A health system approach to DNS and online abuse

The 84th Public Meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), was held in Dublin, Ireland, from 25-30 October 2025.

ICANN works to maintain a stable, secure, and unified global internet by managing the Domain Name System (DNS), assigning IP addresses, and accrediting domain name registrars. During this, I was invited to give the host country presentation to the Government Advisory Committee (GAC).

Rather than simply outlining the policies and processes .ie uses to combat instances of abuse, the presentation highlighted how a prevention framework (borrowed from the public health sector can help shape effective measures to address technical and online abuse.

A highly trusted and low-abuse namespace

The .ie domain is unique, even among other country-code top-level domains (ccTLDs), due to one of its long-standing policies: the Connection-to-Ireland. Every registrant must demonstrate a “real and substantive connection to the island of Ireland.”

This policy is not only to ensure that the .ie domain name remains a trusted asset for Ireland, it is also a preventative measure. According to the DNS Research Federation, the .ie domain name has one of the lowest rates of abuse among European ccTLDs NetBeacon’s August 2025 report shows the .ie namespace remained highly secure, with just one detected instance of technical abuse.

A broader view of abuse

Ourselves in .ie take a somewhat “broader view” of abuse as opposed to the classic ICANN definition of “DNS Abuse.” ICANN defines DNS Abuse as phishing, malware, botnets, pharming and spam when used as a delivery mechanism. However, .ie views three types of abuse:

• Technical abuse: Traditional DNS threats that largely aligns with ICANNs definition of ‘DNS abuse’.
• Content abuse: Displaying or distributing illegal content in the .ie namespace.
• Registration abuse: Domain name registrations that are carried out in bad faith or maliciously.

While definitions and how we frame issues is important, it is also essential though, that registries have different measures in place to appropriately and proportionately respond to situations. For example, it would not be appropriate for the registry to proactively determine what constitutes a crime, or what is in bad faith. But it is appropriate for the registry to have processes in place to respond to complaints or court orders.

ATOM: Appropriate technical and organisational measures

A helpful acronym is ATOM, appropriate technical and organisational measures. There is no silver bullet for online safety, and the registry does not rely solely on any one single technical tool or policy to help mitigate abuse. Having a mix of appropriate and complementary measures is essential.

Things like domain name suspensions, for example, are often called a blunt instrument (similar to a hammer). Using that analogy, if one wants to build a birdhouse, but only uses a hammer, it will likely be a very poor-quality bird house. A mix of complementary and layered tools, instruments, and policies are required to create and maintain a safe .ie namespace.

Types of prevention

In the world of public health, ‘prevention’ is often divided into layers, but it is fundamentally about having proportionate interventions that stop something bad from happening. This framework is also helpful for the registry to view the different measures in place to prevent abuse from happening.

• Primary prevention: Primary prevention is stopping an issue before it becomes a threat. This is preventing a heart attack at 60, by being active at 20. At the organisational level, this is about having the policies, processes, and governance practices in place that stop threats from developing.
• Secondary prevention: Secondary prevention is about early detection and first response to an imminent threat. If someone has an illness, secondary prevention is about detecting that illness. In the DNS world, this is about having measures in place that can detect abuse happening and having the ability to rapidly respond in a proportionate way.
• Tertiary prevention: Tertiary prevention is about responding to an event that has already happened, or is currently happening, and preventing further damage. In the most extreme situations, for instance, this could be having the ability to perform domain name suspensions or takedowns when necessary.
• Quaternary prevention: The last layer of prevention, but just as important as the others, is quaternary prevention. This is about having measures and processes in place to avoid intervening when it is not necessary, or in a way that is not appropriate. These are things like due diligence checks, appeals processes, or policy advisory committees.

The Regulatory Authority Protocol

An effective example for .ie, is the Regulatory Authority Protocol (RAP). This is an established process where regulatory authorities submit complaints to the .ie registry about problematic domain names. The registry has an established process to conduct due diligence checks, respond to the incident accordingly, and works with the regulator to reach a satisfactory outcome.

Conclusion

The main takeaways are that effective mitigation requires both technical and organisational measures, that interventions must be appropriate and proportionate, collaboration with regulators is essential for .ie to maintain a safe and trusted namespace, and it is essential to avoid unnecessary interventions and overreach.

Topics like these will be discussed at the second Ireland Internet Governance Forum taking place in 2026. This event brings together leaders across government, private sector, civil society, and the technical community to discuss internet and digital policy issues affecting Ireland.

W: www.weare.ie