28 Abuse Prevention and Mitigation

Prototypical answer:

28-1 Implementation Plan

The .政府 Registry has an implementation plan to reduce the domain name abuses, and to prohibit any abusive and malicious domain activities, including but not limited to the situations such as Phishing, Pharming, Spam, Illegal or fraudulent actions, Distribution of malware. In this plan, the Registry will set the prevention policies and to be incorporated into the Registry-Registrar Agreement, also be set forth in the “Registrar-Registrant Agreement”.

28-1-1 Abuse Prevention Policy

28-1-1-1 Registry Reserved Names

The Registry will reserve certain names from registration in the .政府 gTLD , including but not limited to the names appearing on the list of ICANN reserved gTLD names. To protect geographic names, the Registry will reserve all capital city names of a country or territory listed in the ISO 3166-1 standard, city names, sub-national place names listed in the ISO 3166-2 standard, names listed in the ISO 3166-3 standard, and names listed as a UNESCO region or appearing on the “Composition of macro geographic (continental) or regions, geographic sub regions, and selected economic and other groupings” list. Currently TWNIC has constituted a Domain Name Committee which comprises 17 members from a variety of stakeholders. The reserved names will be expended to different dimensions and reviewed by TWNIC Domain Name Committee.

28-1-1-2 Applicant Identification Verification Process

The names under the .政府 gTLD will only be made available for Applicants who are the authorized representatives of the related governmental organizations, agencies, or any other institutions for public services. The Applicant Identification Verification Process will be operated before commencement of Sunrise Period, and available thereafter on an ongoing basis. The process is designed to confirm the status and validate contact information for prospective Registrants who are the authorized representatives for their organizations. Applicants who are not the authorized representatives corresponding to the names under .政府 gTLD that they would not be qualified to apply.

28-1-2 Domain Name Anti-Abuse Policy

The .政府 Registry set Domain Name Anti-Abuse Policy, which is stated in the “Registry-Registrant Agreement” and the Applicant Guideline, anyone who wants to register a domain name shall read the Applicant Guideline and need to sign the “Registrar-Registrant Agreement”, it contains below items:
- Registrantʹs Obligation of Disclosure
- The .政府 Registry’s Administration Right
- Dispute Resolution
- Complaints Reporting Procedure

28-1-2-1 Registrantʹs Obligation of Disclosure

When applying to register or renew a domain name or to change domain name registration information, the registrant shall disclose to the registrar and warrant the truthfulness of the below-listed matters, and shall assume sole responsibility for any infringement of rights or interests of others:
- That the statements made on the application form are complete and accurate.
- That, to the Registrantʹs knowledge, the domain name registered by it does not infringe on rights or interests of others.
- That it is not registering, and will not use, the domain name for improper purposes.
- That it is not deliberately registering, and will not deliberately use, the domain name in a manner that violates applicable laws or regulations.

28-1-2-2 .政府 Registry’s Administration Right

Based on international Internet community practice and in consideration of public interests such as protection of consumers, protection of intellectual property rights, enforcement of laws etc., the .政府 Registry and the Registrar have the right to cancel the domain name registration if there is any breach of “Registry-Registrant Agreement”.

28-1-2-3 Dispute Resolution

All Registrants agree to participate in and abide by any determinations made as part the Registry’s dispute resolution procedures, including the Uniform Rapid Suspension System (URS), ICANN‘s Uniform Domain Name Dispute Resolution Policy (UDRP), and related Dispute Resolution Policy announced by ICANN.

The Registry will select a neutral third-party as its dispute resolution service provider to process related dispute resolution procedures. The detailed rules, procedures, and fees for the dispute resolution service provider will be published on the Registry Website.

28-1-2-4 Reporting Abusive Registrations Procedure

The .政府registry will establish abuse contact point to be responsible for reporting related malicious and abusive conduct. If the .政府 Registry receives a report in regard to abusive registration will follow this process:
- If the complaint is reporting for malicious activity such as phishing, pharming, distribution of malware, which will be transferred to the contact point, then trigger the notifying procedure immediately.
- If the complaint is reporting for abusive conduct,
* Check the qualifications of registrants.
* Inform registrants to submit documents and evidences for proper use of the domain names within a period time.
* If registrants cannot submit those documents within the period, the .政府 Registry will cancel the registration of these domain names.
* .政府 Registry will check the accuracy of those documents when those documents received, then to decide whether cancel the domain names or not.

28-1-3 Contact Point for Domain Abuse

The .政府registry will establish contact point for domain name abuse to be responsible for addressing inquiries of malicious and abusive conduct and publish on the website. This information consists of a valid e-mail address and telephone number. The registry will ensure that this information will be accurate and up to date.

28-2 Policies for Handling Complaints Regarding Abuse

The .政府registry has Abuse Prevention Policy and Domain Name Anti-Abuse Policy which are incorporated into the Registry-Registrar Agreement and the “Registry-Registrant Agreement”. The policies describe that .政府reserves the right for the registry to take the appropriate actions based on the type of abuse.

If a abuse complaint process has been triggered, it will not be allowed to have any changes of domain name’s contact and name server information. Then the registry will follow the resolution of the Reporting Abusive Registrations Procedure or Dispute Abuse Procedure to take the final action.

If domain name is being used that appears to threaten the stability, security of registry, or it’s registrar partners and registrant, the .政府 registry will use the Domain Name Anti-Abuse Policy that have ability to lock, cancel, transfer or other activity of the domain names.

When receive complaint or any other alert, the Domain Name Anti-Abuse Policy may be triggered.

ICANN-Accredited Registrar all have to agree to pass through the Domain Name Anti-Abuse Policy to its Resellers and TLD registrants.

The .政府 registry also set some procedure to mitigate and reduce the possibility of abusive use of domain names. It includes WHOIS accuracy and malicious activity monitoring.

28-2-1 Assure WHOIS Accuracy

The .政府 registry will implement a thick WHOIS database as required in Specification 4 of the Registry agreement.
- Applicants shall provide true, complete and accurate information. The .政府 registry may request the applicant to submit documentations for examination purposes when necessary. The .政府 registry shall have the right to cancel a domain name registration at any time when the provided information is found incorrect. This is declared in “Registrar-Registrant Agreement”, registrants need to sign the “Registrar-Registrant Agreement” when register or renew of a domain name or to change domain name registration information.
- Registrars are obliged to ensure that the WHOIS database records submitted by their customers are accurate. The .政府registry shall have the right to cancel a domain name registration at any time when the provided information is found incorrect.
- Annual System Spot Check: The .政府Registry will have annual system spot check for WHOIS database accuracy, looking for any data that appears to be inaccurate, including missing data and mistakes that appear to be unintentional.

28-2-2 Monitoring for Malicious Activity

If any malicious activity happened, the .政府 registry targets domain names which are verified to be abusive and removes them within a period.

When receive a complaint which claims that a domain name is being used to threaten the stability and security of the TLD from a trusted source, third-party, or detected by .政府 Registry, information about the abusive practice is forwarded to an internal mail distribution list that includes members of processing team. The action will be taken either to take down the domain name or to place the domain name on hold status.

If determines there is a reasonable likelihood that the incident warrants immediate action, the domain name will be removed from the zone immediately.

28-3 Measures for Removal of Orphan Glue Records

Glue records can be used maliciously to point out the name servers which host the domain names to be used in illegal phishing and other abusive activities. When the .政府 registry gets evidences of actual abuse of orphaned glue, the registry will take action to remove those records from the zone.

If the .政府registry becomes aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.

28-4 Measures to Promote WHOIS Accuracy

28-4-1 Complaints Handling for Inaccurate or Incomplete WHOIS Data

The .政府registry will offer a mechanism whereby third parties can submit complaints directly to the registrars about inaccurate or incomplete WHOIS data. The process is as below:
- When the .政府 registry or any of its registrars receive a domain name compliant by third-party, a mail will send to registrant to inform the domain’s WHOIS information has been complained by the third-party.
- Registrant need to update its WHOIS data within a period and then .政府registry or any of its registrars will examine the WHOIS data to check whether the information is correct.
- If registrant failed to take any action or the WHOIS data is still inaccuracy. Domain name will probably be suspended or deleted.

The .政府 registry will include a thick WHOIS database as required in Specification 4 of the Registry agreement.

28-4-2 E-MAIL Confirmation Process

At the last step of registration, the .政府 registry will send a confirmation e-mail to registrant.

Registrant should check the WHOIS data and confirm all the information correct. After examination, registrant has to click the link in this mail to identity verification. The application will be successful if all the processes above have been completed.

28-4-3 Monitoring of Registration Data

The .政府 registry will regularly monitor the registration data for accuracy and completeness by employing authentication methods, establishing policies and procedures to address domain names with inaccurate or incomplete WHOIS data.

Registrant should confirm the information is correct and need to provide accurate and reliable contact detail.

When data changed, registrant should update it immediately.

28-4-4 Domain Update Process

The .政府 registry provides multi-factor authentication to ensure proper access to domain functions.

When a domain name is proceeding any update, such as renewal, transfer, deletion, it requires multi-factor authentication. After update domain’s status, the system will send a confirmation e-mail, and registrant needs to click the link in this mail to identity verification to complete the process.

28-5 Co-works with CERT for Malicious Activity

The .政府 registry has coordinated the policy and procedure with TWCERT Coordination Center, everyone can report improper use of domain names, such as phishing or pharming on the reporting system, then it will trigger the notifying and action procedure. The relevant parties, e.g. ISPs, registry and registrars will receive the immediately notifications and take action to remove phishing sites.

28-6 Adequate Controls to Ensure Proper Access to Domain Functions

The .政府 registry defines the control mechanisms for ensuring proper access, including the following items:

28-6-1 Entry ID and Password

Registrants will get an entry ID and Password for accessing the Domain Name Management System, if the registrant wants to change the registration information need to be authenticated by the ID and Password.

If registrant lost the ID or Password, it is necessary to submit the qualification documents to registrars, then to get the new password after the confirmation by registrars.

28-6-2 E-MAIL Confirmation Process

As the new registration process, the .政府 registry will send a conformation e-mail to registrant when the registrant gets the new password. The registrant has to click the link in this mail to identity verification and use new password to access his⁄her domain name management website.

28-7 Resourcing Plans

For abuse mitigation is basis on variety of functional groups. It includes Policy⁄Legal team, Technical Support Team, and Customer Support team. Customer Support team need to assist the investigation and response to customers, and notifying registrars of abusive domains. Policy⁄Legal team is responsible for developing policies and procedures. Technical Support Team needs to support the DNS relevant procedure and mechanisms. The resource is described as Table 28-1 (Q28_attachment).

Similar gTLD applications: (0)