28 Abuse Prevention and Mitigation

Prototypical answer:

Desi Networks LLC’s (the Company) proposed use for the DOT DESI TLD will include robust protection mechanisms designed to quickly and effectively address any abusive registrations within the space. Accordingly, the Company will adopt a comprehensive system including all rights protection mechanisms required by ICANN, plus ongoing monitoring for abusive use of domain names within the space.

Additionally, Desi Networks LLC will do the following:

- Utilize a trusted method of communication for all correspondence between Desi Networks LLC and the TLDʹs registrars
- Ensure that all registrant contact information, including WHOIS records, is complete and remains current
- Implement effective mechanisms for identifying and addressing abusive practices
- Establish a point of contact for third-party reporting of abusive practices
- Determine and implement a streamlined practice for addressing and removing orphan glue records
- Publish on its website and include as binding registry policy an Anti-Abuse Policy, described in detail below, which provides applicable definitions of abuse and outlines steps the Company will take to address any such situations


A. Point of Contact for Abuse Complaints

The Company will establish a point of contact to handle complaints directly. In order to effectively capture any complaints the abuse email inbox will be routinely and continuously monitored. Complaintants will be provided with a responsive communication containing an auditable tracking or case number. The abuse point of contact will be responsive and effective at resolving issues. They will be tasked with answering email quickly, empowered to take effective action, and guided by well-defined written criteria. This role-based function will be performed by Desi Networks LLC’s legal team which includes Mr. Mike Rodenbaugh and Mrs. Shaila Lakhani Ohri, which will ensure that the abuse point of contact has a broad familiarity with current industry knowledge and a high-level awareness of evolving online security risks.

The abuse point of contact will be supported by the law firm Rodenbaugh Law, of San Francisco, California, USA, with whom the abuse point of contact will consult and coordinate the correct management of disputes and reported abuse. The abuse point of contact will further consult with Thomsen Trampedach GmbH, as well as with KSregistry in order to coordinate technical reactions necessary to respond to or mitigate abusive behavior in a timely manner.

Mr. Mike Rodenbaugh is a UDRP Panelist with the Czech Arbitration Court and has extensive, firsthand knowledge of ICANN and its structure. Thomsen Trampedach GmbH is a Swiss-based domain name consulting company with long-term involvement in ICANN, experience advising large brands in all domain name related issues, and is qualified to assist and advise the Company’s on-hand staff. With regard to the estimated number of registrations, these allocated resources will be sufficient to handle the expected initial volume of abuse complaints. Abuse complaint metrics will be tracked and reviewed carefully each year, and adequate resources will be expended to ensure appropriate trending of those metrics, thus providing the abuse point of contact with sufficient resources.

Mrs. Shaila Lakhani Ohri has over 15 years of experience as an attorney, and has practiced law in the areas of corporate, securities, finance, employment and contracts. Shaila’s legal experiences include working at a law firm and as in house counsel for a finance company and a fortune 500 company. Shaila graduated with a B.A. from The American University in Political Science and International Studies, and completed her Juris Doctor degree at The George Washington University School of Law. Shaila will provide general legal advice and counsel to the company.

Desi Networks LLC, believes that infrastructure protection, rights protection, and user security are of paramount importance for a TLD owner. To that end, the Company expects to ensure sufficient resources for this critical role, and to do whatever is reasonably necessary to ensure a secure and trusted zone.


B. Anti-Abuse Policy

Desi Networks LLC, will develop and implement upon launch of the TLD an Anti-Abuse Policy (AAP). The AAP will be made binding for all registrants by contractually obligating registrars through the Registry-Registrar Agreement to pass on the AAP as part of their registration agreements. The AAP will also be published prominently on the Registry website alongside the abuse point of contact and with instructions on how to best report any suspected violations of the AAP to the registry.

The AAP will be based on and expand upon existing registry policies to ensure best industry practice is followed. The goal of the AAP is to limit significant harm to internet users, to enable Desi Networks LLC or accredited registrars to investigate and to take action in case of malicious use of domain names and to deter registrants from engaging in illegal or fraudulent use of domain names.

The Company defines abuse as an action that causes actual and substantial harm, or is a material predicate of such harm, and is illegal, illegitimate, or otherwise contrary to Desi Networks LLC’s policy.

“Abuse” includes, but is not limited to, the following:

- Use of a domain to defraud or attempt to defraud members of the public in any way
- Use of a domain to distribute or publish hateful, defamatory, or derogatory content based on racial, ethnic, or political grounds, intended or generally able to cause or incite injury, damage or harm of any kind to any person or entity
- Use of a domain name to publish content threatening or invading the privacy or property rights of a third party
- Use of a domain name to publish content that infringes the trademarks, copyrights, patent rights, trade secrets or other intellectual property rights, or any other legal rights of the Company or any third party, or any action infringing on the named rights
- Violation of any applicable local, state, national or international law or regulation
- Use of a domain name for the promotion, involvement in or assisting in, illegal activity of any kind, as well as the promotion of business opportunities or investments that are not permitted under applicable law
- Advertisement or offer for sale any unlawful goods or services in breach of any national or international law or regulation
- Use of domain names to contribute to the sale or distribution of prescription medication without a valid prescription as well as the sale and distribution of unlicensed or unapproved medication
- Distribution of Child Pornography or other content depicting minors engaged in any activity of a sexual nature or which may otherwise harm minors
- Use of domain names to cause minors to view sexually explicit material
- Any use of domain names with regard to spam in any form, including through e-mail, instant messaging, mobile messaging, or the spamming of Web sites or Internet forums, as well as advertising for a domain name through spam
- Initiation or intentional participation in denial-of-service attacks (“DDoS attacks”)
- The use of domain names in phishing activities, tricking Internet users into divulging personal data such as usernames, passwords, or financial data
- The use of domain names in pharming, such as DNS hijacking and poisoning
- The use of domain names for the intentional distribution of spyware, botware, keylogger bots, viruses, worms, trojans or other forms of malware
- The use of a domain name in unauthorized fast flux hosting, disguising the location of internet addresses or Internet services. Fast flux hosting may be used only with prior permission of Desi Networks LLC
- The use of domain names to command and control botnets, i.e. a network of compromised computers or “zombies”
- The use of domain names in activities intended to gain illegal access to other computers or networks (“hacking”), as well as any activity to prepare for such system penetration

In accordance with best practices in current generic Top Level Domains, the Company reserves the right to either directly or through the issuing of a request to an accredited registrar deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion:

- To protect the integrity and stability of the .DOT DESI TLD and⁄or prevent the abuse of any DOT DESI domain name
- To comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process
- To avoid any liability, civil or criminal, on the part of Desi Networks LLC, as well as its affiliates, subsidiaries, officers, directors, and employees.per the terms of the Registry Agreement or to correct mistakes made by DESI, Registry Service Provider or any Registrar(s) in connection with a domain name registration

The Company also reserves the right to place a domain upon registry lock, hold or similar status name during resolution of an investigation or dispute.


C. Handling of Abuse Reports

All abuse reports received by the abuse point of contact will be tracked internally in a ticketing system to ensure accountability and ease of reference, and a tracking number will be provided to the reporter. Each report will be carefully reviewed and evaluated regarding its credibility, to determine whether the reported issue is an abuse concern and to assess the required action(s), if any. Desi Networks LLC will work in tandem with the sponsoring registrar(s) as well as the Registry Service Provider to rapidly address potential threats or abuse complaints, investigate all reasonable complaints, and take any appropriate action(s) thereto.

As standard practice, the Company will forward all credible and actionable reports, including the accompanying evidence, if any, to the sponsoring registrar, with a request to investigate the issue further and to take appropriate action. In case the registrar determines in the course of the investigation that the use of the domain name violates the applicable terms of use, ICANN policies or the AAP, the registrar is expected to take action within a reasonable time. Desi Networks LLC further reserves the right to act directly and immediately in cases of obvious and significant malicious conduct.

The Company will implement valid court orders or seizure warrants from courts, arbitration tribunals, or law enforcement agencies of applicable jurisdiction as a top priority. The Company will further work closely with law enforcement agencies if necessary.

In case of an unexpected volume of credible abuse complaints, Desi Networks LLC will take advantage of additional resources such as spam databases and blocklists, anti-phishing feeds, analysis of registration data, and DNS queries.


D. Orphan Glue Records:

According to the ICANN SSAC paper SAC048 at: http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf orphan glue records are defined as follows:

“By definition, orphan records used to be glue records. A glue record becomes an ‘orphan’ when the delegation point NS record referencing it is removed without also removing the corresponding glue record. The delegation point NS record is sometimes referred to as the parent NS record.”

An orphan glue record can occur whenever a domain is placed in ServerHold or ClientHold status. In these cases, the domain is removed from the zone file but existing name servers of this domain will be kept in the zone file so that other sites which are still using these name servers are still kept functional.

Example:
“example.string” is deleted from the zone file by setting to ServerHold status, but “ns1.example.string” will be kept in the zone file.


D.1 Prevention of Orphan Glue Records During Domain Deletion

Deleting a domain name is only possible if there are no glue records used by other domains associated with the domain being deleted.

If there are glue records available but not used by other domains in the registry, the glue records will be deleted prior to the domain deletion. Whenever there are glue records available which are still in use, this has to be resolved first. If there are no glue records at all the domain can be deleted instantly.

Solving the problem of glue records for domains which are supposed to be deleted can be done by checking the zone file. The zone file reveals the domains which are using the name servers. Once the required information is available, the named registrars must be contacted and new name servers should be set for the remaining domains in order to release the glue records.

In cases where glue records are being used in a malicious way, the abuse point of contact has to be contacted. The abuse point of contact will check this issue and take any appropriate actions, which may result in removing relevant records from the zone file in case the abuse complaint is valid.


E. Preventive Countermeasures

Pharming is an abusive practice used to gain illegal access to personal and confidential internet user information by diverting internet traffic through the manipulation of the information between the recursive resolver name server and the client software (e.g. web browser) (DNS-cache poisoning). Since pharming is commonly accomplished by redirecting traffic at the recursive DNS level, mitigation is most effective at the ISP level.

However, as an added countermeasure, the KSregistry will sign the domain zone using DNSSEC, as detailed in our answer to question 35, allowing the relying party to establish a chain of trust from the DNS root down to the domain name, thus validating DNS queries in the zone.

Registrars will be encouraged to use a DNSSEC enabled DNS hoster and to provision the related delegation signers (originating from the DNS hoster) to KSregistry’s SRS via EPP. This way it will be possible for the relying party to validate DNS queries and to protect from DNS tampering to a certain degree.

DNSSEC is a set of records and protocol modifications that provide authentication of the signer of the DNS data, verification of integrity of the DNS data against modification, non-repudiation of DNS data that have been signed, and authenticated denial of existence of DNS records. DNS data secured with DNSSEC are cryptographically signed and incorporate asymmetric cryptography in the DNS hierarchy, whereby trust follows the same chain as the DNS tree, meaning that trust originates from the root and is delegated in the same way as the control of a domain. When a domain name in the TLD is requested by a browser, the signature is validated with the public key stored in the parent zone.


F. Promoting Accurate WHOIS Data

Desi Networks LLC is committed to maintaining the DOT DESI TLD space as a safe, secure online environment. A key component of such a plan is the creation and upkeep of accurate WHOIS records for the registry. As indicated in detail in the above answer to Question 26, the Company will develop strong safeguards to help best ensure the accuracy and privacy of the data stored in the WHOIS database, and will ensure that such records will be publicly-available to the extent required by ICANN regulations.

The WHOIS records for this TLD will constitute a “thick” WHOIS, combining all applicable data and information for domain name registrants in a central location. The individual registrars offering DOT DESI TLD domain names will be responsible, under the terms of the Registry-Registrar Agreement, for providing and promptly updating the WHOIS database with current, accurate and complete information. The Registry Service Provider will be responsible for monitoring such information and records to ensure that registrars comply with the contractual agreements to provide accurate data, including the use of field-valid telephone and fax numbers and the use of country names as defined under ISO 3166. DESI shall expressly reserve the right to cancel or suspend any domain name registrations within the space should a registrant fail to provide accurate or complete WHOIS information.

At all times, ICANN’s WHOIS Data Problem Reporting System (WDPRS) will be available to anyone wishing to file a complaint regarding the accuracy or sufficiency of WHOIS records within this TLD.


G. Ensuring Proper Access to Domain Functions

The Registry will be operated using a comprehensive and detailed authentication system designed to implement a wide range of registry functions for both internal operations and as external registrar access. Registrar access will be limited by IP address control lists and TLS⁄SSL certificates, as well as verification processes for proper authentication and appropriate limitations to restrict access to the sponsored objects.

Each domain name will be assigned a unique AUTH-INFO code. The AUTH-INFO code is a 6- to 16-character code assigned by the registrar at the time a domain is created and which can be modified by the registrar at any time. Its purpose is to aid in the identification of the domain owner so that proper authority can be established. For example, a registrar-to-registrar transfer can be initiated only by using the correct AUTH-INFO code, to ensure that domain updates (update contact information, transfer, or deletion) are undertaken by the authorized registrant. Access to the domain’s AUTH-INFO code, stored in the registry, is limited to the sponsoring registrar and is accessible only via encrypted, password-protected channels.

Further security measures are anticipated and will be implemented in the new space, but are currently treated as confidential for security reasons. Accordingly, a full explanation of these mechanisms may be found in the response to Question 30(b).

Similar gTLD applications: (0)