Latest news of the domain name industry

Recent Posts

Governments erect bulk-reg barrier to new gTLD next round

Kevin Murphy, June 12, 2025, 12:56:01 (UTC), Domain Policy

No new gTLDs should be added to the internet until ICANN develops policies addressing the abuse of bulk domain name registrations, according to the Governmental Advisory Committee.

The GAC this afternoon drafted formal Advice for the ICANN board stating that policy work on bulk regs should get underway before ICANN 84, which takes place in Muscat, Oman in late October.

While the wording still may change before it is sent to ICANN, the current draft advice reads:

The GAC advises the board: To urge the GNSO Council to undertake all necessary preparation prior to ICANN84 towards enabling targeted and narrowly scoped Policy Development Processes (PDPs) on DNS Abuse issues, prioritizing the following: to address bulk registration of malicious domain names; and the responsibility of registrars to investigate domains associated with registrar accounts that are the subject of actionable reports of DNS Abuse.

The advice on bulk regs is fairly self-explanatory: the GAC has become aware that spammers typically shop around for the cheapest TLDs then register huge amounts of domains on the assumption that some will start getting blocked quite quickly.

The second part of the advice probably needs some explanation: under the current ICANN contracts, registrars have to deal with abuse reports concerning domains they sponsor, but they’re under no obligation to investigate other domains belonging to the registrants of those domains.

So, if a scumbag registers 100 domains for a spam campaign and only one of them is reported as abusive, the registrar can comply with its contract by simply suspending that one domain. The GAC thinks it should be obliged to proactively investigate the other 99 names too.

The advice seems to have been inspired by two sources: NetBeacon’s recent Proposal for PDPs on DNS Abuse (pdf) and data from Interisle Consulting.

Both pieces of advice obviously could have an impact on registrars’ top and bottom lines. They could lose revenue if they currently make a lot of money from bulk regs, and their costs could be increased with new obligations to investigate abuse.

An added wrinkle comes in the GAC’s rationale for its advice, which suggests that dealing with bulk regs and abuse probes should be a gating factor for the next round of new gTLDs going ahead. It reads:

Before new strings are added to the DNS as a result of the next round, further work on DNS Abuse is needed to stem the increasing cost to the public of phishing, malware, botnets, and other forms of DNS Abuse.

The core text of the advice was compiled in furtive huddles on the edges of sessions at ICANN 83, and I believe Switzerland held the pen, but it seems the US government was the driving force behind the push to make abuse a barrier to the next round.

As I reported on Monday, the US GAC rep said that “in light of the global phishing problem… and similar concerns the United States is of the view that we should not expand the DNS too broadly”.


If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.

Tagged: , , , , , ,

Comments (6)

  1. Volker Greimann says:

    Before we can have a PDP on bulk regs, we need to see some conclusive evidence that bulk regs actually need regulation. So far, all we have seen is some correlation, no causation.
    As there are loads of legitimate uses of bulk registered domains, we need to be careful not to throw out the kids with the bath water.

    • Tony Kim says:

      Speaking from the point of a long time registrar owner and operator, adding some protective measures won’t hurt nor stop the use of legitimate bulk registrations. By default, registrars should put in speed bumps to slow down bulk registrations as the first step to narrow the ingress.

      Bulk registrations are then only allowed for verified accounts (something registrars should be doing anyways). Easy and practical, while so helping rid the world of spammers, fraud and phishing.

  2. Steve Gobin says:

    While I agree that some registrars don’t do enough to address DNS abuses (fortunately, they are a very small minority), a registrar shouldn’t be requested to investigate a domain name the registrar has nothing to do with, including when the registrant is also a customer of that registrar. Not to mention that the technical possibility for a registrar to investigate a domain name that is registered via another registrar would be very limited (unless the registrar is acting as a reseller of the concerned domain name).

  3. Dan says:

    This seems like one of those things which sounds easy, but just causes more work and still won’t solve the problem.

    We already have scammers making tons of separate accounts with different details… so how far do we go?

    Check everything in every account with the same IP? – what about CGNAT, university campuses etc?

    How many is ‘bulk’? 3? 5? 100?

    This all adds cost, and it’s a very competitive industry… they’ll just go to whoever sells dirt cheap and does the absolute minimum and everyone else ends up losing money on domains needing huge teams handling all the reports and then tracking down potentially thousands of domains off 1 report!

  4. Avri Doria says:

    The importance of GAC advice is only defined in Bylaws. I expect the Board will find a way around that if they want to and can claim enough people want them to.

  5. Maxim Alzoba says:

    Sometimes legit TM owners make bulk registrations in the wake of a launch of some new product or service. Domain resellers tend to pack the requests of their customers in bulk sets (like several different customers’ requests will look like a single bulk registration attempt).

Add Your Comment