ICANN85 Mumbai: DNS Abuse Is Getting Serious — But Are Registrars Solving the Right Problem?

When ICANN brought the global domain industry together in Mumbai for ICANN85, one topic clearly dominated the agenda: DNS abuse mitigation. With nineteen dedicated sessions spread across six days, the level of attention this issue received signals both urgency and a certain level of confusion about where responsibility actually lies within the internet infrastructure stack.

There is no debate anymore about whether DNS abuse is a real problem. Phishing attacks, business email compromise, QR-based scams, and SMS phishing have all increased as more businesses and users move online. The actors behind these attacks are organized, well-funded, and constantly evolving their tactics. From a registrar’s point of view, this translates into a growing volume of abuse reports, increasing pressure from regulators, and rising expectations from users — all of which demand faster and more decisive action.

However, the core limitation that continues to be overlooked in many of these discussions is the actual capability of registrars. When a registrar takes action on a domain associated with abuse, the only real tool available is to suspend the domain entirely. This is not a surgical intervention. It does not allow selective removal of malicious content while preserving legitimate services. Instead, it is a blunt instrument that takes down everything — websites, email services, APIs — regardless of whether all components are involved in the abuse.

This limitation creates a fundamental mismatch between expectations and reality. Policymakers and governments increasingly expect content-level enforcement at the DNS layer, but the DNS itself was never designed for that purpose. Registrars operate under globally standardized agreements, yet they are being pushed to solve problems that originate at the application or content layer. Attempting to force content regulation into the DNS layer risks creating unintended consequences for how the internet functions at a foundational level.

One of the more practical discussions at ICANN85 revolved around the concept of Associated Domain Checks (ADC). The idea is straightforward: when a registrar identifies one domain in an account as abusive, it should also review other domains registered under the same account for similar patterns. In practice, many registrars already follow this approach because it is operationally efficient. Handling abusive domains one at a time, especially when they are clearly part of a coordinated set, is neither scalable nor effective.

The real challenge with ADC is not the concept itself but how it is defined and constrained within policy. Without clear boundaries, what begins as a reasonable verification step can quickly evolve into a broad and undefined obligation. Registrars could find themselves expected to conduct extensive investigations or even prove the absence of abuse, which is not operationally feasible. Ensuring that the burden of proof remains with the reporting party or compliance bodies is critical to maintaining a workable system.

Another important takeaway from ICANN85 is the pace at which policy evolves within the ICANN ecosystem. The Policy Development Process (PDP), which is used to create binding consensus policies, is deliberately thorough and inclusive. However, this also makes it slow. The current timeline for implementing ADC-related policy work extends to around 2027. In an environment where abuse tactics evolve rapidly, such timelines raise valid concerns about whether policy can keep pace with real-world threats.

At the same time, there is a reason for this caution. Previous initiatives, such as the Standardized System for Access and Disclosure (SSAD), have shown how complex and difficult it can be to translate community discussions into workable policy. The ICANN model prioritizes consensus, but that often comes at the cost of speed and simplicity.

Stepping back from the specifics of DNS abuse, ICANN85 revealed a broader strategic reality for registrars. Their role within the internet ecosystem is becoming more central and more scrutinized. Every new compliance requirement, every policy discussion, and every enforcement expectation ultimately places additional responsibility on registrars. Yet, the tools available to them have not fundamentally changed.

This imbalance is shaping how registrar businesses need to operate going forward. Success is no longer defined solely by pricing, distribution reach, or reseller networks. Instead, it increasingly depends on operational maturity, the ability to handle abuse efficiently, robust internal processes, and readiness to comply with evolving global standards.

The DNS abuse conversation will continue to evolve, and regulatory pressure is unlikely to decrease. What ICANN85 made clear is that the industry is still trying to address a content-layer problem using infrastructure-layer mechanisms. Until that gap is properly addressed, policy discussions will continue to expand, timelines will stretch, and registrars will remain at the center of a complex and often conflicting set of expectations.

For anyone operating or planning to build a registrar business, this is not just a policy issue. It is a structural reality that needs to be built into the foundation of the business itself.