Habits of excellence: why are European ccTLD abuse rates so low?

Description

European Union country-code Top Level Domain registries (EU ccTLDs) as a group have strikingly low levels of domain names associated with spam, phishing and malware. This study asks whether the data accuracy practices of European Union (EU) country code Top Level Domain (ccTLD) registries contribute to those low levels of malicious domain names within EU ccTLDs.

Publication summary

European Union country-code Top Level Domain registries (EU ccTLDs) as a group have strikingly low levels of domain names associated with spam, phishing and malware. This study asks whether the data accuracy practices of European Union (EU) country code Top Level Domain (ccTLD) registries contribute to those low levels of malicious domain names within EU ccTLDs.

Voluntary and contractual norms within the domain name industry have emphasised the need for accurate, up to date and publicly accessible domain name registration data, but fulfilling that requirement while remaining in compliance with privacy laws and expectations has been a challenge.

For more than two decades the multistakeholder policy debates within ICANN surrounding the publication of registration data on WHOIS have remained unresolved. When EU privacy law, the GDPR, led to the WHOIS ‘going dark’, even though ICANN contracts required publication of registration data, it was clear that there was a lack of a legal obligation in EU legislation to mandate the collection, maintenance and publication of WHOIS data.

In late 2022, the European Union ratified the NIS2 Directive, which seeks to bridge that gap by imposing legal obligations on domain name registries and registrars to collect, maintain, make publicly available and verify domain name registration data1 in line with ‘best practices within the industry.’2 This study asks to what extent can the data quality practices of EU ccTLDs demonstrate effective practices within the industry’?