By Alex Zins
Governments participating in ICANN, through the Governmental Advisory Committee (GAC), have issued consensus advice that the new gTLDs approved during the next round of applications, currently scheduled to open in April 2026, should not be delegated until additional targeted policy work is completed to address DNS abuse – specifically malware, phishing, botnets, span, and pharming. Their main concern centers on abuse linked to bulk domain registrations. In its ICANN83 Communiqué, the GAC urged ICANN to initiate DNS abuse Policy Development Processes (PDPs) before ICANN84 in October 2025. These PDPs should address two priorities: the malicious use of bulk domain registrations and the responsibility of registrars to investigate not only domains cited in abuse reports but also others associated with the same registrant. The GAC emphasized that these issues should be resolved before new gTLD strings are introduced into the DNS.
The United States representative highlighted concerns about phishing, in particular, and signaled that unchecked DNS growth poses risks without stronger safeguards. While supportive of certain categories such as geographic and IDN strings, the U.S. expressed caution about large-scale expansion. If ICANN adopts the GAC’s advice, the start of the next application round may remain on schedule, but the delegation of new gTLDs could be delayed until the recommended PDPs are completed.
If the PDPs result in policy changes, registrars and bulk resellers could face significant compliance changes. Future policies may limit high-volume registrations or require investigation into broader patterns of abuse linked to specific registrants. These obligations would represent a notable shift in operational responsibilities for domain registrars and resellers whose customers register in bulk and possess large domain portfolios.
Community Identifies Five Areas for Policy Work to Address DNS Abuse
The ICANN community has continued to treat DNS abuse as a priority, with studies and technical input fueling the call for narrowly scoped PDPs. At ICANN83, the NetBeacon Institute presented five proposals targeting specific abuse vectors:
- Associated Domain Checks: Registries and registrars would be required to review other domains held by registrants once one domain is flagged for abuse, allowing entire abuse campaigns to be mitigated at once.
- Friction in Bulk Registrations for New Customers: Abuse reports and the INFERMAL study show that open access to bulk registration APIs correlates with a dramatic rise in malicious registrations. This proposal would introduce qualifying standards, cool-down periods, and abuse-related access restrictions.
- Subdomain DNS Abuse: With 24% of phishing attacks leveraging subdomains (source), this proposal would expand enforcement and reporting mechanisms to the third level of domains.
- Registrant Recourse Mechanisms: Registrants would gain the ability to appeal suspension decisions, obligating registrars and registries to review evidence before upholding or reversing enforcement directives.
- ICANN Coordination for DGA-Related Malware and Botnet Mitigation: ICANN would serve as a clearinghouse for Domain Generating Algorithm (DGA) abuse reports, coordinating responses across registrars and optionally with ccTLDs.
Two of these proposals, associated domain checks and restrictions on bulk registrations, align closely with the GAC’s advice and are likely to guide next steps. Acceptance of the advice could influence the timing of new gTLD delegations and introduce stricter operational requirements for registrars and resellers.
Final Thoughts
As the calls for targeted policy efforts to combat DNS abuse increase, the path to the next round of new gTLDs is getting more complex. The GAC’s advice and supporting community proposals underscore a growing consensus: meaningful safeguards must be in place before further expanding the DNS. Whether through new registrar obligations or bulk registration controls, the resulting policy changes could reshape how domain portfolios are managed and evaluated. While the application window may open as scheduled in 2026, the timeline for delegation – and the responsibilities of players in the domain ecosystem – will likely be shaped by the progress and outcomes of these DNS abuse policy development efforts.