ICANN has developed a tool called Domain Abuse Activity Reporting (“DAAR”) (https://www.icann.org/octo-ssr/daar) which is a system for studying and reporting on domain name registration and security threat (domain abuse) behaviour across top-level domain (TLD) registries and registrars. DAAR provides publicly available monthly reports to the community.
Like Abuse Monitor, DAAR uses reputation service providers to provide threat feeds into a system. DAAR then uses this system to produce reports. Registry Operators are able to make an appointment with the DAAR team to review their data in DAAR.
There are several areas where Abuse Monitor data may differ from DAAR:
- Different Reputation feeds. While there is a strong overlap, Abuse Monitor uses different reputation service provider feeds from DAAR.
- Reported until removed from the source: DAAR continues to report cases until they are removed from the reputation feed provider. The Registry Operator or the Registrar may have investigated the case and determined that the abuse incident has been resolved or is a false positive, but it will continue to appear in reputation feed.
- Does not take the status of the domain into consideration. Reputation feed providers and DAAR may not take into consideration the status of the domain in their reporting. So a domain may be on serverhold, clienthold or, in some cases, deleted and still appear in the DAAR report.
As part of the ICANN compliance audit, you may be asked for a list of domains that Compliance may use to compare with the results from DAAR. These reports can be directly downloaded from Abuse Monitor by use of the filter function in the dashboard, however if you need any assistance, please contact us at firstname.lastname@example.org.
Other Domain Abuse Reporting
There are other industry resources that report abuse statistics for TLDs. Two examples are Spamhaus who publish a Badness list (https://www.spamhaus.org/statistics/tlds/) and SURBL who provide a list of top 20 most abused TLDs (http://www.surbl.org/tld).
If your TLD appears on either list, you may wish to pay attention to the Abuse reports through Abuse Monitor. Please note that you need Abuse Monitor Standard to see the SURBL and SPAMHAUS reports.