28 Abuse Prevention and Mitigation

Prototypical answer:

28.1 Abuse Prevention and Mitigation

NFL Reg Ops and its registry service provider, Neustar, understand that preventing and mitigating abuse and malicious conduct in the .nfl TLD is a weighty and critical responsibility. NFL Reg Ops will leverage Neustarʹs extensive experience in establishing and implementing registration policies to prevent and mitigate abusive and malicious domain activity within the proposed .nfl space.

A responsible domain name registry works towards the eradication of abusive domain name registrations and malicious conduct, including, but not limited to, those resulting from:

-Illegal or fraudulent actions
-Spam
-Phishing
-Pharming
-Distribution of malware
-Fast flux hosting
-Botnets
-Distribution of child pornography
-Online sale or distribution of illegal pharmaceuticals.

By taking an active role in researching and monitoring botnets that use fast-flux DNS, NFL Reg Opsʹ partner, Neustar, has developed the ability to efficiently work with various law enforcement and security communities to begin a new phase of mitigation of these types of threats.

Policies and Procedures to Minimize Abusive Registrations

A registry must have the policies, resources, personnel, and expertise in place to combat such abusive DNS practices. Neustar, NFL Reg Opsʹ registry services provider, has taken a prominent role in preventing such abusive practices and is one of the few registry operators that has developed and implemented an active ʺdomain takedownʺ policy. NFL Reg Ops and believe that combating DNS abuse is important in protecting registrants.

Removing the domain name from the zone before it can cause harm is often the best preventative measure for thwarting certain malicious conduct such as botnets and malware distribution. Because removing a domain name from the zone will stop all activity associated with it, including websites and e-mail, a zone removal decision should follow a thorough and documented process, culminating in a determination that the domain name at issue threatens the security and stability of the registry or the Internet.

Abuse Point of Contact

As required by the Registry Agreement, NFL Reg Ops will establish and publish on its website a single abuse point of contact responsible for addressing inquiries from law enforcement and the public related to malicious and abusive conduct in the .nfl TLD. NFL Reg Ops will also provide this information to ICANN before delegating any domain names in the .nfl TLD. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of malicious conduct complaints, and a telephone number and mailing address for the primary contact. NFL Reg Ops will ensure that this information is accurate and complete, and will provide updated information to ICANN as needed. In addition, Neustar shall have an additional point of contact, as it does today, for ICANN-accredited registrars that have entered into a Registry-Registrar Agreement with NFL Reg Ops.

28.2 Policies Regarding Abuse Complaints

NFL Reg Ops will adopt and implement an Acceptable Use Policy that (i) clearly delineates the types of activities that will not be permitted in the .nfl TLD ; (ii) reserves NFL Reg Opsʹ right to lock, cancel, transfer or otherwise suspend or take down domain names violating the Acceptable Use Policy; and (iii) identify the circumstances under which NFL Reg Ops may share information with law enforcement. NFL Reg Ops will incorporate its .nfl Acceptable User Policy into its Registry-Registrar Agreement.

Under the .nfl Acceptable Use Policy, which is set forth below, NFL Reg Ops may lock down the domain name to prevent any changes to the domain name contact and nameserver information, place the domain name ʺon holdʺ rendering the domain name non-resolvable, transfer the domain name to another registrar, and⁄or in cases in which the domain name is associated with an ongoing law enforcement investigation, substitute name servers to collect information about the DNS queries to assist the investigation.

It is important to note that NFL Reg Ops intends that registration and use of .nfl domains will be restricted to itself, its Affiliates, and the thirty-two NFL Member Clubs; that there will be no resellers of .nfl domains; and that there will be no market in .nfl domains. Accordingly , the potential for abusive registration, malicious conduct, and other activities that have a negative impact on Internet users is minimal. In the unlikely event that such abuse occurs, NFL Reg Ops and its registry service provider, Neustar, will implement the following policies and processes to manage such activities.

--.nfl Acceptable Use Policy--

This Acceptable Use Policy gives NFL Reg Ops the ability to quickly lock, cancel, transfer or take ownership of any .nfl domain name, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of NFL Reg Ops, or any of its registrar partners - and⁄or that may put the safety and security of any registrant or user at risk. The process also allows NFL Reg Ops to take preventive measures to avoid any such criminal or security threats.

The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring by NFL Reg Ops or its partners. In all cases, NFL Reg Ops or its designees will alert NFL Reg Opsʹ registrar partners about any identified threats, and will work closely with them to bring offending sites into compliance.

The following are some (but not all) activities that may be subject to rapid domain compliance:

-Phishing: the attempt to acquire personally identifiable information by masquerading as a website other than .nflʹs own.
-Pharming: the redirection of Internet users to websites other than those the user intends to visit, usually through unauthorized changes to the Hosts file on a victimʹs computer or DNS records in DNS servers.
-Dissemination of Malware: the intentional creation and distribution of ʺmaliciousʺ software designed to infiltrate a computer system without the ownerʹs consent, including, without limitation, computer viruses, worms, key loggers, and Trojans.
-Fast Flux Hosting: a technique used to shelter Phishing, Pharming and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP address associated with fraudulent websites are changed rapidly so as to make the true location of the sites difficult to find.
-Botnetting: the development and use of a command, agent, motor, service, or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.
-Malicious Hacking: the attempt to gain unauthorized access (or exceed the level of authorized access) to a computer, information system, user account or profile, database, or security system.
-Child Pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

NFL Reg Ops reserves the right, in its sole discretion, to take any administrative and operational actions necessary, including the use of computer forensics and information security technological services, among other things, in order to implement the Acceptable Use Policy. In addition, NFL Reg Ops reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of NFL Reg Ops as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement; or (5) to correct mistakes made by NFL Reg Ops or any its authorized registrars in connection with a domain name registration. NFL Reg Ops also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

Taking Action Against Abusive and⁄or Malicious Activity

NFL Reg Ops is committed to acting in a timely and decisive manner against .nfl domain names associated with abuse or malicious conduct in violation of the Acceptable Use Policy. After a complaint is received from a trusted source or third party, or is detected by NFL Reg Ops, NFL Reg Ops will use commercially reasonable efforts to verify the information in the complaint. If that information can be verified to the best of NFL Reg Opsʹ ability, the sponsoring registrar will be notified and will have 12 hours to investigate the activity and either (a) take down the domain name through a hold or deletion; or (b) provide NFL Reg Ops with a compelling argument as to why the domain name should be taken down. If the registrar has not acted within the 12-hour period (i.e., is unresponsive to the request or refuses to take action), NFL Reg Ops will place the domain on ʺServerHoldʺ. Placing the domain on ʺServerHoldʺ due to registrar inaction is unlikely because NFL Reg Ops will likely be using a single, gateway registrar with which it has a contract requiring the registrar to act within 12 hours. ServerHold removes the domain name from the .nfl zone, but the domain name record still appears in the .nfl WHOIS database so that the name and entities can be investigated by law enforcement should they desire to get involved.

Coordination with Law Enforcement

With Neustarʹs assistance as its back-end registry services provider, NFL Reg Ops can meet its obligations under Section 2.8 of the Registry Agreement to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its .nfl TLD. NFL Reg Ops will respond to legitimate law enforcement inquiries promptly upon receiving the request. Such response shall include, at a minimum, an acknowledgement of the requestʹs receipt, questions or comments about the request, and an outline of NFL Reg Opsʹ next steps to address the request rapidly.

If the request involves any activities that NFL Reg Ops can validate and that violate the .nfl Acceptable Use Policy, the registrar for the domain name at issue will have 12 hours to investigate the activity further and either (a) take down the domain name through a hold or deletion; or (b) provide NFL Reg Ops with a compelling argument as to why the domain name should be taken down. If the registrar has not acted within the 12-hour period (i.e., is unresponsive to the request or refuses to take action), NFL Reg Ops will place the domain on ʺServerHoldʺ.

28.3 Measures for Removal of Orphan Glue Records

As the Security and Stability Advisory Committee of ICANN (SSAC) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the ʺdominant use of orphaned glue supports the correct and ordinary operation of the DNS.ʺ See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.

While orphan glue often support correct and ordinary operation of the DNS, such glue records can be used maliciously to point to name servers that host domains used in illegal phishing, bot-nets, malware, and other abusive behaviors. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in DNS. Therefore, when NFL Reg Ops has written evidence of actual abuse of orphaned glue, it will remove those records from the zone to mitigate such malicious conduct.

Neustar runs a daily audit of entries in its DNS systems and compares those with its provisioning system, which serves as an umbrella protection to confirm that items in the DNS zone are valid. Any DNS record that shows up in the DNS zone but not in the provisioning system is flagged for investigation and removed if necessary. This daily DNS audit prevents orphaned hosts and also flags other records that should not be in the zone.

In addition, if either NFL Reg Ops or Neustar becomes aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.

28.4 Authentication of Registrant Information

As stated in its response to Question 18, it is anticipated that only NFL Reg Ops, its Affiliates, and the thirty-two NFL Member Clubs (the ʺEligible .nfl Registrantsʺ) will be permitted to register and use .nfl domain names. Before any .nfl domain name is registered, NFL Reg Ops will confirm through certain procedures that all registrants are Eligible .nfl Registrants and that only Eligible .nfl Registrants are permitted to register .nfl domain names.

NFL Reg Ops will coordinate with its Affiliates and the NFLʹs thirty-two Member Clubs to compile a list of the entities that are Eligible .nfl Registrants and the persons authorized to register .nfl domain names on their behalf. NFL Reg Ops will require all registrars that wish to enter into a Registry-Registrar Agreement to agree to abide by strict domain name registration guidelines. Each qualified registrar must validate certain contact information to determine if a potential registrant is an Eligible .nfl Registrant before proceeding with a .nfl registration.

Registrars may use a number of procedures for eligibility verification such as:

1. An automated authentication process to authenticate that the prospective registrant is an Eligible .nfl Registrant;
2. Registrar-conducted authentication of whether a prospective registrantʹs e-mail address is included in a pre-approved registrant list;
3. Contacting NFL Reg Ops if the registrar is unable to verify that a prospective registrant is an Eligible .nfl Registrant; and
4. Requiring each prospective registrant to represent and warrant that it is an Eligible .nfl Registrant, that it will comply will all .nfl policies, and that neither the registration of the domain name nor its use infringes or will infringe the legal rights of third parties.

28.5 Measures to Promote Whois Accuracy

NFL Reg Ops will implement several measures to promote Whois accuracy. NFL Reg Ops will retain essential contact details for each .nfl domain name in a system that facilitates access to the domain contact information. NFL Reg Ops intends to implement internal checks and procedures so that Whois data is accurate and complete.

As noted above, NFL Reg Ops will authenticate that all registrants of .nfl domains are Eligible .nfl Registrants and that only Eligible .nfl Registrants register .nfl domains. Many of the procedures applicable to eligibility verification may also be applied to Whois accuracy.

NFL Reg Ops will, and its registrars will be contractually required to, periodically check the Whois records of a certain percentage of .nfl domains. More specifically, contact details and relevant .nfl registrant information will be verified, and such information shall be compared against previous Whois records and contact information. NFL Reg Ops anticipates that Whois records of approximately 25% of .nfl domains will be checked quarterly. If such checks disclose that Whois data is inaccurate, the registrant of the relevant .nfl domain name will be notified and provided with a reasonable period of time within which the inaccuracy must be corrected. A .nfl registrantʹs failure to do so will affect its continued use of the .nfl domain in question.

NFL Reg Ops intends to comply with ICANNʹs Whois policies and requirements and to require its registrars to do so. Although the restricted number of Eligible .nfl Registrants makes it quite unlikely that .nfl domains will be the subject of Whois Data Problem Reports, registrars of .nfl domains will be required to promptly and thoroughly respond to such reports. In addition, .nfl-accredited registrars must comply with the Whois Data Reminder Policy and may be requested to provide NFL Reg Ops with documentation of their compliance efforts.

28.6 Resourcing Plans

Responsibility for abuse mitigation rests with a variety of functional groups. The Abuse Monitoring team is primarily responsible for providing analysis and conducting investigations of reports of abuse. The customer service team also plays an important role in assisting with the investigations, responded to customers, and notifying registrars of abusive domains. Finally, the Policy⁄Legal team is responsible for developing the relevant policies and procedures.

The necessary resources will be pulled from the pool of available resources described in detail in the response to Question 31. The following resources are available from those teams:

-Customer Support - 12 employees
-Policy⁄Legal - 2 employees

The resources are more than adequate to support the abuse mitigation procedures of the .nfl registry.

Similar gTLD applications: (1)