For those of us who worked on DNS Abuse back before it was technically defined or broadly regarded as a worthwhile pursuit, there was an understanding that “doing the right thing” (enforcing TOUs and monitoring our namespaces) was good for both registrants and our own businesses. However, as registries and registrars forged their paths individually and fought DNS Abuse and egregious online harms whack-a-mole style, there wasn’t widespread community support. There were (and in some cases, still are) pockets of the community that felt that not only were we not responsible for actioning abuse but that to do so would negatively impact other businesses in the space.
Below are Five Questions for James about structuring strong agreements that prevent abuse and how his team and company remain flexible as online threats evolve.
Kelly Hardy: Why has abuse historically been such a huge focus for GoDaddy?
James Bladel: Is it overly simplistic to say because it is the right thing to do? GoDaddy’s platform is designed to give customers everything they need to get their ventures up and running, but we also recognize that we are responsible for essential services that keep the Internet functioning. We have a duty to a variety of stakeholders to aggressively mitigate abuse when it’s detected on our platform. But for me personally, I also believe we have a responsibility to operate an abuse-free environment for the millions of GoDaddy customers who aren’t engaged in abusive behavior.
Kelly Hardy: GoDaddy has a really unique structure to combat abuse. Can you tell us a bit about this structure and how it came to be?
James Bladel: I think our structure reflects the changing nature of the threat environment, but also the evolution of our company. We all recognize that threat actors are continuously modifying their attacks to evade detection and mitigation. And as GoDaddy has grown and expanded our product offering, we needed to develop new tools and expertise to keep pace. This is why today we have dedicated teams for issues like phishing, or IP infringement, or content complaints.
Kelly Hardy: How do you structure your agreements with customers and resellers to ensure that you have the necessary tools baked in to address DNS abuse and online harms?
James Bladel: It is important to clearly lay out your policies against DNS Abuse in customer agreements, like our Universal Terms of Service (UTOS). This not only provides us with the legal basis for taking action against abuse, but also sets the expectation with our customers on what behaviors we do not tolerate. I’d like to think we’ll someday clean up everything that ails the Internet, but even a large provider like GoDaddy can only do so much. But what we can do is make our platform as unfriendly as possible for would-be threat actors, and that’s part of the goal of our UTOS provisions.
Kelly Hardy: GoDaddy is a rare company in our space that is hyper visible to the general public. That level of brand recognition comes with a lot of responsibility as well as assumptions about how something like actioning abuse might work (for instance that you have ultimate power over what happens on your domains). How do you respond to those assumptions and appease that visibility?
James Bladel: This is a tricky one, because while folks in our industry generally understand the differences between TLD Registries, Domain Registrars, and WebHosts, the public at large doesn’t see those distinctions. As an industry, we need to do more to educate the public (including government policymakers, law enforcement, and news media) about this product “stack”, and how the detection methods and mitigation tools vary across different products.
Kelly Hardy: You've been with GoDaddy for a long time. How has it evolved for the changing landscape in terms of online harms/ threats?
James Bladel: In addition to the evolving threat environment mentioned above, I’d say the biggest change is an increased interest by governments for local regulation. However, there’s room to improve industry-government collaboration, because laws are being drafted with just a few of the larger tech companies in mind. Engaging policymakers earlier in the legislative process will result in fairer and more effective regulations,and ensure that policymakers are well-informed and considering the entire online ecosystem.