HomeAbout VerisignCombating DNS Abuse

Combating DNS Abuse

Keeping the Domain Name System Safe

At Verisign, we are committed to contributing to a secure, stable, and resilient internet. We take our responsibilities seriously, and that means being committed to addressing Domain Name System (DNS) Abuse at the registry level.

What Is DNS Abuse?

DNS Abuse is defined by the Internet Corporation for Assigned Names and Numbers (ICANN) as being "composed of five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam when spam serves as a delivery mechanism for those other forms of DNS [A]buse."1

Malware

Malware is malicious software, installed and/or executed on a device without the user’s consent, which disrupts the device’s operations, gathers sensitive information, and/or gains access to private computer systems. Malware includes viruses, spyware, ransomware, and other unwanted software.

Botnets

Botnets are collections of internet-connected computers that have been infected with malware and can be commanded to perform activities under the control of a remote attacker.

Phishing

Phishing occurs when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g., account numbers, login IDs, passwords), whether through sending fraudulent or “look-alike” emails, or luring end users to copycat websites. Some phishing campaigns aim to persuade the user to install malware.

Pharming

Pharming is the redirection of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. DNS hijacking can occur when attackers use malware to redirect victims to the perpetrator’s site instead of the one initially requested. DNS poisoning causes a DNS server or resolver to respond with a false IP address bearing malware. Phishing differs from pharming in that pharming involves modifying DNS entries, while phishing tricks users into entering personal information.

Spam

Spam is unsolicited bulk email, where the recipient has not granted permission for the message to be sent, and where the message was sent as part of a larger collection of messages, all having substantively identical content. Spam is considered DNS Abuse when it serves as a delivery mechanism for the other forms of DNS Abuse.

How Does Verisign Help?

Verisign works actively in a number of settings to continually develop ways to combat DNS Abuse. We have entered into a binding letter of intent with ICANN, which underlines our commitment to tackling online security threats, including developing best practices and educating the internet community. We also conduct ongoing technical analysis to help assess whether domain names are being used to perpetrate infrastructure-based DNS Abuse.

Our unique, proprietary infrastructure is constantly evolving to address new cybersecurity threats. We deploy a range of techniques, including sinkhole servers, cryptographic protections, distributed denial-of-service (DDoS) mitigation mechanisms, and domain name registry lock functions to mitigate or eliminate the harm that malicious actors try to cause to internet users worldwide.

Since we started working together in 2020, Verisign has proven an important partner for IWF, taking rapid action and helping us to tackle and remove child sexual abuse material online. We appreciate the seriousness with which Verisign are approaching this issue.

Susie Hargreaves, OBE, Former Chief Executive Officer, Internet Watch Foundation

We also play an active role in industry operational security forums and collaborations focusing on mitigating DNS Abuse, including the ICANN Anti-Phishing and Messaging, Malware and Mobile Anti-Abuse Working Groups (APWG and M3AAWG). From its inception, we have supported the Internet & Jurisdiction Policy Network, which is an excellent resource for those interested in learning more about DNS Abuse.

As a top-level domain (TLD) registry operator, Verisign has contractual commitments with the US government to operate the .com infrastructure in a “content-neutral” manner. While we are not a “content platform,” we actively partner with trusted and credible organizations to address illegal online content with the appropriate authorities. This includes:

  • a program with the U.S. National Telecommunications and Information Administration and Food and Drug Administration to curb access to illegal online opioid sales,
  • a commitment, as an Electronic Service Provider registered with the National Center for Missing and Exploited Children (NCMEC), to bring to NCMEC’s attention instances of the online exploitation of children, and
  • a relationship with the Internet Watch Foundation (IWF), under which we are committed to taking action against every .com and .net domain name reported to us by IWF as being used to host child sexual abuse material (CSAM)-related content.

    To report a website distributing CSAM, please go directly to the Internet Watch Foundation.

How Can You Report DNS Abuse?

DNS Abuse may be reported directly to Verisign.

For any report alleging DNS Abuse, Verisign encourages reporters to first attempt to address the alleged abuse with the registrar of record for the second-level domain name being reported. In cases where this is unsuccessful and where a reporter wishes to file a complaint, the following procedures apply.

To report DNS Abuse related to one of the five categories described above, please complete the following webform for Verisign’s review. Note that incomplete reports may hinder or prevent an investigation and/or response.

Report DNS Abuse

DNS Abuse reports may also be mailed to:

VeriSign, Inc.
Attn: Verisign Support
12061 Bluemont Way
Reston, VA 20190

All Other Claims of Malicious Conduct

For information on reporting other forms of malicious conduct that are not DNS Abuse, please visit our Legal Notices page.

1 https://www.icann.org/en/system/files/files/sac-115-en.pdf

Contact
1-703-948-3200 Chat with Support
Share
Share