Domain name system (DNS) abuse mitigation is a strategic focus for auDA, ensuring .au remains secure and trusted. DNS abuse comprises five categories of online harm where domain names are used to carry out malicious activity.
What is DNS abuse?
DNS abuse refers to five main categories of malicious online activity that involve the DNS:
- Spam (where the spam is used to facilitate one of the other four categories).
An example of DNS abuse is an email with a malicious link to a site that downloads a virus onto your computer.
For more information refer to the DNS Abuse Institute.
Is there DNS abuse in .au?
Occurrences of DNS abuse in .au are well below the global average according to ICANN’s Domain Abuse Activity Reporting.
As at June 2022, only 0.03 per cent of .au domain names experienced an instance of DNS abuse, compared to approximately 0.18 per cent for generic TLDs globally.
Almost all instances of DNS abuse in .au result from website compromise.
Websites are generally compromised because the website software is not updated or there is an insufficient level of security, such as simple passwords that are easy for malicious actors to guess. This reinforces the need for website operators to maintain high levels of security. To conduct a free check of the security of your online services, visit aucheck.com.au.
Despite the already low levels of DNS abuse in .au, auDA remains committed to further driving down DNS abuse to 0.005 per cent of .au domain names by 2025, as well as supporting a reduction of DNS abuse and raising awareness of cyber security in the broader domain ecosystem.
How does auDA help prevent DNS abuse?
Abuse in .au remains low thanks to the robust .au Licensing Rules and our strong compliance approach to ensuring that those rules are followed.
There are four levels of protection from DNS abuse in .au:
- Validation checks during registration
- Post-registration validation checks by auDA
- Daily checks against DNS abuse threat intelligence feeds
- A clear, accessible complaints process.
Registrations in .au undergo validation to check the credentials used to register the domain name are valid. auDA conducts regular audits of registrations and has active, daily monitoring for suspicious registrations.
Global DNS abuse threat intelligence feeds provide reports of domain names reported for abuse, which allow auDA to act swiftly to suspend or cancel the relevant domain name licence.
Members of the public and law enforcement can report abuse via auDA’s complaints process.
If DNS abuse is found, what action can auDA take?
As the administrator of .au, auDA can only take action for DNS abuse for .au domain names. For matters relating to non .au domain names, refer to netbeacon.org.
Where a .au domain name poses a risk to the security, stability or integrity of the .au domain, we can take immediate action to suspend or cancel the .au domain name licence.
When we find evidence of DNS abuse in .au, we contact the registrant and give them 72 hours to take the necessary action to remove the DNS abuse. We also ask the relevant registrar to follow up with their registrant.
If we do not hear back from the registrant within 72 hours and the DNS abuse remains evident, we suspend the domain name to minimise possible harm to internet users.
We do not act on content hosted on websites accessed via a .au domain name. Matters relating to inappropriate or harmful online content are managed by relevant regulatory bodies including the eSafety Commissioner or the Australian Communications and Media Authority (ACMA) and should be referred to them in the first instance.
How can I report DNS abuse?
Complaints related to DNS abuse in .au should first be lodged with the relevant registrar, which can be found in the WHOIS, along with their contact email and phone.
In the second instance, you may contact your web hosting or email service provider. The abuse contact of the web hosting and email service provider of a specific domain name can be identified by using Abuse Contact Identifier (ACID) at: acidtool.com.
If the complaint is not resolved satisfactorily, you can lodge a complaint with auDA.
Does auDA work with local law enforcement agencies, regulatory bodies and others?
auDA regularly engages with Australian law enforcement, intelligence agencies, regulatory bodies and consumer affairs and fair-trading bodies to keep the .au domain trusted and secure.
Australian enforcement bodies can request the non-public registry information from auDA (such as the postal address and phone number of the registrant) associated with a .au domain name under the provisions of The Privacy Act (1988) (Cth) to allow them to investigate a complaint from the public.
auDA also works with the international community, including the DNS Abuse Institute, to collaborate and tackle DNS abuse.
auDA’s COO, Dr Bruce Tonkin, is a member of the Advisory Council of the DNS Abuse Institute, which provides expert advice to industry stakeholders.
He is also Vice Chair of the country code Name Supporting Organization (ccNSO) DNS Abuse Standing Committee, which is a part of the International Corporation of Assigned Names and Numbers (ICANN) and helps coordinate DNS abuse mitigation strategies amongst ICANN-member organisations.
We regularly participate in forums hosted by ICANN and other internet bodies to further DNS abuse mitigation industry wide.
Category: Fact sheets