February 2019 - Domains

Abuse Management for Domain Names

Katrin Ohlmer from DOTZON looks at how domain owners can monitor and prevent abuse of their domain name to protect themselves and their customers.

© yucelyilmaz | istockphoto.com

dotmagazine: In what ways are domain names vulnerable to abuse and security threats?

Katrin Ohlmer: Domains are based on the DNS, which is open “by design” and can be abused.

Often, we observe that Internet users are quite careless with domain names and, for example, click on links with fake domains. That’s risky though, because scammers will sometimes use fake versions of real businesses’ domains to trick Internet users into revealing personal information. We are thus of the opinion that knowledge about how to detect real and fake email addresses and domain names is a necessary part of digital education and should become common sense. 

dot: What impact does abuse have on the owner of the domain?

Ohlmer: Often, the owner does not even know that his or her domain is being used for abuse. That alone is bad enough, but in the worst case the owner can also lose access to the domain: If the registrar puts the domain on server-hold, the owner cannot use or update the owner data any more. 

In cases of immediate threats such as child porn, the domain can even be taken off the Internet.

Depending on the type of top-level domain, domain abuse is monitored on very different scales. All operators of the new top-level domains, which started being introduced in 2014, are required by ICANN to strictly monitor any abuse. Most operators take this obligation seriously and monitor the registered domain names under their top-level domain very closely indeed; only a few are late to the table. So usually, a domain owner whose domain is registered under one of the new top-level domains will be informed right away if the domain is being used abusively.

For operators of the country-code top-level domains (such as .de, .at or .ch) and generic top-level domains (such as .com, .info or .museum), there are no such obligations. The registry operators of these top-level domains have individual practices on how to handle abuse monitoring and management. 

dot: How do you see domain abuse developing in the future?

Ohlmer: We expect two developments:

Since the GDPR became effective in May 2018, personal data are not published in the public WHOIS database anymore and it has become pretty complicated to find out about the owner of a domain based on the WHOIS. 

If criminals register a domain name for their abusive activities, the WHOIS is not the source anymore to determine the contact data – criminals can hide behind the closed WHOIS. This might lead to an increased number of fraudulent activities based on domain names.

On the other hand, abuse monitoring of top-level domains has become state-of-the-art and resulted in a closer monitoring of bad actors than in previous years.

As more and more people get online, we expect that values will be defined as to how we as global citizens want to use the Internet.

dot: What should domain owners do to protect their domains?

Ohlmer: For everyone who wishes to register a domain name, we recommend that you make sure that the registry operator of the top-level domain monitors and manages abuse. If this is the case, you should also make sure that the registry operator regularly monitors all registered domains to prevent malicious actors from misusing domain names. If not, there are many other top-level domain operators available which take this issue seriously. 

Also, there are providers like DOTZON which offer the management and monitoring of domain names for bigger domain portfolios. Many operators of the new top-level domains make use of this solution if they haven’t developed the monitoring of abuse themselves. Thus, domain owners do not have to worry about potential abuse cases of their domains.

dot: How does the DOTZON Abuse solution work, and what impact does it have for businesses?

Ohlmer: The DOTZON Abuse solution permanently analyzes all registered domain names under a top-level domain. The system uses data from diverse sources and analyses abuse threats such as phishing, pharming, malware, spam, and botnets. Results of this analysis are archived according to European Data Protection Guidelines – the system is located in Germany. The DOTZON Abuse solution provides a monthly report with the results of the analysis and monitoring compliant with ICANN requirements. The DOTZON Abuse solution also provides individual reports in case of detected abuse. These reports contain all necessary information and data to act on the individual abuse case. Based on several years of experience in solving abuse cases, DOTZON has developed an abuse management process. The team at DOTZON manages abuse cases with the respective parties. The process and results of the management of individual abuse cases are documented in a report and provided to the registry.

Businesses can rest assured that the system monitors abuse and ensures that their domain names are not abused. In the rare case of abuse, the team takes care of this, and thus ensures the unspoilt reputation of domain names and the top-level domain.


Katrin Ohlmer is an expert in Internet governance, Internet infrastructure and digital brands. She is the founder and managing director of DOTZON, a consultancy specializing in developing digital brands and identities. She regularly speaks at international conferences and supports the Internet Governance Organization ICANN in developing policies which deal with the enhancement of the namespace on the Internet.

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.