ICANN published its audit conducted from November 2018 to June 2019. The audit involved 1,207 registries - almost all registries of gTLDs. According to the document, 180 registries did not check their domains for unlawful activity (distributing spam and malware, creating sites that sell counterfeit products, etc.). However, not a single name is registered in any of the domains managed by these registries, and the vast majority of them are unused dot-brands. Nevertheless, registration agreements concluded between the registries and ICANN require such checks - as was pointed out to the registries.
Another 60 registries did not monitor malicious activity despite having domains registered in their gTLDs. The corporation demanded that these registries comply with the contract. It is reported that the identified violations have been remedied, while the names of non-compliant registries are not given in the report.
The easiest way to monitor malicious activity is to use the so-called black lists of malicious domain names. Such lists are regularly posted, for example, by SpamHaus, SURBL, PhishTank and other organizations. Some of these lists are distributed by paid subscription, while others are openly available. Also, malicious activity can be monitored by software solutions that are developed by both the largest registries and third-party development companies.
However, Domain Incite notes that ICANN’s requirements for monitoring malicious domain activity are rather vague, which leads to disagreements between the corporation and registries. ICANN insists that registries should have to provide information on specific offending domains and measures taken against them. But registries often provide only aggregate statistical information. In addition, the registration agreement does not indicate how often registries should monitor the malicious activity of their domain zones. The audit shows that 772 registries conduct such monitoring daily. However, others carry it out weekly, monthly or even once a quarter. And, oddly enough, they are all considered in compliance by ICANN.
