As part of its commitment to ensuring the stable and secure operation of the Internet's unique identifiers, the ICANN community has taken steps to combat Domain Name System (DNS) abuse. DNS Abuse broadly includes botnets, malware, pharming, phishing, and spam when it is used to propagate other DNS security threats.
ICANN's Internationalized Domain Name (IDN) Implementation Guidelines are a list of standards for registries seeking to deploy IDNs. The guidelines are designed to minimize the risk of DNS user confusion, which can be exploited for DNS abuse and other harms. Since the ICANN Board approved Version 4.1 of the guidelines in September 2022, the ICANN organization has been preparing to implement the new version in the third quarter of 2024.
About the Guidelines
The IDN Implementation Guidelines relate to second-level registration policies and practices for IDNs. These contractually binding guidelines were developed by a community-led working group. The guidelines are part of the Base Generic Top-Level Domain (gTLD) Registry Agreement and the 2013 Registrar Accreditation Agreement. They are also part of the Final Implementation Plan for IDN country code top-level domain Fast Track Process.
The guidelines were designed to minimize the risk of cybersquatting and consumer confusion exploited by bad actors. For example, implementing the guidelines can prevent phishing attacks using mixed-script strings.
Here is an example of a string that mixes Greek and Latin scripts:
| Greek-Latin mixing: | gοod-tickets.example |
| Unicode code points of gοod-tickets: | {U+0067(g) U+03BF(ο) U+006F(o) U+0064(d) U+002D(-) U+0074(t) U+0069(i) U+0063(c) U+006B(k) U+0065(e) U+0074(t) U+0073(s)} |
Version 4.1 of the guidelines adds a requirement that registrations that do not comply with the guidelines adopt a transition plan. In addition, the updated guidelines encourage registries to refer to the Reference Label Generation Rules for suggestions on how to securely form second-level IDNs.
Most registry operators have already implemented the new guidelines. Based on our March 2024 review, only 0.0003 percent of all gTLD registrations (754 out of 219 million) are potentially noncompliant with Version 4.1 of the IDN guidelines.
Before ICANN launches the new version, our account managers will be working with registry operators to learn more about potentially noncompliant registrations and identify the cases that need to be addressed.
If you'd like to learn more, we will be explaining the new guidelines during a session at the Combating DNS Abuse Workshop, which is taking place on Thursday, 9 May 2024, after the Contracted Parties Summit in Paris. You are invited to attend the workshop either in person or online.
