ICANN publishes the Domain Abuse Activity Reporting System (DAAR) methodology white paper and reviews...
Reviews of the Domain Abuse Activity Reporting #DAAR by Marcus Ranum and John Bambenek are now available, along with the initial draft of the DAAR Methodology white paper.
Spoiler Alert! Some excerpts from the reviews:
"the DAAR system is a straightforward implementation of a good idea"
" The way DAAR is described is good; it is very neutral, informative, and non-threatening."
"having such a system to analyze abuse data at a per-capita level for TLDs and Registrars is exciting"
"The description is thorough and complete, so another person could reproduce the results to provide verification of the outputs from DAAR... a moderately informed person with enough resources could reproduce a system similar to DAAR to verify the results."
"DAAR is an accurate, useful system that will offer a valuable historic view into a significant security problem that affects the internet. It uses valid methods to predictably compile data from sources that are accurate within its daily cycle"
And on the question of whether spam is a security threat, both subject matter experts concur: of course!
Having devoted several years to this project, I feel vindicated and hopeful that an "abundance of caution" has been satisfied and that ICANN will soon publish reports that can shed extraordinary insights into domain abuse over the past two years.