28 Abuse Prevention and Mitigation

Prototypical answer:

.uol Registrant Data (WHOIS) Policy:

As a closed registry, .uol registrant data shall always be real and valid information of the organizations that register a .uol domain, which will be UBN INTERNET, Universo Online S.A. or an affiliate of Universo Online S.A. Persons cannot register domains on .uol.

All registrant data will be verified off-line prior to a domain registration being completed. If requested by UBN INTERNET the registrant shall provide certified documents and or updated data in order to maintain WHOIS accuracy. Failing to provide timely responses for documents or data update requests can cause suspension (defined as the removal of domain publication within the DNS system) or cancelation of the domain.

Registration implies agreeing with legally-binding responsibilities for the domain; such responsibilities cannot be transferred to a third party without transferring the domain itself and such transaction reflected in the WHOIS data. WHOIS privacy or proxy services are not allowed and not recognized; domains registered in the name of an organization will be considered to belong to such organization.

.uol Prevention of Abuse Policy:

ʺThe registrant agrees to use the .uol domain being registered or renewed only for lawful and non-abusive purposes, including respecting trademark rights of Universo Online S.A. for the UOL mark.

UBN INTERNET defines abuse as the bad, wrongful or excessive use of privileges or power including but not limited to:
- Botnet command and control (a command and control infrastructure to manage a group of infected computers that receives orders from unauthorized users(s) through the network) ;
- Child entrapment or abuse ;
- Distribution of child pornography ;
- Deployment of circular references within the Domain Name System (DNS) using resources of UBN INTERNET, Universo Online S.A., NIC.br and⁄or other Top Level Domains (TLDs) ;
- Fast flux hosting (rapidly changing DNS records in order to prevent detection or mitigation of an abuse);
- Phishing (unsolicited communication or Web page that poses as being from a known institution to trick users into disclosing personal, privileged or financial data);
- Sending unsolicited bulk messages thru electronic mail, forums, instant messaging, mobile messaging, social networks or comment boxes ;
- Theft of any online service ;
- Unlawful or fraudulent actions ;
- Willful distribution of malware (any kind of software that executes malicious action on a computer system, like virus, worms, bots, trojan horses and root kits).ʺ
ʺ


----------------------------------

Abuse handling procedures:


Abuse detection procedures will be available by the an e-mail box abuse@nic.uol to receive abuse complaints. All abuse complaints will be considered to be possible breaches of contract and evaluated by UBN INTERNET abuse desk, possibly referring cases to UBN INTERNET legal department.

Target service-level for abuse and take action complaints is to set a course of action within one business day for all complaints. Staffing for this system is already part of UBN INTERNET abuse desk. Abuse and take action complaints from law enforcement will be given priority and skip queues.

-----------

.uol Take Action procedures:

ʺFor each abuse case one or more of these actions might apply:
- Remove DNS publication of the domain in cases where domain appears as only being used to exploit phishing, malware, bonnet command and control, fast-flux hosting, DNS circular references, child pornography distribution, child abuse and entrapment;
- Notice of abusive case to registrant ;
- Notice of abusive case to registrar ;
- Notice of abusive case to hosting provider(s) ;
- Notice of abusive case to appropriate computer incident response team ;
- Notice of abusive case to appropriate law enforcement authorities.

Preemptive measures like removing DNS publication will only be done to prevent further damages to the Internet community or endangered individuals and will have collateral damages of such actions assessed prior to reaching such a decision.ʺ


------------------------

.uol prevention of abusive transfer and⁄or cancellation:

All .uol domains wonʹt accept change of ownership or cancellation without authorization from proper UBN INTERNET corporate officials.

-------------------

Measures for dealing with glue records:
Internet Protocol (IP) address is this context refer to both IPv4 or IPv6 regardless of IP protocol version

- Host records wonʹt be allowed outside of domain objects. Glue records are only allowed as domain attributes and only allowed to be in-zone glue records (i.e, ns.example.uol for a example.uol domain)
- When a domain is removed from publication all of its glue records are also removed, so no orphan glue records can exist.
- When a domain is registered the supplied DNS servers are tested to validate proper authoritative response; the registration transaction requires previous DNS configuration. This prevents amplification attacks that could arise by setting DNS glue records to victim IP addresses.
- If an IP address used to be a DNS server moves to a new delegated organization there might be undesirable traffic towards that address. Take action notices for such glue records, even they are not orphaned, will be accepted from the RIR(Regional Internet Registry) registered WHOIS contact for that address space.
- As only in-zone non-orphan glue records are allowed, any evidence of a glue record being part of malicious conduct will be considered as malicious conduct of the domain it belongs to and will subject such a domain to anti-abuse or take action policies.

Similar gTLD applications: (0)