topDNS Best Practice Series: How to reduce Abuse through Quality
2:09PM Jun 6, +0000
Speakers:
Lars Steffen
Keywords:
registrar
abuse
dns
domain names
registry
register
reseller
information
upi
discount
qpr
data
registrations
good
theo
next slide
scammer
domains
levels
called
Surprising the effect and incentives had and wanted to try and be smarter about how we incentivize registrar behavior. So real credit to Sid and the ccTLD registry operator for NL, they have something called the registrar scorecard that they were very generous with their time and helped us really help brainstorm what UPI could look like for.org. And so a special thanks to Sid and they continue to lead in this field. They, their registrar scorecard continues to impress and is a real inspiration for UPI, and how we developed it so ever since launching UPI this has been our only channel wide discount for a discount program for.org Trying to be again trying to make sure we're incentivizing the right behavior. But we also in 2019 instituted something we call them new sweeps where the program we weren't using clean DNS at the time. The program that we use for abuse management was very good at catching domains as they were registered. But if a domain aged and only then started engaging in abusive domains would slip through the cracks. So we at the same time that we instituted to QPI we also instituted these abuse sweeps to try and get what we've been missing. Next slide. So QP is comprised of six metrics. There's three primary metrics and three secondary metrics. The first is abuse rates with a little asterisk that we'll come back to renewal rates domain usage. So these are weighted at a higher level than the secondary criteria of SSL certificates DNSSEC and average term length. Next slide, please. The reason that abuse rates was estrous had an asterisk on it if we could move to the slide titled abuse rates, please. Oh, keep talking. But if we could, if we could pull up the abuse rate side, please, which is there we go. So it's because that is a gating factor. So it doesn't matter. So of the six criteria, a registrar could have a perfect score in all the other criteria, but if they don't have a satisfactory abuse rate, meaning if their abuse is too high, they are automatically they do not pass QPI and will receive no discounts from pir. So it's the only one of the six factors that if you don't if you don't pass that you're just completely ineligible to participate in to PII. We keep that specific metric internals to prevent gaming. It's just that we want registrar's to have less abuse or we don't want them to work to a specific number. We want less abuse, and if they pass then they're eligible if they don't then they can't get a discount from us. Next slide, please. So go one that I talked about reducing DNS abuse, is it working to us the answer is yes. So these are our number our abuse levels compared to 2019 2019. was last year. We didn't have a full year of QPI under our belt and immediately, year over year, we saw a 67% reduction in DNSSEC use that continued so 2021 Compared to 2019 a 71% reduction, and then last year compared to 2019 75.6% reduction in DNS abuse levels. So DNS abuse absolutely has gone down ever since we launched UPI. Now these are so just these are our internal metrics, what we observed for DNS abuse but we also sort of corroborate that with external sources. as well. So many of you, I'm sure have heard of SpamHaus which does a lot of things. They maintain reputation block lists. They also create something called a badness score. So they look at all the bad domains that they recognize in various TLDs and in that same time period, in 2018. Org average 3.12% Add domains, and that's down 2.9% In May of 2023. So, basically, they're seeing the same thing we are it's not just our internal data. It seems as though there really has been effectively a 75% reduction at least in DNS abuse in the world ever since
we launched UPI. Next slide, please.
I want to know, you know many of you are aware there's proposed contractual amendments with gTLD registries and registrar's with ICANN for the first time there's going to be a real obligation to quote do something about DNS abuse. So QPR is a program that we really think makes sense especially in that landscape. There's there's a cost for each abuse referral that comes in there is you know, that it's whether it's someone on my team is time someone on the registrar's side, the back and forth in between each of those interactions is a cost. And so if you have a system that makes abuse less likely to occur on the front end like UPI, then it's less cost incurred to clean that up on the back end. And while that cost may have been sort of option for those that want to act and responsibly, that's now going to be contractually required. So it's something that I really encourage registries and registrar's to think about is implementing some proactive system like UPI moving forward. Next slide. So goal to create responsible growth. So currently, more than 55% of all ord registrations are created through to QPI and since we've implemented it, we've seen a 6.3% increase in renewal rates which is pretty significant. So we between 2015 and 2018. We enjoyed a 75.5% renewal rate, which is pretty good for gTLD. But ever since implementing to QPI, focusing on responsible growth and not just growth for the sake of it without quality registrations. That number is closer to 82%.
Next slide please.
It hasn't just been beneficial for us the registry. It's also been very beneficial for our registrar partners, registrar's that participate in to QPI. Enjoy 16% Higher renewals non participants, and we've seen registrar's really approach us about increasing their discount or improving their practices in order to participate in GPI. So our channel team will regularly sit down with the registrar's, show them their data, talk about areas for improvements, and really help them improve their QPR score because doing so it's good for their business. It's good for our business, and it's good for the quality of the registrations that we're incentivizing. Finally, we also encourage now consultation with the DNS abuse Institute. One of their sort of flagship initiatives is called DNS ni DNS AI compass, which is a measurement tool for DNS. So if you haven't, I'll drop a link after I'm done chatting here. But I'd encourage you to reach out if you're a registry or registrar if you haven't seen your data. Graham and Rowena, the DNS abuse Institute have some really interesting data as far as where abuse is concentrated, and you know, kind of get comparisons relative to your peers. So we're encouraging registrar's that have questions about their QPI score to also talk with the DNS abuse Institute.
Next slide please.
So that you know registrar's, coming to talk to us. Here's a real world example this is this is a real registrar, but we're keeping the name of it anonymous for this that in 2019, this is a mid to large size registrar in 2019. This green line here on the screen is the air abuse per create rate. So basically how much abuse today see per compared to their creative work. The blue line is there just overall growth and registrations in work. So in in 2019 this particular registrar was failing QPR and they were failing, as you can see, because they had pretty high abuse spikes. At one point hitting about 6% of their registrations in org were attributable to DNS abuse. We sat down to them showed them their data and explained why they didn't qualify for Q QPI. And I don't know if it was a direct result of that conversation, but sometime shortly thereafter. They fundamentally changed the way they sold org or at least they changed the way that that abuse was occurring, because as you can see, it sank like a stone and by the end of 2000, are at the beginning of 2020. And ever since this registrar after that conversation has held and abuse per create, right around 0% in work when they were previously at 6%. And at the same time, their growth continued because they're enjoying discounts in work. So it really is it has been nothing but a win-win. So this, this registrar like this graph, to me shows what can QPI do, it can help you grow but it can also really make your abuse at a per registrar in a TLD level sink like a stone. Next slide please. So we have some a couple testimonials. The most important testimonial though is Theo that is going to speak to QPI and how he what he does with it in a few minutes. But I did just want to point out so James playdough from GoDaddy pointed out that, you know, tech pupae helps demonstrate that tackling DNS abuse results, not only in a safer namespace, but it's good for business and I think that really sort of hits the nail on the head. We can all be where the white hat and try and sort of crackdown on DNS abuse. We can all sort of try and be good at business, but it doesn't have to be one or the other. We think that this kind of program really helps tie those two goals together, that you can have a program that responsibly incentivizes growth at the same time makes it unlikely that the registrations that come in are abusive.
Next slide please.
A couple more quotes. So Ashley, from name.com notes that UPI helps with the focus on long term success over short term volume. It's led to an increase in org revenue. So again, good for business and makayley, who everyone knows and loves from Blacknight points out that you know, it's nice to be recognized that basically I'm already doing good stuff. And so to QPI makayley, for example, hasn't had to change anything he does all he does now is a financial reward for having healthy registration patterns. So and we're happy with that, if registrar's doing great. They don't want to change anything. That's great. Here's a discount. We're glad that you're performing the way you are in
order. Next slide please.
So, the TPI has been called it's a registry best practice by Cannes. Act, the government advisory committees Public Safety Working Group, likewise in the European Commission study on DNS abuse, or it was recognized as a positive registry practice and I will also note that it's pretty consistent QP is consistent with the ICANN CCT, RT which is a mouthful, consumer choice review team recommendations around incentive programs.
Next slide, please.
So what's next for QPI? We're always sort of looking at QPI and thinking about doing what we want it to is it achieving our goals so it is continuing to reduce DNS abuse and create responsible growth, but we're always sort of thinking about are we measuring the right things? Do we have the right balance in our recipe? So we may we may tweak things here and there moving forward, but ultimately, the foundation for QPR has been laid. But most importantly and I encourage anyone that has thoughts on this call or send it to me offline or raise a question here is this. What would you do different? You know, we're very proud of QPR, but we try not to be prideful in how we approach it. So any ideas a good idea here? If there's room for improvement, please let us know if you think we're we're not measuring the right thing. If there's other measurements you think we should should factor in? We're all yours and especially our registrar channel, we always try and get a sense from them. Is this encouraging the right behavior? Is this burdensome? Is it helpful? So again, all yours on feedback for QPI steps. Next slide, please. So again, we saw we're inviting others to participate in QPR. So we think that it works help reduce DNS abuse and create responsible growth. We think the DNS would benefit if other registries implemented systems like UPI. We intentionally made this non proprietary we didn't try and protect it in any way. Because we specifically we think other registries doing this, it would be good for their business. Yes, but it would also improve the state of the DNS by making DNS abuse less likely to occur.
Next slide. So
I'll pause there and I know Theo is going to be going I just want to say thank you very much to top DNS for having me present here. I really do think that UPI can be something that benefits the DNS and other registries were to adopt a system like UPI you don't need to call QPI you don't need to attribute anything to us. Do your own thing. But the thought here is that registry incentive programs can really have a market effect on DNS abuse levels. So the thought behind UBI is being intentional and deliberate and trying to increase the quality of registrations, not just the quantity. So with that, maybe I'll hand things to Lars to do a must I'll take questions here or maybe we save him at the end. Lars? I didn't know if you had a preference for how we handle that.
So first of all, Brian, thank you very much. Very great presentation. Very interesting. I think it's always very appealing when fighting abuse and also including DNS abuse and can be a business opportunity because this makes makes the implementation much easier. And what I've put into the chat is the dates for the next two webinars, because Thank you, Andrea's, from the audience. I had a had a typo on one of my slides. So the third webinar will take place on on the 10th of August and not on the 23rd of August. So I put the put the links into the chat so that you can register directly. I've also put into the chat, the link to top DNS and also to the DNS abuse Institute's compass project, so that you can also take a look at this one. And with this, I don't see the questions in the Questions pod and I currently also don't see any hands raised. If there are no questions right here right now I would like to give the floor to Theo who is currently preparing his screen for you.
Are you ready?
Let's give it a try. And I'm not familiar with this app. So it's going to be very interesting. So let's do a quick sanity check here. Do you see real time register DNS abuse monitor on large confirm? Yes,
we can. We can see the monitor and we are now curious to hear from you. How the QPI project is working for you and how you implement it from a registrar perspective. So the floor is yours.
Yeah, thank you very much. And we've been working with the QPR program for years now. We love it. Great discounts. Of course, we were familiar with it. I mean, as a Dutch register, the register scorecard from the Dutch registry is been has been around for ages I think. So that was always a very good source of getting discounts. But keeping those discounts, that is not a given in the current situation, or time or frame at the moment. I mean, there's lots of stuff going on. First, we have the expansion of cybercrime. I mean, things will get a lot more worse, there will be a lot more DNS abuse. So and DNS abuse can hit you straight out of nowhere. If you are having low levels of DNS abuse great, but don't take that for granted because it can change really, really quickly. And there's also been a relocation of DNS abuse. And a registrar, who has a high level of DNS abuse can have a million reasons to start to crack down on DNS abuse. For example, the QPI program is one if you are a registrar with a high level of DNS abuse, there's a carrot and the stick as Brian mentioned, and what you will see is as soon as they start focusing on the for example.org and they start to clean out cyber criminals that Tod, then auditing your lease that do not have a que QPI program. Those levels go go up because they're cyber criminals don't go away really quickly. They just try to find the easiest way to register domain names. So it's more likely if registrations for the or become more difficult or more clean. There's more control. The registrar's a little bit more aggressive than our deal. These will go up in DNSSEC use levels. So that's a side effect of the que QPI program. So I suspect, suspect at some point more and more registries will move to a QPI program because it makes more sense. I mean, there's more growth in it. So that makes sense. But that also means that if the same register with high use level starts to make the all the changes on a entire platform. Yes, then the DNS abuse at that register will go somewhere else and it could be you. It happened to us. So how do you deal with that? A couple of things you can do here. First of all, make sure you are aware of how DNS abuse how cyber criminals move along the Internet. This is just a website that aggregates a lot of information from cybersecurity. Researchers. And there's usually a lot of information that can be found here. The question is how do you show the leverage this information because the cybersecurity researchers do great work, do a lot of research that they don't come to you if they find out there's an issue with something there's some kind of scam going on. There's some kind of tech going on. Cybersecurity research do not contact you, but it is useful information. Now there is a solution for that. And it's called ot X. Oh GX is an open track change that you can find millions and millions of indicators. And this is just one cybersecurity research company that provides a lot of information about all these kinds of attacks. And it also provides information if there are domain names involved. All this information can be downloaded for free. The API uses this for free, and you don't have to set up a super complex system. Just download the information from our GX. match it with the domain names in your database. spit out a simple text result for a new already on your way to have your first monitoring system to detect abuse. That is what is vital. Make sure that you can keep the good discounts from UPI programs like PIR to make sure that if you suddenly notice an increase that you know which registrant IS THAT or WHICH reseller is causing the abuse levels, so you can act on it. So this is a first step if you will, to create your own detection monitoring system to detect DNS abuse. And again, this is for free. You don't have to pay them anything you could do. You get higher API usage levels. Another thing you can do and this is more on the preventive side is use something like block.com We don't use this but block.com provides you with information about IP addresses so you can block out a lot of bad stuff. You can incorporate this into your signup forms, registration forms, basically anywhere on your website, and then you can filter out proxies VPNs complete countries. I mean, if you are a Belgium registrar, for example, a web hosting company and builds you is your market. Then why would you accept all that traffic from China or Russia or Cuba or God knows where it doesn't make any sense? And you know, sometimes, if you want to keep low levels of abuse, it is as simple as reviewing your policies and procedures. You know, if you can e ICANN requirements for gTLD is where the email address needs verification. A lot of registrar's you know, provide a 15 day verification period. To me that doesn't make any sense because to me that is giving cyber criminals 15 days of verification. 15 days of uptime. So with us register, we verify first and then you get to use the domain name. So and that prevents a lot of abuse and to ask me how much well it's gonna depend on the cybercriminal the type of similar Sadko you're dealing with on your platform, but it can range from 20% to 80% reduction in DNS abuse. So that's pretty massive. Also, it's good to know how much DNS abuse you have already. Now I was going to show you DNS abuse test.com which is from the people from IQ global but somehow it isn't Brooking, but I could Global provides a view stats.com You simply sign up with an email address, you provide your name servers, and an hour later you get a completed report on how bad it is or how good it is. So that if you don't get all the nitty gritty details for that report, that gives you roughly an indication like okay, good, good, or it's bad. So that's something to keep in mind. Also, we talked a little bit when you are dealing with DNS abuse, you want to automate as much as you can. If you're a registered slash web hosting company. abuse.io is an open source abuse management system. This works fantastic on a web hosting level. You can incorporate feeds, you can sorta automate a lot of stuff here in your back end. It takes some time to set it up on your back end, but once you got it running, it's fantastic. And again, it's for free. Then there's DAP dot life which is a from the DNS research Federation. I don't know the prices yet. But from what I've heard, and I've seen, this is for smaller registrar's, who need to know more information about their domain names. It also comes with a couple of DNS abuse feeds showed it makes it really low key and low price to do something with all that information.
Then moving on.
Talk about a DNS abuse monitoring system. Now this is our system which we built a long time ago. The data goes back from 2018. It utilizes 75 reputation block lists. Do you need that many? No, you don't. That is the quick answer here. I mean, we've got some block lists that are especially focused on botnets. We haven't seen one hit from those reputation block lists since 2018. So obviously, not always need to have so many of them. If you want to have a complete monitoring. Thus but for the purpose of setting up a quick and dirty monitoring system to make sure you have an indication that abuse is happening because you want to act really, really quick. When DNS abuse is happening. I mean it if those guys are going to hit you, they will come a huge number. So you want to pick it up real quick. So every reseller or ICANN register reuses our back end services as a as access to this, they get hourly notifications. And of course, as Brian mentioned, you need to have low levels of DNS abuse to qualify for a huge chunk of the discount. Now we're looking here at the DNS abuse that we picked up since 2018 four.org. And with eight domain names or seven domain names, it's not much that we that we have DNS abuse on both levels, which is a good thing, because we like to keep it low. But it's a lot of hard work. I mean we have two people dedicated on it to make and we constantly are monitoring analyzing investigates thing and got an awful lot but we are doing it is a lot. Of course this information that you have come from several sources. If I can give you a couple of pointers, we get a lot of information from the Google safety Browsing API, which is for free. It is about 80% of all notifications that we get on DNSSEC. Huge comes from them. So set it up, leverage that API match it with the just pull the data from Google and mentioned that a domain into your system. Another good example is abuse.ch which has track fox and a view URL house. They are mostly focused on compromise domain names so that is a website and has been compromised. So you get a lot of information from criminal actors, like email tat and trick bot, who sort of compromised websites as part of their business operations. This information if you showed all the DNS abuse and you informed your customer, this information, which you see on the screen here you can basically also utilize that to upsell auto surfaces. I mean, you already know which of your customers has been hit. If it has been a compromised domain name. It is so easy to sell. Something like site lock a product like side lock could have prevented this. Then of course, there are opportunities out of products you can upsell or resell I mean there's tons of it out there. But you can use this information as an angle to upsell products. And if we talk about inflammation in general if I scan refers to the list then we see a lot more issues. And when I talk to resellers or auto registrar's I often get the shorter remark that scam advisor have a lot of false positives and that is not correct. First of all, scam advisor doesn't tell you if it's a scam tells you it might be a scam and they do that based on several metrics on information they have on the website slash domain name. So when I talked to our resellers, and I explained the process of how scammer Pfizer ranks them domain names, then it usually goes a little bit like this this conversation. I mean, we scan a domain name that is supposed to be a false positive. And then scammer fighter says okay, there isn't much traffic going on. So there isn't much visitors. That's an absolute excellent opportunity to sell whatever services you have on social media search, index optimization, etc, etc. And believe me when a customer sees his domain name on scam advisor all in the red with all these indicators. He is much more willing to use that to buy new products to make it better to get into the green. So those search engine optimization services that's something you can resell. scammer Faisal also knows if you have an SSL certificate, same as with the QPR program. Is there an SSL certificate yes or no? That makes a difference. It makes difference for the UPI it makes a difference from scammer fight. So if there's a SSL certificate is there no SSL certificate? Sell them? Any V certificate, good business. Also, scam advisor will tell you if the website is slow. If that's the factor, you can sell them a faster server so on and on. This information, leverage to other opportunities. We often think as DNS abuse as a as a risk, a cost. And it is it's also an opportunity to upsell your services and make your customers aware. And that is basically how we use or our resellers. Not all of them. It's not like there's a legion of resellers that are that are upselling all the surfaces based on this, that we definitely have a few who welcome the data from this program or from these feeds. So that's basically how we go about it. And of course when our resellers or if you as an registar actively start using the use of these RBLS you can actually steer into making the quality of the domain names better, which results in higher payouts from PIR and everybody wins. So that's it for me.
And I've gone through and really quickly.
You thank you very much. Thank you for for sharing your experience with QPR and also how you monitor the abuse level on your systems and how you share this information with your resellers and partners. And this is again a good opportunity to open the floor for questions and comments. So if anybody from the audience would like to ask something now is the right time to do so.
I don't see any hands raised I don't also also don't see any questions in the Questions pod.
Which means the
we maybe have pretty much covered it but do you have your hand raised?
If there are no more questions, maybe I want to share a parting shot so to speak, that might be of interest to you. You know in real time register. We do a lot of investigations on DNS abuse. And earlier this year, we noticed a new group from Vietnam and I think it's pretty good to share this information with you because what is going on is pretty brutal. So let me explain what happened to us. What happened to us was, we suddenly noticed a reseller that he has usually 10 to 10 registrations a day went up to 500 a day. And when we looked at it, we noticed that these were old registered contacts never from 10 years old. So at first we thought maybe it's legit, but given the volumes, we decided to check with the reseller and ask if they were running some kind of promo or discount. And it turns out that the registered accounts were being hacked at the reseller level. And these people are these criminals from Vietnam. They have a whole list of passwords and usernames from a lot of registrar's and a lot of that hosting companies and a lot of resellers. Because, as it turns out, this group is currently registering previous events and domain names about 100,000 domain names a week that I've been talking to several registrar's now and other resellers. And it seems that everybody is being hit by these guys. I talked to a registrar last night. They had 200,000 registrations on their platforms. That's a huge cost there because they got to get the money back from the registry there. So it's pretty brutal. And these guys are doing is they're registering these domain names, put a forwarder on it, and then an evil forwarder in this case, and it just collects all the data that comes in from all these systems that keep automatically automatically sending emails to these domain names. So that's what's been going on. And I'm sad to say that last Monday we had reseller number 10 being hit by these guys and they are excellent in exploiting your invoice systems, your billing systems. I've seen the most craziest stuff, the last six months in my life in my career, and I've been doing this a long time and it's just absolutely crazy. I've seen them with one reseller. I've seen them register one domain name through a store credit card, and then the register reseller would give them a promo code and they completely use that promo code system, giving discounts up to 99% for every other registration, so these criminals didn't pay much at that reseller at all, but the reseller lost about 20,000 euros. They're in a registration so that it's a it's a real thing, people and I hope it doesn't happen to you but keep an eye out. Thanks
you feel we have another hand and this is custom cheapness. So I would like to give the floor to Carson.
You should be able to speak
I thought you guys did that. My apologies. Yeah. What's more constant chief now from Berlin greetings from the German capital. So my question would go to to to Theo rather than to Brian. I still got my head around what these guys you spoke about Vietnamese people, what these guys are actually doing with the domain name. So just setting up websites and email services to collect like random inbound emails just doesn't fulfill a purpose yet, not on that massive scalability. So what's what what? I don't I can't get my head around what the purpose. The real purpose is. Thank you.
So started out in last year, and what they were doing was registering all domain names, and then they put Facebook phishing on it, which was easily detectable and they did it on a large scale also. And as well, getting a Facebook credentials. Now did switch gears. Now they're registered domain name, they don't put a website on it. So it looks like the domain name isn't very active until you go looking at a TXT records of the domain name. And then you see the full border surface plus the Hotmail address, which collects all the data for a domain name that is being sent. And it can be a lot I mean, I reregistered the domain name a couple of years ago. It used to belong to a antique shop. It was gone out of business like a couple of years ago. I still collect 60,000 emails a year on that catch old email address. So that's pretty massive, because social media companies will hammer those email addresses. Even if the domain name hadn't been registered for years. They still blast out all these email addresses. And it's not social media. I mean, web shops, you name it. I mean they keep on sending those automatically generated emails. So you can get a lot of data of the previous users those domains.
So in that instance, I mean, sending out the emails to a domain name that once has been registered was deregistered, then and then god Re registered again. So in the meantime, I would say that a lot of a lot of email bounces would go back to all those senders, but they simply do not care in that instance, is to just acknowledge or wouldn't even acknowledge the bounces but just put them to death. No and good. They're fine. They are, is that what they
do? Okay. GDPR would have an effect on data cleanup and accuracy of the data, but it's definitely not the case. I mean, they just blast away, even if that email address hasn't been around for decades. They just keep going on.
That's interesting. Have you thought about GDPR yet, but that's a good point in particular, I mean, yeah. So I would say that all these social media companies would put themselves at some kind of risk, at least, as in like the fees are what is it like, like up to 4% of the global turnover per year, so that is quite massive. So it's, it's not my problem, I would say. Thank you. Thank you for you.
Okay, thank you, Catherine. And one more question from my MP, for you would be what advice can you give to other registrar's who are interested in programs like UPI What the what they should consider and what the first step should be next to contact the Brian Of course.
I'll review all your processes, make sure that you have everything in order make sure that you know if you're a retail registrar make sure to have a is enabled. You know that makes a huge difference. But also know something simple as doing an export of your domain names on a daily basis as I tried to see for patterns. That makes pretty good sense on our end, we see a lot of stuff going on there. But you know, mostly be proactive and, you know, be aggressive. Don't be too afraid to take down domain names. You got to be careful with it and you need to do your due diligence. But if it's pretty obvious stuff, like phishing, from banks, you know, that is easy to detect, and there's easy to do something about it. You know, and if you don't take it down your risk being the next target for more and more criminals, and they will shop around I mean, the bar will get higher and higher. There will be more que QPI programs, there'll be more regulations will be more legislation, so the bar will be higher and higher. And these guys will need that domain names. So they will go shop around and if you haven't been hit by DNS abuse yet, you will at some point in time, that's just going to happen. It's not a question. If question when. Thank you.
Thank you, Brian. Is there anything that you would like to add?
Oh, just to say,
if you do have any questions about QPI how your registrar would perform that kind of thing. Don't hesitate to reach out but also I really want to thank you again, Lars but also really thank Theo. You know, hearing how to QPI makes sense from the registrar perspective is even more valuable than mine and hearing how it works from the registry side if we had something that was great for us but bad for the registrar's it's not a system that's tenable. So, thank you, Theo, as always for all of your thoughtful approaches to DNS. Views and to QPI.
Thank you, and as you already mentioned, and there, we need to also talk to about evidencing abuse online, and that will be the topic for for the next webinar of the series on the 13th of July. When Jeff Fetzer from CDNs will talk about standards and frameworks of evidencing abuse online. So please take advantage of the link that you can find in the chat to register for the next one of the series. By the way. I don't see any more questions. I don't see any hand race so thank you very much for participating. Thank you, Brian. Thank you. Thank you. And we're looking forward to the next webinar of the series. And please, also participate in the survey which you will see when you close the window of this webinar and provide feedback so that we can improve for the next time with this. Thank you for your participation. And a nice afternoon thank you