Building Better Tools: ICANN81 Updates on ICANN Domain Metrica and INFERMALMukesh ChulaniSiôn LloydSamaneh Tajalizadehkhoob, Ph.D.

During the ICANN81 meeting in Istanbul, we held a session to introduce ICANN Domain Metrica and present findings of the ICANN-funded project, Inferential Analysis of Maliciously Registered Domains (INFERMAL) to the community. The session was well attended and not even a temporary loss of power could prevent a full house, demonstrating the importance of Domain Name System (DNS) Abuse to the ICANN community. (Yes, we've also made a note to book a larger room for future updates.)

This session was one in a number of recent interactions with various parties about ICANN Domain Metrica. Through the recently completed pilot testing with volunteer beta users, and numerous meetings and one-on-one conversations in Istanbul and beyond, the project team has uncovered a host of valuable insights.

The feedback that we have gained to date is already shaping how we move forward and prioritize future features. There were a few recurring themes, which we will be addressing either directly within ICANN Domain Metrica itself or, where appropriate, in our FAQs.

The first update we will make based on the feedback received is the temporary removal of spam as a reported metric. This will be done prior to the general availability release of ICANN Domain Metrica, which is expected in January 2025. The current version of ICANN Domain Metrica utilizes a definition of spam that is different than the one noted in ICANN's contracts with registries and registrars, so we are now working to align the two.

In its current form, ICANN Domain Metrica only includes data from gTLDs. However, some ccTLDs have expressed an interest in also being included, and we would like to accommodate them. To this end, we have been engaging with the ccTLD community using a platform provided by the ccNSO's DNS Abuse Standing Committee. That engagement is still in progress and will shape how this data will be included in ICANN Domain Metrica.

The feedback mentioned above also reveals a desire to explore trends in domain name misuse. Therefore, we are focusing our research on developing metrics on abuse uptime, including a categorization of whether a suspicious domain has been registered maliciously or is compromised. We also are looking at how we can address concerns about giving ICANN Domain Metrica users more detail on the actual domains that appear in the data behind ICANN Domain Metrica, while remaining within contractual limitations with the data source providers.

We are excited to announce that the INFERMAL project has concluded and its final report has been published. Anyone who attended the ICANN81 DNS Abuse Update session will likely recall how we had to cut the discussion short due to the time we lost to the power issues. The projects' lead coordinator, Professor Maciej Korczyński, had the opportunity to briefly share the study's findings on factors that contribute to certain registrars and top-level domains being more attractive to cybercriminals engaged in phishing domains. We plan to hold a follow-up webinar in the new year to allow for further discussion. Do keep an eye on the ICANN website for future updates.

We look forward to your continued engagement to help us shape the future of these initiatives and offer data-driven insights on DNS Abuse trends to the community. For more information on ICANN's ongoing efforts to combat DNS Abuse, visit ICANN's DNS Abuse Mitigation Program page.