28 Abuse Prevention and Mitigation

Prototypical answer:

1. COMPREHENSIVE ABUSE POLICIES, WHICH INCLUDE CLEAR DEFINITIONS OF WHAT CONSTITUTES ABUSE IN THE TLD, AND PROCEDURES THAT WILL EFFECTIVELY MINIMIZE POTENTIAL FOR ABUSE IN THE TLD

Please note; all figures, tables and diagrams referenced in the following response can be found in the attachment titled “Attachment dot web Q28.”

Web.com Group, Inc (ʺWeb.comʺ) has been in the business of helping our near 3 million customers establish their online presences for over 15 years. As such, we have a rich history of understanding the importance of abuse prevention and mitigation as a core objective. We are active participants in a variety of industry and government efforts to prevent domain name abuse and are constantly updating our operating procedures to ensure our customers are as protected from this type of activity as they can be.

The .web gTLD will help customers launch and leverage their presence on the World Wide Web. As a leading global provider of online marketing services to small businesses, Web.com recognizes that finding a relevant and memorable domain name can be challenging. Since many keywords and descriptive phrases associated with existing gTLDs have already been registered, it is difficult to pinpoint a domain name which contains a limited number of characters. Consequently, prospective registrants are often unable to secure a unique name. Regularly, in the .com space amongst others, this is because of exploitative or abusive registrations. In the forthcoming .web namespace, we will endeavor to the utmost of our ability to prevent this pattern from repeating.

One of the most important reasons our customers choose Web.com is because of our reputation for great products and exceptional customer service. The .web gTLD is a natural extension of our business. It is a place where we can help customers be successful on the web. At Web.com, we believe that a website is only as good as the services and support behind it. With the .web gTLD, we have the chance to bring this same commitment to service and support to a gTLD. For companies and consumers who stake their reputation on a .web domain name, having a gTLD that is trusted and secure is critical.

Unfortunately, some of the current gTLDs are not operated in a manner that instills this level of confidence. Web.com hopes to make the .web gTLD different. In launching the .web gTLD we have put together a tapestry of efforts that seek to prevent and successfully mitigate domain name abuse, making the web a more accessible and friendly place for small and medium sized businesses as well as consumers. These efforts include:

• An acceptable use policy that clearly defines what is considered abuse and what registrants may and may not do with their domain names
• A seasoned abuse mitigation team that has years of experience in dealing with these issues
• Technological Measures for Removal of Orphan Glue Records
• Efforts and measures to promote accurate and complete Whois
• Requirements for .web accredited registrars to enact measures in support of these efforts

The fight against abusive behavior is not static and Web.com is committed to ensuring that our efforts are constantly evolving to meet the ever changing landscape of threats.

1.1 .web Abuse Prevention and Mitigation Implementation Plan

Preventing domain name abuse in the .web gTLD is of critical importance to registrants, consumers and Web.com. To demonstrate our commitment to make the .web gTLD more resistant to abusive behavior than just about any other gTLD that currently exists, Web.com has explored various mechanisms to help prevent abusive registrations. We were particularly impressed with the set of 31 Proposed Security, Stability and Resiliency Requirements for Financial TLDs that were developed by the Security Standards Working Group (SSWG) under the guidance of the financial services industry. Following their recommendation that all potential applicants look at these standards for their own TLDs, Web.com has completed a thorough review to determine which might enhance the .web gTLD experience. While not all of the proposed standards are applicable to the .web gTLD, we will endeavor to implement several of them to aid in our efforts to prevent and mitigate abusive registrations.

Web.com has developed and will look to deploy a customized approach that seeks to minimize the potential for abusive registrations and mitigate them as soon as possible should they occur. Registrants, Registrars and the Registry will all play a role in this endeavor. Having all three levels of the .web gTLD ecosystem participate in these measures will help ensure a comprehensive approach to these critical objectives. Web.com has designed the following procedure to prevent and mitigate abusive registrations:

Acceptable Use Policy - Web.com has developed a draft Acceptable Use Policy (AUP) which can be found in ʺAttachment dot web Q28.ʺ This AUP clearly defines what is considered abuse and what type of behavior is expressly prohibited in conjunction with the use of a .web domain name. Web.com will require, through the Registry Registrar Agreement (RRA), that this AUP be included in the registration agreement used by all .web gTLD accredited registrars. This registration agreement must be accepted by a registrant prior to them being able to register a name in the .web gTLD.

Annual Certification of Registrar compliance with Registry-Registrar Agreement. The self-certification program consists, in part, of evaluations applied equally to all operational .web gTLD accredited registrars and conducted from time to time throughout the year. Process steps are as follows:

• Web.com sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification.
• When the form is submitted, Web.com sends the registrar an automated email confirming that the form was successfully submitted.
• Web.com reviews the submitted form to ensure the certifications are compliant.
• Web.com sends the registrar an email notification if the registrar is found to be compliant in all areas.
• If a review of the response indicates that the registrar is out of compliance or if Web.com has follow-up questions, the registrar has 10 days to respond to the inquiry.
• If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Web.com sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach.
• If the registrar does not cure the breach, Web.com terminates the Registry-Registrar Agreement (RRA).

The .web gTLD registry will provide and maintain a primary point of contact for abuse complaints. We will display the contact information for the Abuse Mitigation Team, which serves as the primary point of contact for reporting abuse within the .web gTLD, on the .web gTLD website.

Each .web gTLD accredited registrar will provide and maintain a primary point of contact for abuse complaints. The registrar must provide and maintain valid primary contact information for reporting abuse in the .web gTLD on their website. This will be required as part of the .web gTLD RRA.

Web.com will explicitly define for Registrars what constitutes abusive behavior including but not limited to, malicious, negligent, and reckless behavior. The definition of abusive behavior will be contained in the AUP that Registrars will be required to include as part of the Registration Agreement. This will be required as part of the .web gTLD RRA.

Registrar must notify Registry Operator immediately regarding any investigation or compliance action including the nature of the investigation or compliance action by ICANN or any outside party (e.g., law enforcement, etc.), along with the TLD impacted. This will be required as part of the .web gTLD RRA.

Development of an Abuse Prevention and Mitigation Working Group. To give the Web.com team alternate perspectives about handling incidents of abuse and ways to mitigate them, we will form an Abuse Prevention and Mitigation Working Group. This team will not only be comprised of a cross functional group of Web.com professionals but also look to involve representatives from law enforcement, our customer base and outside experts. The group would meet regularly to discuss the latest trends in domain name abuse and the most effective way to prevent and remedy them.

1.2 Policies for Handling Complaints Regarding Abuse

Web.com will staff a Single Point of Contact (SPoC) Abuse team to address abuse and malicious use requests. The role of the abuse team is to monitor registry services and review complaints entered online by end users, customers, and⁄or Law Enforcement. The complaints will be managed in accordance with the applicable Acceptable Use Policy (AUP) and Terms of Service (TOS) which shall allow the Abuse team discretion to suspend a domain instantly or send the complaint through the appropriate escalation channel for complaint resolution.

Complaints shall be received via email at abuse@registry.web as will be prominently provided on the .web website (http:⁄⁄registry.web). Registrar access to .web’s Abuse Team will be provided via a hotline number, email address and additional personnel for filing direct requests. Complaints may be submitted 24x7 and each request path requires the submitter to provide personal contact information. .web will acknowledge the complaint within one (1) business day and will provide the requestor acceptance and⁄or resolution within three (3) business days depending on severity and complexity of the complaint.

Web.com views domain name abuse as a serious matter that produces direct harm to Internet users and .web customers. As such, .web will handle each abuse complaint as a direct threat and intends to resolve each validated complaint with a sense of urgency. Our Abuse Policies recognize many forms of abuse related to the registrations and use of domain names. Abuses and their respective mitigation strategy listed here is not an exhaustive list, but is meant to highlight general process and procedure by which .web will manage the most common forms of abuse. The .web Abuse Team collaborates and participates with industry experts and forums to understand the latest forms of abuse in an attempt to protect customers of our services and Internet users where possible.

DRAFT ABUSE REMEDY PROCESS

Listed here is the proposed process for dealing with the major forms of domain abuse:

1. Customer or end user submits abuse complaint to abuse@registry.web;
2. Abuse Coordinator receives request and acknowledges receipt of complaint;
3. Abuse Coordinator analyzes request to determine the abuse type to be addressed and references the .web knowledgebase for detailed procedures;
4. Abuse Coordinator assigns a severity rating based on complaint type;
5. Abuse Coordinator resolves the complaint based on the following decision tree:
a. Is the request a court ordered seizure and transfer?
i. Yes – See section 28.1.1
ii. No - next step
b. Does the request reflect a potential DDOS Attack?
i. Yes – See section 28.1.2
ii. No - next step
c. Is the request a phishing complaint?
i. Yes – See section 28.1.3
ii. No - next step
d. Is the complaint a notice of a trademark infringement?
i. Yes – See section 28.1.4
ii. No - next step
e. Is the request a possible hijacking case or a transfer dispute?
i. Yes – See section 28.1.5
ii. No - next step
f. Is the request an email service abuse?
i. Yes – See section 28.1.6
ii. No - next step
g. Does the complaint refer to abusive or offensive content hosted on a .web domain?
i. Yes – See section 28.1.7
ii. No - next step
h. For all other abuses not defined:
i. Escalate request to Abuse Manager for guidance and resolution

28.1.1 Court Ordered Seizure and Transfer

Definition: Law enforcement via a court of legal jurisdiction orders that domain be seized due to illegal activity of applicable law.

Service Level: One (1) business day

Procedure:

• Abuse Coordinator contacts the legal jurisdiction to request signed copies of the court order;
• Upon receipt of court order, Abuse Coordinator confirms request with the Abuse Situation Manager;
• If the request is determined to be valid, Abuse Coordinator will submit a request to the Registry Support team to have the domain pushed to the requested registrar as directed by the applicable judicial entity;
• If the request is determined to be invalid or documents submitted are in question, the Abuse Coordinator will contact the legal jurisdiction requesting the appropriate documentation or to provide reasoning as to why the request cannot be fulfilled.

28.1.2 DOS or DDOS Attack

Definition: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users.

Service Level: One (1) business day

Procedure:
• Abuse Coordinator will confirm the DDOS attack with the Abuse Manager;
• If the complaint is confirmed as a DDOS attack:
o Abuse Coordinator will escalate the request to the respective Registrar Support Team;
o If not , Abuse Coordinator will respond to the complainant as unable to confirm and request additional information or close the complaint;
• Registrar Support team will suspend the domain registration until further notice.

28.1.3 Phishing

Definition: Phishing is a website fraudulently presenting itself as a trusted site (often a bank) in order to deceive Internet users into divulging sensitive information (e.g. online banking credentials, email passwords).

Service Level: One (1) business day

Procedure:
• Abuse Coordinator will confirm the phishing scam with the Abuse Manager;
• If the complaint is confirmed as a legitimate phishing event;
o Abuse Coordinator will escalate the request to the Registry Support Team;
o If not , Abuse Coordinator will respond to the complainant as unable to confirm and request additional information or close the complaint;
• Registry Support Team will immediately suspend the domain;
• Abuse Manager will investigate the Phish event and determine the intent of the domain registrant, the Registry Support team seize and⁄or delete the domain from the zone.

28.1.4 Cybersquatting ⁄ Trademark Infringement

Definition: Cybersquatting is the deliberate and bad-faith registration and use of a name that is a registered brand or mark of an unrelated entity, often for the purpose of profiting (typically, though not exclusively, through pay-per-click advertisements).

Service Level: Three (3) business days

Procedure:
• If request appears to be an initial complaint on a possible infringement, Abuse Coordinator will direct complainant to the UDRP⁄WIPO process;
• If not , if the request of transfer is from a .web registrar, Abuse Coordinator will work with the Registrar to ensure the domain in question is transferred appropriately.


28.1.5 Transfer Disputes ⁄ Hijacking

Definition: Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant.

Service Level: Three (3) business days

Procedure:
• Abuse Coordinator will confirm the OFAC request with the Abuse Manager;
• Abuse Coordinator will escalate request to and Registrar shall internal policies and procedures to investigate the transfer.

28.1.6 Email Service Abuse

Definition: An illegitimate use of email systems to distribute abusive content or in a manner that violates the Acceptable Use Policy. Examples of this abuse are Un-Solicited Commercial Email (UCE⁄SPAM).

Service Level: Three (3) business days

Procedure:
• Abuse Coordinator will validate the complaint for UCE⁄SPAM elements and collaborate with the Complainant to acquire the examples of the offensive material;
• If Abuse Coordinator deems the offensive material to violate Acceptable Use Policy and is deemed to be offensive material, Abuse Coordinator will escalate the request to the Registry Support team for suspension;
• Registry Support team will immediately suspend the domain;
• If a .web customer is found to be unknowingly sending UCE, Customer shall be allotted the opportunity to correct the situation and assurances must be received by offender to ensure against future occurrences.

28.1.7 Web Hosting Abuse

Definition: Content or material hosted on a website that that is deemed to be offensive or against the .web Acceptable Use Policy. Material that is deemed offensive by registrar⁄host shall result in a Warning, then Suspension if material is not removed and possible seizure or termination of services.

Service Level: Three (3) business days

Procedure:
• Abuse Coordinator will validate the information in the complaint to confirm that the hosting package is being used in a way that is not compliant with the .web Acceptable Use Policy. Some examples may include the following:
o Documents, videos, pictures, music files, software etc. is not associated with the function or serving up of website;
o Content being stored is not accessible from the Website;
o An open FTP server;
o Storage being used as a hard drive⁄backup; or
o Space Manager usage exceeds 2GB of storage on the UNIX hosting platform only.
• If one or more of the above is confirmed and validated, the Abuse Coordinator or Technical Services will notify the Customer that they are in violation of the .web AUP and⁄or Terms of Service;
• An email will be sent immediately to the Registrant, Admin and Technical contact on file to advise of the violation. The email should instruct the Customer to take the appropriate action within 24 hours to remove the offending content or they may be subjected to a suspension of services;
• During Business Hours, the Abuse Coordinator will contact the Customer via phone in addition to sending the email to inform the Registrant, Admin or Technical contacts of the offending violation. The Technical Services agents will follow the same process for After Hours handling;
• If no response is received within 24 hours, a second phone and email attempt will be made to reach the Registrant, Admin and Technical contact;
• If the offending party does not respond by the end of the second business day, action will be taken to remove the offending content that is causing server degradation;
• Technical Support team will suspend the Hosting services;
• The Registry Support team will place the domain on Registrar hold to de-resolve the name;
• If the offending party responds and agrees to remove the offending content within the 24 hour time frame, the Abuse Coordinator or Technical Services agent must confirm the material has been removed, and note the appropriate remediation within the CRM system;
• If the offending party responds and agrees to remove the offending content after the service suspension, the Registry Support team may remove the suspension and allow customer to remove the content. Support will confirm the offending material has been removed, and note the appropriate CRM systems;
• If the offending party requests that .web remove the offending material, the Abuse Coordinator agent must call the Customer and obtain confirmation to remove the content on behalf of the Customer. The Abuse Coordinator will also obtain written confirmation from the Customer via the Registrant, Administrative or Technical Contacts that are listed. The confirmation should be noted in the appropriate CRM system;
• If there is no response from the offending party after 7 Days, the Abuse Coordinator will submit a request to delete the offending content from the servers to the Abuse Manager for approval to delete the content;
• Prior to deleting the content, an email will be sent to the appropriate internal Legal point of contact to advise of the issue and obtain approval to delete the content.

1.3 Proposed Measures for Removal of Orphan Glue Records

Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. Web.com’s selected backend registry services provider’s registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.

To prevent orphan glue records, Verisign, Web.comʹs chosen backend registry services provider, performs the following checks before removing a domain or name server:

Checks during domain delete:
• Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
• If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
• Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
• If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
• If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans

Details related to resourcing plans for the initial implementation and ongoing maintenance of Web.com’s abuse plan are provided in Section 2 of this response.

1.5 Measures to Promote Whois Accuracy

Web.com supports efforts to improve the accuracy and completeness of Whois records. To that end, we will seek to implement a series of measures that require registrars and registrants to help us in this pursuit. This includes a Whois reminder process at the registry level, regular scans of the Whois data to search for blank or incomplete data and economic incentives for registrars who achieve 100% complete and accurate Whois data for those names they have registered.

Regular Monitoring of Registration Data for Accuracy and Completeness

Whois data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.

Bi-Annual Whois Verification by Registrars. As will be required in the Registry-Registrar Agreement, all .web accredited registrars will be required to verify Whois data for each record they have registered in the TLD twice a year. Verification can take place via email, phone or any other methods as long as there is a proactive action by the registrant to confirm the accuracy of the Whois data associated with the domain name. Web.com will randomly audit Whois records to ensure compliance and accuracy. As part of the .web gTLD Abuse reporting system, users can report missing or incomplete Whois data via the registry website.

Quarterly Scan of the Zone file for incomplete Registrant Data. On a quarterly basis, Web.com will do a scan of all Whois records in the .web gTLD to find any blank fields or missing registration data. Upon completion of the scan, registrars will be sent a report detailing which domain names are missing data. As part of their responsibilities in the RAA to work towards 100% accuracy of Whois data, registrars must then alert registrants that there is data missing in their Whois record and remind them of their responsibility contained in the registration agreement that they must comply with ICANN requirements for complete and accurate Whois data.

Economic incentives for Registrars to achieve 100% Whois Accuracy

Web.com will offer Market Development Funds (MDF) to those registrars who can demonstrate via a third party audit that the .web gTLD names registered with them have 100% complete and accurate Whois data.

1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution

Web.com defines Malicious and Abusive behavior based on the following but not limited definitions:

Phishing is a criminal activity employing tactics to defraud and defame Internet users via sensitive information with the intent to steal or expose credentials, money or identities. A phishing attack begins with a spoofed email posing as a trustworthy electronic correspondence that contains hijacked brand names i.e. (financial institutions, credit card companies, e-commerce sites). The language of a phishing email is misleading and persuasive by generating either fear and⁄or excitement to ultimately lure the recipient to a fraudulent website. It is paramount for both the phishing email and website to appear credible in order for the attack to influence the recipient. As with the spoofed email, phishers aim to make the associated phishing website appear credible. The legitimate target website is mirrored to make the fraudulent site look professionally designed. Fake third-party security endorsements, spoofed address bars, and spoofed padlock icons falsely lend credibility to fraudulent sites as well. The persuasive inflammatory language of the email combined with a legitimate looking website is used to convince recipients to disclose sensitive information such as passwords, usernames, credit card numbers, social security numbers, account numbers, and mother’s maiden name.

Malware is malicious software that was intentionally developed to infiltrate or damage a computer, mobile device, software and⁄or operating infrastructure or website without the consent of the owner or authorized party. This includes, amongst others, Viruses, Trojan horses, and worms.

Domain Name or Domain Theft is the act of changing the registration of a domain name without the permission of its original registrant.
Section 1.2 outlines the Web.com Policies and Procedures for Handling Complaints Regarding Abuse as defined above.

As pertains to Web.com performance metrics and service level requirements for resolution, we adhere to a 12 hour timeframe to address and potentially rectify the issue as it pertains to all forms of abuse and fraud. Once a notification is received via email, call center or fax, the Web.com Customer Service centers immediately create a support ticket in order to monitor and track the issue through resolution. If notifications are received during normal business hours (8am – 11pm EST. (Monday – Friday) and 8am – 6pm EST (Saturday & Sunday) the majority of issues are resolved in less than a 4 hour period.


1.7 Controls to Ensure Proper Access to Domain Functions

To ensure proper access to domain functions, Web.com incorporates Verisign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).

Registrars can use the one-time-password when communicating directly with Verisign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is only enabled for registrars that wish to take advantage of the added security provided by the service.

2. TECHNICAL PLAN THAT IS ADEQUATELY RESOURCED IN THE PLANNED COSTS DETAILED IN THE FINANCIAL SECTION

Resource Planning

Web.com is a leading provider of Internet services for small to medium-sized businesses (SMBs). Web.com is the parent company of two global domain name registrars and further meets the Internet needs of SMBs throughout their lifecycle with affordable value added services that including domain name registration, website design, search engine optimization, search engine marketing, social media and mobile products, local sales leads, eCommerce solutions and call center services. Headquartered in Jacksonville, FL, USA, Web.com is NASDAQ traded company serving nearly three million customers with more than 1,700 global employees in fourteen locations in North America, South America and the United Kingdom.

Our business is helping people establish, maintain, promote, and optimize their web presence. Web.com intentionally chose Verisign as our registry services provider because of their unsurpassed track record in operating some of the worldʹs most complex and critical top level domains. Verisignʹs support for the .web gTLD will help ensure its success

The .web gTLD will be fully supported by a cross function team of Web.com professionals. Numbers and types of employees will vary for each function but Web.com projects it will use the following personnel to support the resource planning requirements:

• Quality Assurance Engineer: 0.5 FTE
• System Administrator: 1 FTE
• Database Administrator: 0.5 FTE
• Technical Project Manager: 0.5 FTE
• Marketing Director: 1 FTE
• Sales Manager: 1 FTE
• Legal Counsel: 1 FTE
• Finance⁄Accounting: 1 FTE
• Customer Service: 2 FTEs

Resource Planning Specific to Backend Registry Activities

Verisign, Web.comʹs selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to Web.com fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of
Proposed Registry, to support abuse prevention and mitigation:
• Application Engineers: 19
• Business Continuity Personnel: 3
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11
• Network Administrators: 11
• Network Architects: 4
• Network Operations Center (NOC) Engineers: 33
• Project Managers: 25
• Quality Assurance Engineers: 11
• Systems Architects: 9

To implement and manage the Web.com .web gTLD as described in this application, Verisign, Web.com’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

3. POLICIES AND PROCEDURES IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES AT STARTUP AND ON AN ONGOING BASIS

3.1 Start-Up Anti-Abuse Policies and Procedures

Verisign, Web.com’s selected backend registry services provider, provides the following domain name abuse prevention services, which Web.com incorporates into its full-service registry operations. These services are available at the time of domain name registration.

Registry Lock. The Registry Lock Service allows registrars to offer server-level protection for their registrants’ domain names. A registry lock can be applied during the initial standup of the domain name or at any time that the registry is operational.

Specific Extensible Provisioning Protocol (EPP) status codes are set on the domain name to prevent malicious or inadvertent modifications, deletions, and transfers. Typically, these ‘server’ level status codes can only be updated by the registry. The registrar only has ‘client’ level codes and cannot alter ‘server’ level status codes. The registrant must provide a pass phrase to the registry before any updates are made to the domain name. However, with Registry Lock, provided via Verisign, Web.com’s subcontractor, registrars can also take advantage of server status codes.

The following EPP server status codes are applicable for domain names: (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination.

The EPP also enables setting host (i.e., name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting host status codes at the registry reduces the risk of inadvertent disruption of DNS resolution for domain names.

The Registry Lock Service is used in conjunction with a registrar’s proprietary security measures to bring a greater level of security to registrants’ domain names and help mitigate potential for unintended deletions, transfers, and⁄or updates.

Two components comprise the Registry Lock Service:

• Web.com and⁄or its registrars provides Verisign, the provider of backend registry services, with a list of the domain names to be placed on the server status codes. During the term of the service agreement, the registrar can add domain names to be placed on the server status codes and⁄or remove domain names currently placed on the server status codes. Verisign then manually authenticates that the registrar submitting the list of domain names is the registrar of record for such domain names.
• If Web.com and⁄or its registrars requires changes (including updates, deletes, and transfers) to a domain name placed on a server status code, Verisign follows a secure, authenticated process to perform the change. This process includes a request from a Web.com-authorized representative for Verisign to remove the specific registry status code, validation of the authorized individual by Verisign, removal of the specified server status code, registrar completion of the desired change, and a request from the Web.com-authorized individual to reinstate the server status code on the domain name. This process is designed to complement automated transaction processing through the Shared Registration System (SRS) by using independent authentication by trusted registry experts.

Web.com intends to charge registrars based on the market value of the Registry Lock Service. A tiered pricing model is expected, with each tier having an annual fee based on per domain name⁄host and the number of domain names and hosts to be placed on Registry Lock server status code(s).

3.2 Ongoing Anti-Abuse Policies and Procedures

3.2.1 Policies and Procedures That Identify Malicious or Abusive Behavior
Verisign, Web.com’s selected backend registry services provider, provides the following service to Web.com for incorporation into its full-service registry operations.

Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.

Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.

3.2.2 Policies and Procedures That Address the Abusive Use of Registered Names

Suspension processes.

In the case of domain name abuse, Web.com will determine whether to take down the subject domain name. Verisign, Web.com’s selected backend registry services provider, will follow the following auditable processes to comply with the suspension request.

Verisign Suspension Notification. Web.com submits the suspension request to Verisign for processing, documented by:

• Threat domain name
• Registry incident number
• Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
• Threat classification
• Threat urgency description
• Recommended timeframe for suspension⁄takedown
• Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
• Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from Web.com, it performs the following verification procedures:

• Validate that all the required data appears in the notification.
• Validate that the request for suspension is for a registered domain name.
• Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to Web.com with the following information:

• Threat domain name
• Registry incident number
• Verisign case number
• Error reason

Registrar Notification. Once Verisign has performed the domain name suspension, and upon Web.com request, Verisign notifies the registrar of the suspension. Registrar notification includes the following information:

• Threat domain name
• Registry incident number
• Verisign case number
• Classification of type of domain name abuse
• Evidence of abuse
• Anti-abuse contact name and number
• Suspension status
• Date⁄time of domain name suspension

Registrant Notification. Once Verisign has performed the domain name suspension, and upon Web.com request, Verisign notifies the registrant of the suspension. Registrant notification includes the following information:

• Threat domain name
• Registry incident number
• Verisign case number
• Classification of type of domain name abuse
• Evidence of abuse
• Registrar anti-abuse contact name and number

Upon Web.com request, Verisign can provide a process for registrants to protest the suspension.
Domain Suspension. Verisign places the domain to be suspended on the following statuses:

• serverUpdateProhibited
• serverDeleteProhibited
• serverTransferProhibited
• serverHold

Suspension Acknowledgement. Verisign notifies Web.com that the suspension has been completed. Acknowledgement of the suspension includes the following information:

• Threat domain name
• Registry incident number
• Verisign case number
• Case number
• Domain name
• Web.com abuse contact name and number, or registrar abuse contact name and number
• Suspension status

4. WHEN EXECUTED IN ACCORDANCE WITH THE REGISTRY AGREEMENT, PLANS WILL RESULT IN COMPLIANCE WITH CONTRACTUAL REQUIREMENTS

Web.com is fully committed to improving the completeness and accuracy of Whois data and to preventing and mitigating domain name abuse in the .web gTLD. We strongly believe the efforts that we have outlined will go a long way in this critical area and most certainly meet the requirements as outlined by ICANN.

The fight against domain names abuse is not a static fight. The tactics used by malicious parties are constantly evolving and web.com is committed to evolving our systems to address these ongoing threats not because ICANN says we have to but simply because it is what our customers have come to expect from Web.com.

The .web gTLD is an extension of our current business. At Web.com, we believe that a website is only as good as the services and support behind it. With the .web gTLD, we have the chance to bring this same commitment to service and support to a gTLD. For companies and consumers who stake their reputation on a .web domain name, having a gTLD that is trusted and secure is critical.

5. TECHNICAL PLAN SCOPE⁄SCALE THAT IS CONSISTENT WITH THE OVERALL BUSINESS APPROACH AND PLANNED SIZE OF THE REGISTRY

Scope⁄Scale Consistency

As one of the first domain registrars, Web.com and its subsidiaries have seen the Internet grow exponentially across three decades. Web.com has grown to a point where it now serves approximately 3 million customers, comprising over 8 million domain names under management. As our customer base grew and the number of domains we managed with it, we expanded our operations to meet customer needs. We anticipate doing exactly the same as .web proliferates. Our systems are highly developed and continually tested and audited, and will scale as we scale. The commitments we will seek to make to prevent domain name abuse will expand to meet the anticipated growth of the .web gTLD. We invest tens of millions each year in upgrading infrastructure and developing new business processes to meet the growth and needs of our customer base, and consider doing so of paramount importance.

After 15 years of developing in this way, Web.com is a leading provider of Internet services for small- to medium-sized businesses (SMBs). Web.com is the parent company of two global domain name registrars, and further meets the Internet needs of consumers and businesses throughout their lifecycle with affordable value-added services. Those services include domain name registration; website design; search engine optimization; search engine marketing; social media and mobile products; local sales leads; eCommerce solutions; and call center services.

Headquartered in Jacksonville, FL, USA, Web.com is a publicly traded company (Nasdaq: WWWW), with more than 1,700 global employees in fourteen locations in North America, South America and the United Kingdom. Web.com brings a wealth of experience in providing a seamless process for customers from the first point of registration through the growth of their Internet properties.

Indeed, following our acquisition of Register.com in July 2010 and the subsequent acquisition of Network Solutions, LLC, in October 2011, we have become one of the largest domain name registrars in the world. Web.com offers a variety of gTLDs and a full suite of domain name services, including registration, management, renewal, expiration protection and privacy services.

It is clear, therefore, that managing the potentially enormous growth of the .web namespace will be a challenge, but a challenge to which we are more than equal.

Scope⁄Scale Consistency Specific to Backend Registry Activities

Verisign, Web.com’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.

Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .web gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the backend registry services it provides to Web.com fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.

Similar gTLD applications: (0)