28 Abuse Prevention and Mitigation

Prototypical answer:

1. Overview

Valuetainment is not blind to the fact that in theory certain abuse scenarios and activities are thinkable and therefore several measures to prevent and to mitigate abuse will be deployed. In particular Valuetainment will implement the following policies upon the launch of the new .VOTINGgTLD, which will also be made available prominently on the Valuetainment’s website:

• .VOTING Domain Name Policy (DNP)
• .VOTING Abuse Reporting and Takedown Policy (ARTP)

2. General Provisions against Abuse under .VOTING
2.1 Legal Safeguards
All policies will be made binding for all registrants by contractually obligating sponsoring registrars through the Registry-Registrar Agreement (RRA) to pass on the above mentioned policies as part of their registration agreements.
These abuse protection mechanisms will described in the following.

DNP will contain provisions reserving Valuetainment the right to deny, cancel or transfer any registration, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, at its discretion (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests by law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Valuetainment, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) in accordance with the terms of the registration agreement or (5) to correct mistakes made by Valuetainment or any registrar in connection with a domain name registration.

The DNP will clearly state, that the registrant will enter into a direct agreement with Valuetainmentapplying for and registering a .VOTING domain name giving the registry the right to reject an application for a .VOTING domain name and⁄or to delete or cancel a .VOTING domain name registration directly.

Abusive activities during the operation of the .VOTINGgTLD registry system will be categorized as follows:

• Abusive registrations of names under the .VOTINGgTLD.
• Abusive use of a domain name under that TLD („Malicious Use“)
• Abuse of the registration processes, the technical interfaces, infrastructure of the Registry systems and the DNS network itself.

With respect to the first (and also parts of the second) category, ICANN’s “RAP” WG (Registration Abuse Policies Working Group) has produced an illustrative categorization of known abuses in their “Registration Abuse Policies Working Group Final Report” (http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf, dated 29 May 2010). The anti-abuse measures of the proposed gTLD registry largely follow the RAPs recommendations for the individual abuse scenarios. More details on the individual countermeasures are included below.

Furthermore, the proposed registry also takes into considerationthe ICANN Security and Stability Advisory Committee’s document “SAC 048” (“SSAC Comment on Orphan Glue Records in the Draft Applicant Guidebook”) as well as “SAC 023” (“Is the WHOIS Service a Source for email Addresses for Spammers?”).
2.2 WHOIS Accuracy Measures
Valuetainment understands that WHOIS accuracy is of prime importance to keep the .VOTINGS namespace safe and to gain the public’s trust for the namespace.

As .VOTINGgTLDs will principally be available to the general public without pre-validation prodecures, Valuetainment is well aware of the fact that strict and enforceable mechanisms are needed to keep the WHOIS accurate at all times.

As described in the answer to Question 26, WHOIS records for .VOTING will be provided as a so called “thick” WHOIS. All relevant information and data of a .VOTING registration will be stored in a general location.All sponsoring registrars will need to agree to RRA provisions making them responsible to provide current, accurate and complete information from the respective registrars.

The .VOTINGregistry operator will be responsible for monitoring such information and records to ensure that registrars are complying with the contractual agreements to provide accurate and complete data. Incomplete and⁄or blatantly inaccurate data will result in a notification send to the respective sponsoring registrars who has submitted the inaccurate data. Registrar or registrant are required to respond to such inquiries regarding the accuracy of the Whois data within 30 days. Sponsoring registrars unable to verify the accuracy of the Whois data or fail to receive such missing information from the registrant within thirty (30) days are obliged to delete the name at the end of the thirty-day period.

Valuetainmentwill grant such .VOTING domain names a redemption grace period during which the registrant may only re-activate the domain name upon verification of the accuracy of its Whois data. Should the registrant fail to do so, the .VOTING domain name will be made available for public registration. It will however be possible for Valuetainment and⁄or a sponsoring registrar to suspend or delete a domain name in less than 30 days, should the circumstances require such actions (i.e. sponsoring registrars and⁄or registrants who fraudulently submitted Whois data.).

Third parties will be able to report Whois inaccuracies by using the abuse point of contact described below in detail. Such reports will, after they have been validated by Valuetainment’s abuse team, result in the procedure describe above.

Additionally , ICANN’s WHOIS Data Problem Reporting System (WDPRS) will be available to anyone wishing to file a complaint regarding the accuracy or sufficiency of WHOIS records within .VOTINGgTLDs.

3. Abuse Contact and Abuse Handling Provisions

The .VOTING registry operator will establish and publish a single abuse point of contact on its website. This contact is responsible for addressing matters requiring expedited attention and for providing a timely response to abuse complaints concerning all names registered in the .VOTING, through all registrars of record, including those involving a reseller.

The whole procedure will be governed by the .VOTING Abuse Reporting and Takedown Policy (ARTP). The “ARTP” will provide third parties affected or believing they are affected by illegal .VOTING use with a transparent and structured route which the complaint procedure follows.

The key points of are:

• The complaints procedure is open to any user;
• Users must give at least one email address where they can be notified of the status of the complaint procedure;
• Depending on which abuse variant they select, users are obliged to supply certain additional information; there is also the option to upload e.g. screenshots or other files for the purposes of evidence;
• If the predefined abuse forms do not fit, users can enter their own information which must meet certain minimum standards for length (to prevent abuse of the form);
• Users must state in every case for which .VOTING domain names a complaint is being submitted;
• Users must finally declare in every case that all the information submitted is true; the form is secured by a CAPTCHA query.

The abuse point-of-contact will be responsive and effective, tasked with answering email quickly, empowered to take effective action, and guided by well-defined written criteria. After sending the web form the user will be provided in all cases with an automatically generated email containing an tracking or case number.

As standard practice, the .VOTING registry operator will forward all credible and actionable reports to the legal team at Schollmeyer&RickertRechtsanwaltsgesellschaftmbH (www.anwaelte.de), a law firm which will ensure that the abuse point-of-contact has broad familiarity with current industry knowledge and a high-level awareness of evolving online security risks. The responsible partner is Attorney at law Thomas Rickert, who has considerable expertise in this area. Thomas Rickert has been the manager of a hotline taking complaints about illegal content and conduct on the Internet operated by eco Verband der deutschenInternetwirtschafte.V. (www.eco.de) for several years. In addition to that he has been in the project managment of a tip line operated by eco and FreiwilligeSelbstkontrolleMutimediadienstee.V. (see www.internet-beschwerdestelle.de). Further, he was President of the Inhope Association (www.inhope.org), an international network of such hotlines, who co-operate with Law Enforcement, Internet Service Providers, Governments and NGOs to provide for efficient counter measures against the downside issues on the Internet, in particular child abusive material.

Thomas Rickert has also been advising registrars and working on domain disputes for 14 years and is a well-known expert in this area. Thomas Rickert has also been in the project management of the Spotspam project, a pilot project financially supported by the European Commission aiming at the facilitation of international co-operation in the fight against unsolicited electronic communication. He was also project manager of the ICRAdeutschlandindustry consortium which aimed at promoting user autonomous filtering systems to protect minors from being exposed to harmful content online.
The law firm has seven attorneys so that an efficient abuse management can be granted even if the volume of complaints should be high at times.

After receiving the report, the law firm will determine the appropriate actions and notify the respective sponsoring registrar with a recommendation on what action should be taken. The recommendation also states the type of infringement and the legal basis of the sanction, such as the applicable terms of use, ICANN policies, applicable laws or the DNP.

The standard procedure will be:

• the registrant will receive the complaint by email and is obliged to process and reply to all correspondence forwarded by the abuse contact ⁄ the registrar without delay, and at least within 48 hours,
unless a third party has set a shorter period or there is other specific need for speed;
• with the response, the registrant must state whether he wishes cure the alleged breach or to defend against the third party allegation;
• a matter is settled when the registrant evidences to have cured the breach within the deadline given;
• should a registrant fail to respond to the request of the abuse contact ⁄ the registrar in time, the following procedures (but are not limited to) to stop malicious shall apply:
o locking the domain and putting it on hold in order to prevent changes to the domain and to remove it from the .VOTING name space,
o deleting the domain name and blocking it from further registration to prevent future abuse.

Reports and requests from competent authorities, law enforcement and⁄or courts receive top priority. These parties will receive priority contact options to ensure quick and proper reactions. Such requests will be handled and resolved by Valuetainment’s abuse team without delay, the latest within 24 hrs.

Escalation rules (defining which steps are to be taken in which order and conditions for moving on to the next, more drastic measure) are part of the policy. In all cases Valuetainment reserves the right to act directly and immediately in cases of obvious and significant malicious conduct. Should Valuetainment (or the sponsoring registrar) decide to suspend a specific domain name the suspension request will be fulfilled as described below.

The ARTP will be announced to sponsoring registrars and to registrants and will be part of the Registry-Registrar Agreement (RRA) and the DNP.


4. Potential Registration Abuse Categories and Countermeasures

As outlined above ICANN’s RAPWG has identified a number of potential abuse categories (see chapter 5 of their document). These correspond to the first bullet point of the potential abuses of a Registry as listed in section 1 above (“Abusive Registrations”).

The proposed registry system addresses these individual categories as follows:

4.1 Reserved ⁄ blocked .VOTING domain names

As a first layer of security on the registration level Valuetainmentwill exclude (blocked from and⁄or reserved for registration and⁄or internal usage by Valuetainment) certain domain names for abuse prevention reasons from registration:

• names which are reserved on behalf of ICANN are not available at the second level and at all other levels within the .VOTINGgTLD;
• certain pornographic, defamatory or discriminatory words and expressions will be blocked from registration;
• the official names of cities, authorities, institutions and regions are blocked from general registration and will only be available to the respective entitled parties;
• as .VOTING gTLDs might be of particular interest to official political parties, Valuetainment will reserve such domain names making them only available to the respective political parties;
• certain Premium Names will be blocked from general registration and will be sold and⁄or auctioned off byValuetainment;
• finallyValuetainmenthas the right to reserve certain .VOTING domain names for personal and ⁄ or internal usage.

4.2 Cybersquatting

Abuses from cybersquatting cases in the proposed gTLD will be addressed by using ICANN’s existing and well know Uniform Dispute Resolution Process (“UDRP”). However, registry staff will also closely follow developments regarding Rights Protection Mechanisms within ICANN and will investigate potential paths towards adoption of such processes once they are clearly defined for the gTLD registry space.

Please refer to the answer to Question 29 for more detailed information on these measures.

4.3 Front-Running

Even though the RAP does not recommend any specific action regarding this issue, the proposed registry will a) treat all logfiles and any other information that reflectsuser interests in a particular domain name as confidential. Such data and log information will only be available to staff with actual operational requirements to access those files, and b) will include a respective provision in the gTLD’s registrar accreditation agreement that such data is to be kept confidential and may to be used to contact the respective potential costumer.

4.4 Gripe Sites; Deceptive and Offensive Domain Names

In line with the RAP WG recommendation, the proposed gTLD registry will not develop best practices to restrict the registration of offensive strings. It is believed that the existing UDRP, in addition to court decisions (which the registry will obviously be bound by) provides sufficient,independent action against such potentially abusive names.

Please refer to the answer to Question 29 for more detailed information on these measures.

4.5 Fake Renewal Notices

The registry will not, in line with the RAPs recommendations, implement any specific countermeasure withinits registry systems and services. As the registry is required to provide accurate and complete WHOIS information for all domain names (which is believed to be the information source for such notices) it is not feasible to implement such measures at this level. It is understood that ICANN continually monitors this issueand will take necessary countermeasures against registrars associated with such practices.

The registry will, however, post warnings on their website about any clearly fraudulent (and clearly illegal) renewal and expiration notices of which its staff becomes aware and will take legal measures against registrars performing such illegal, fraudulent acts.

4.6 Name Spinning

This is considered to be a practice employed mainly by registrars in a legitimate way to offer users more choice and⁄or alternatives should their desired name already be taken. As such, it is believed that it is within the registrar’s responsibility to use those techniques in a considered manner. In reality it is not possible for the registry to differentiate between a legitimate domain namerequest, say one manually entered by a user, and a domain name request that was “spun” by the registrar.

In the event that such name spinning practices could lead to trademark infringements on a domain name, the UDRP allows for appropriate action to be taken against the holder of such a name.This follows the RAP’s recommendation.

4.7 Pay-Per-Click

In agreement with the RAP position, this is considered to be an indirect and purelyweb related issue that does not have a directrelationship to the registration of domain names. In most cases, pay-per-click is a legitimate revenue source for domain name owners and web site operators. Any potential misuse of such practices must be out of scope for the Registry and again any trademark cases are expected to be brought forwardusing the UDRP or URS.

4.8 Traffic Diversion

In accordance with the RAP position, this is again a web related issue and no specific countermeasures have been implemented within the registry’s operations.

4.9 Domain Kiting ⁄ Tasting

In order to prevent mass domain kiting ⁄ tasting (as it was observable in gTLD and ccTLD registries), the Registry will implement the “Add Grace Period Limits Policy” (http:⁄⁄www.icann.org⁄en⁄tlds⁄agp-policy-17dec08-en.htm), which efficiently removes the financial advantage of domain kiting ⁄ tasting and hence significantly reduces the volume of such registrations. All registrars will obviously be treated identically in this respect with no exemptions from that policy.

5. Abusive Use of a Domain Name

Corresponding to the second bullet in the list above (“Abusive Use”), the RAP WG has also provided an analysis in their Final Report. Valuetainment will implement strong safeguards and countermeasures to prevent the abusive usage of .VOTING domain names.

Abusive Use of a Domain Name is defined in the DNP as:
• Violation of applicable laws or regulation; in particular the provisions of the German Criminal Code, the German Youth Protection Act and the German Interstate Treaty on the Protection of Minors in the Media (JMStV).;
• Use of a domain to publish content and to conduct votingswhich incite to hatred against parts of the population or against a national, racial, religious or ethnic group, content which glorifies violence, content which violates
the human dignity, content which denies or plays down acts committed under the National Socialist regime;
• Distribution of child abusive material;
• Use of a domain name for the dissemination of spam, i.e. unsolicited bulk electronic communication (e-mail, instant messaging, on websites, in forums or mobile messaging) or advertising a domain name by means of spam;
• Use of a domain name for Distributed Denial-of-service attacks (“DDoS attacks”);
• Use of domain names in phishing activities, tricking Internet users into divulging personal data such as names, addresses, usernames, passwords, or financial data;
• Use of domain names in pharming , such as DNS hijacking and DNS cache poisoning;
• Use of domain names for the intentional distribution of malicious code such as spyware, botware, keylogger bots, viruses, worms or trojans;
• Use of domain names to command and control botnets , i.e. a network of compromised computers or “zombies,”
• Use of domain names in activities intended to gain illegal access to other computers or networks (“hacking”), as well as any activity to prepare for such a system penetration; or
• Use of a domain name fast flux hosting, disguising the location of internet addresses or Internet services.

Additionally, as detailed in the answer to Question 29 (Rights Protection Mechanisms), Valuetainment takes extensive measures to protect third party rights with regard to .VOTING domain names. This includes

• conducting a Sunrise phase to allow trademark holders to secure names related to their trademarks prior to general availability;
• accessing the Trademark Clearinghouse to validate trademarks presented by registrants;
• offering the Trademark Claims Service, not only during the first 60 days of general availability, but on a continuous basis;
• taking precautions against phishing and pharming and
• committing to full compliance with established Dispute Resolution and Suspension Procedures, including the Uniform Rapid Suspension (URS), the Trademark Post-Delegation Dispute Resolution
Procedure (Trademark PDDRP) and the Uniform Domain Name Dispute Resolution Policy (URDP)

Please refer to the answer to question 29 for more detailed information on these measures.

6. Registry Interfaces Abuse

The registry will employ the following countermeasures to protect against abuses of the registry systems and the DNS network itself:
6.1 WHOIS data harvesting

WHOIS access is a critical and vital serviceprovided by any gTLD registry and the Registry will obviously comply with ICANN’s requirements for WHOIS access.

However, as indicated in the SSAC’s document “Is the WHOIS Service a Source for email Addresses for Spammers?”, WHOIS abuse can be considered to be one of the primary meansto generate email address lists for the purposes of sending unsolicited email, in particular the practice of mass harvesting information from the WHOIS. It is also believed that the WHOIS is the main source of data for generating fake renewal notices. To protect against harvesting of registration data (and particularly, email addresses), the registry will employ the following countermeasures:

• WHOIS query rate limits: All access to whois data will be query rate limited on a per-IP-address basis (for IPv4) and a per-prefix basis (for IPv6), with a daily limit of 25 WHOIS queries per IP address⁄prefix. Once this limit is reached,
the WHOIS server responds with a relevant notification message instead of the standardWHOIS answer (The query limits may be reviewed and adapted by the Registry operator from time to time). IP-Ranges of accredited registrars
(and other IP-ranges, eg. ICANN itself, UDRP and URS service providers etc) will be excluded from thoserate limiting measures. This will allow legitimate usage of the service while at the same time make it very difficult to harvest data
on a large scale.
• Email⁄Phone⁄Fax privacy: The EPP implementation of the “contact” object provides a mechanism that allows a registrar to define whether or not the “email”, “phone”, and “fax” fields of the contact object shall be publicly disclosed
(i.e. “contact:disclose” element). The registry will set these fields to “do not disclose” by default, however, registrars can modify this setting via the normal EPP command stream. When a flag for a certain field is set to “do not disclose”,
the respective field will be omitted from anonymous WHOIS outputs, providing a minimum level of privacy to registrants. To allow for various business processes, IP Ranges of accredited registrars (and other IP-ranges as needed, eg.
ICANN itself, UDRP and URS service providers) will still need to see the full data set, including those fields marked as “do not disclose”.
• WHOIS monitoring: The WHOIS service will be monitored in order to identify unusual activity on the interface

The countermeasures above provide a well-balanced compromise between the requirements to provide access to WHOIS data and the basic data protection rights of registrants. More information about the WHOIS service provided by the registry is contained in response to Question 26.
6.2 EPP Interface Abuse

As described in the answers to the SRS, EPP and security questions (Question 24, 25 and 30, respectively), the EPP interfaces of the Registry are heavily firewalled, are only accessible from IP-ranges of accredited registrars and are protected by EPP authenticationmechanisms. As such, abuse of those interfaces (such as DDoS, brute-force attacks against username⁄password combinations etc) can only be performed from networks of parties with which the Registry Operator has a legal agreement. Additionally, EPP interfaces are rate-limited at the network layer.

Registars are obliged by the RRA to represent and to warrant that they are technically able to deliver and to perform its obligations under the RRA which means, that each registrar is contractual obliged to

• not abuse the EPP Interface;
• employ all necessary and current technology and all needed restrictions to ensure safe and secure connections;
• informValuetainment immediately in the event of a data security breach on his side (e.g leaked passwords).
•
Should a registrar fail to comply with such provisions he’s obliged to indemnify Valuetainment. Depending on the breach of its obligations, Valuetainment has the right to cancel the respective RRA resulting in the obligation of the affected registrar to immediately transfer its sponsorship of registered .VOTING domain names to another registrar.
6.3 DNS Interface Abuse
Public nameservers, hidden masters and the signing infrastructure is configured and firewalled so that they allow NOTIFYs and UPDATEs from the required addresses only. In order to prevent zone walking and load peaks, zone transfers from the DNS infrastructure are disabled.

7. Management and removal of orphan glue records

It is understood, that inline with the SSAC’s comments in http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf, glue records have a vital function in the correct and normal operation of the DNS but that they can also be used for malicious purposes.
In order to prevent such malicious usage, the registry performs glue record management in accordance with the following policy:

• Provisioning of host objects with glue: In line with the EPP RFCs, glue record (“internal”) host objects can only be provisioned when the superordinate (parent) domain name exists in the registry. Host objects that are not under the TLD managed by the registry (“external hosts”) can never have A or AAAA records
• Deletion of domain with subordinate glue record hosts: When a domain name transitions from a “REGISTERED” to a “REDEMPTION” status (for example, via the EPP “delete domain” command, or via expiration), the domain name itself is removed from the DNS, however any glue records under the deleted domain are kept in the zone temporarily. Other registrars who are affected by a potential impact on DNS service due to the upcoming removal of the host from their domains are notified via the EPP message queue.
• Subsequently, when the domain name transitions from a “REDEMPTION” to a “PENDING DELETE” status, the glue records under the affected domain name are revoked from the DNS, but still exist in the SRS database.
• In the last step of the deletion process (transition from “PENDING DELETE” to “AVAILABLE”), the glue record host objects are deleted together with the domain and are also removed from any other domain name in the registry that still uses those hosts.
This policy effectively prevents misuse of orphan glue records in the registry since the status of a host object always follows the status of the superordinate domain. As a result glue records can never exist for domains that are not in the registry database. Additionally, keeping the glue records in the zone during the redemption period together with notification to Registrars significantly reduces the risk of other domainsbeing impacted and reduces the effort required by a registrar in the event that the domain is subsequently restored.

However, in addition to this procedural policy outlined above, the registry operator will also act on documented evidence that glue records are present and used inconnection with malicious activity by subsequently removing such glue records manually.

8. Ressourcing Plan

The abuse management is outsourced to Schollmeyer&RickertRechtsanwaltsgesellschaftmbH, a law firm that has seven attorneys plus additional support staff so that an efficient abuse management can be granted even if the volume of complaints should be high at times. The abuse management will be rendered on the basis of a fix fee as already included in the financial projections. There will be no additional costs for Valuetainment.

8.1 CERT.atis a department of the backend provider

It is important to note that the Austrian CERT (Computer Security Emergency Response Team - http:⁄⁄www.cert.at⁄), staffed with 5 full-time-equivalents is a department within nic.atand shares offices with theregistry operations team. Hence, world class security and anti-abuse expertise is committed to beavailable literally „next door“ to the registry operations centre.

Similar gTLD applications: (0)