The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that country code top-level domain (ccTLD) operators will now be able to actively participate in the Domain Abuse Activity Reporting (DAAR) system. The ICANN organization invites all ccTLD operators to participate in the DAAR project to promote a greater understanding of DNS abuse across the global DNS.
ICANN’s DAAR system is used to study and report on domain name registration and security threat behavior across top-level domain (TLD) registries. The data is obtained from a curated list of Domain Name System (DNS) reputation providers.
Now, ccTLD operators can pull their own aggregated DAAR data via the Monitoring System Application Programing Interface (MoSAPI). The MoSAPI interface allows registry operators to retrieve information collected by the ICANN Service Level Agreement Monitoring (SLAM) system. While ccTLD operators will not be subject to the SLAs the SLAM system monitors, using MoSAPI would allow a consistent interface for all registries participating in DAAR.
The aggregated data counts security threats broken down by threat type (e.g., phishing, botnet command and control, malware distribution, and spam) per TLD. These data sets will be similar to those of the generic top-level domains (gTLDs) that are currently provided via MoSAPI. Having access to such data will enable ccTLD operators to monitor the DAAR security threat levels per threat type per month in the same way as gTLD operators.
For additional discussions regarding DAAR project data sharing and any other measurement of DNS security threats and abuse related topics, one could join the DNS-Abuse-Measurements mailing list. The ICANN DAAR webpage can be found here: https://www.icann.org/octo-ssr/daar.
ICANN helps coordinate and support unique Internet identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.