Malware slingers and spammers targeted by cross-industry institute led by industry veteran

Centre of excellence established to fight DNS abuse

The launch of a new institute to combat abuse of the Domain Name System (DNS) by phishing, spam, and malware campaigns has been welcomed by an independent expert.

The DNS Abuse Institute was launched last week by Public Interest Registry (PIR) as a way to bring together leaders in the anti-abuse space to fund research, publish recommended practices, share data, and provide tools to identify and report DNS abuse.

The initiative is an extension of PIR’s previous efforts to fight abuse of the cornerstone internet technology by malware slingers, spammers, and other ne’er-do-wells. Two years ago, the organization set up the ‘Framework to Address Abuse’, a guideline for both registries and registrars when it comes to addressing DNS abuse.

Catch up on the latest DNS security news

PIR launched its new institute to support the broader DNS community as part of its non-profit mission.

Graeme Bunton, who has more than a decade of experience working in DNS abuse policy, will serve as the DNS Abuse Institute’s inaugural director.

‘Pervasive’ problem

Cricket Liu, chief DNS architect at Infoblox, welcomed the establishment of the body.

“Infoblox does research into DNS abuse, too, but the problem is so pervasive that having PIR join in is most welcome,” Liu told The Daily Swig. “I'm particularly hopeful of the role they could play in education and coordination.”

In response to our questions, PIR said that it has always sought to lead in the anti-abuse space and implement best practices for .org and other top-level domains to address DNS abuse. It characterized the establishment of the DNS Abuse Institute as the logical next step on this journey.

“Our objective for the Institute is to combat DNS Abuse, and not just for .ORG but the entire DNS,” according to Graeme Bunton, director of the newly formed institute. “To do that, we know it will take the collaboration of large and small organizations, security researchers, and other stakeholders.”

Bunton added: “The Institute will serve a number of key functions: as a gathering point for interested organizations to share their best practices and to collaborate on tools – improving approaches across the entire industry, as well as to conduct research that helps the community understand the issues so we can come together to address them.”

DON’T FORGET TO READ Brave browser’s Tor feature found to leak .onion queries to ISPs