Verisign has agreed to incorporate new rules regarding the takedown of abusive .com domains as part of its upcoming registry contract with ICANN. The proposed contract, now open for public comment, may have significant financial implications across the domain industry. It also introduces several technical changes in how the .com domain is managed.
One of the most critical updates is the introduction of stricter regulations on “DNS Abuse.” Under these new rules, Verisign is required to address abuse reports by either referring the issue to the domain’s registrar or by taking direct action itself. DNS Abuse is defined according to industry standards and includes practices such as malware, botnets, phishing, pharming, and spam, where spam serves as a delivery method for other abusive actions.
This language mirrors the enhanced DNS abuse stipulations that have been part of almost all other gTLD registry agreements since their updates in April. According to the updated agreement, if Verisign, as the registry operator, finds a domain is engaged in DNS Abuse based on actionable evidence, it must take prompt measures to mitigate or stop the abuse. This could involve referring the domain and relevant evidence to the sponsoring registrar or, where appropriate, taking direct action.
In the current .com contract, Verisign is only required to provide an abuse contact on its website, without any obligation to respond to abuse reports. Given that .com is one of the most abused TLDs in terms of domain volume, these changes are significant, even though newer and cheaper gTLDs often have a higher percentage of abusive registrations.
Additionally, Verisign will have a unique obligation compared to other registries — it must report to ICANN any cyber incidents, physical intrusions, or infrastructure damage affecting the .com registry. However, ICANN can only disclose the details of these incidents publicly with Verisign’s approval. Both parties have also agreed to collaborate on a process for public disclosure.
Verisign is also required to implement two long-standing IETF standards related to “Network Ingress Filtering,” which aim to mitigate denial-of-service attacks by blocking traffic from forged IP addresses. The contract is now available for public comment, inviting stakeholders to weigh in on the proposed changes.
