually through DNS hijacking or poisoning. Phishing differs from pharming in that the latter implies modifying DNS entries, while the former tricks users into entering personal information.
Spam: It is unsolicited bulk email, where the recipient has not granted permission for the message to be sent, and where the message was sent as part of a larger collection of messages, all with substantially identical content. While spam alone is not DNS abuse, it was included in the five key forms of DNS abuse when it is used as a delivery mechanism for the other four forms.
What to do when DNS abuse is detected?
In many cases, users want to report a specific section or post of a web page. And requesting to disable a domain name is a powerful action that does not only affect a section of a website but includes blocking any service linked to it.
That is why, the person who wishes to claim any form of DNS abuse must exhaust its resources with the “Parties that can remove the content” before it reaches the reseller (if applicable), the registrar and / or the registry (in that order). Since these operators should have the ability to remove content without interrupting the service for a fully qualified domain name.
Because a registry or registrar can only disable a full domain name, we must balance the damage a claimant faces with potential damage to the registrant and also against damages to other potentially valid and possibly critical domain name uses. A claimant must first work with the site operator, the registrant or the hosting provider to remove the content, instead of causing possible collateral damage when acting through the DNS.
Our clients recommend us:
“Because in organization they are the best, best service, efficiency. In addition, the .gt domain is to identify Guatemalan websites in the world”. – Municipality of El Chal, Petén.