28 Abuse Prevention and Mitigation

Prototypical answer:

Domain Name Anti-Abuse Policy

The following policy (ʺ.Life Domain Anti-Abuse Policyʺ) is defined by the Registry and to be adhered by its Registrars and agents.

1. Abusive Use
Abusive use(s) of .Life domain names shall not be tolerated. The nature of such abuses creates security and stability issues for the registry, registrars, registrants, as well as users of the Internet in general. ...Life registry defines abusive use of a domain as the wrong or excessive use of power, position or ability, and includes, without limitation, the following:

Illegal or fraudulent actions;

Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;

Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;

Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning;

Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses;

Fast flux hosting: Use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves;

Botnet command and control: Services run on a domain name that is used to control a collection of compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks);

Distribution of child pornography; and

Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

2. Registration(s) abuse
Registration(s) abuse of .life domain names, according to Registration Abuse Policies Working Group Initial Report includes the following, which are all prohibited.

Cybersquatting: Cybersquatting is the deliberate and bad-faith registration or use of a name that is a registered brand or mark of an unrelated entity, for the purpose of profiting (typically, though not exclusively, through pay-per-click advertisements). We adopt the provisions 4(a) and 4(b) of the UDRP as a sound definition of Cybersquatting.

Domain kiting ⁄ tasting: Registrants may abuse the Add Grace Period through continual registration, deletion, and re-registration of the same names in order to avoid paying the registration fees. This practice is referred to as “domain kiting.” This term has been mistakenly used as being synonymous with domain tasting, but it refers to multiple and often consecutive tasting of the same domain.

3. Prohibition Suspension and Cancellation
You agree that you will not (i) use our services to commit a criminal offense or to encourage conduct that would constitute a criminal offense or give rise to a civil liability, or otherwise violate any local state, Federal or international law or regulation; (ii) upload or otherwise transmit any content that you do not have a right to transmit under any law or contractual or fiduciary duty; (iii) interfere or infringe with any trademark or proprietary rights of any other party; (iv) interfere with the ability of other users to access or use our services; (v) claim a relationship with or to speak for any individual, business, association, institution or other organization for which you are not authorized to claim such a relationship; (vi) interfere with or disrupt the service or servers or networks connected to the service, or disobey any requirements, procedures, policies or regulations of networks connected to the service; or (vii) reproduce, duplicate, copy, use, distribute, sell, resell or otherwise exploit for any commercial purposes any portion of the services.

Upon the provisions of RRA, registrar shall promptly investigate complaints alleging any abusive practices, and shall take all appropriate actions based on investigations. Registrar shall use commercially reasonable effort to resolve the complaints, as request or recommended by the registry or any legal authority. Registrarʹs failure to comply with the policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to the registry under the RRA.

Please acknowledge that, according to relevant provisions in RRA, the registry reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of the registry, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by the registry or any Registrar in connection with a domain name registration.

The abusive activities, as defined above, undertaken with respect to ...life domain names shall give rise to the right of its registry to take such actions under Section 3.6.5 of the RRA in its sole discretion.

Single Abuse Point of Contact

1. The registry will prominently publish abuse contact information on its website.
2. The public can easily discover the contact page on the registryʹs home website
3. The abuse contact information consists of telephone and email address.
4. The contact at the registry will be empowered to act in response to a well-founded report of illegal, criminal or malicious activity or any other abuse outlined activities in abuse policy.
5. All reports of abuse should be sent to our abuse department at
Email: abuse@registry.life.
Mailing Address: 35.com building, No8 Guanri Road, XiaMen, China.
Link published: http:⁄⁄www.registry.life⁄abuse-policy.htm

Anti-Abuse Measures

To enhance the security, integrity and quality of .life domain names, we are committed to delivering reliable and appropriate measures⁄services to mitigate and prevent harm the rights and interests of third parties and keep .life safe. The registry will incorporate the Anti-Abuse policy into the Registry Registrar Agreement (RRA).

The follow tools or measures aim to against illegal online activity.

1. Phishing and Spam feed - this service provides registrars with information about domain names on their account that are suspected of being involved in phishing and or unsolicited email behavior. We will work with Top Anti-Fraud Centers & security companies in the industry for instance Netcraft, Spamhaus, which will provide the data feed of sites that have been reported as phishing sites. This data will alert the registrar(s) of domain names belonging to. Once registrars received the alert notification, they can check on the domain names and take further appropriate actions. The 〈Hold〉 operation is the auxiliary method to lame the domain name involved during investigation process.

2. Registry⁄Client Hold - this operation means DNS delegation information MUST NOT be published for the object, which results in any web site or email associated with the domain name will no longer be available. As indicated, the Server Hold operation is applicable for registry operator whilst the Client hold is applicable for registrar(s). Client Hold can be accomplished by EPP mode or registrar domain management panel.

3. Trademark Clearinghouse - The Trademark Clearinghouse is a central repository for information to be authenticated, stored, and disseminated, pertaining to the rights of trademark holders. ICANN will enter into an arms-length contract with service provider or providers, awarding the right to serve as a Trademark Clearinghouse Service Provider, i.e., to accept, authenticate, validate and facilitate the transmission of information related to certain trademarks. The trademark clearinghouse being required to provide two primary functions:
(1) Authentication and validation of the trademarks in the Clearinghouse
(2) Serving as a database to provide information to the new gTLD registry to support pre-launch Sunrise or Trademark Claims Services

The Registry will give owners of trademarks entered in the Trademark Clearinghouse the right to register a domain name consisting of the trademark before registration is available to the general public. In the meantime, those attempting to register a domain name that is in the Trademark Clearinghouse will be notified that the proposed domain name is a trademark while owners of those trademarks, and if entered in the Trademark Clearinghouse, will receive notifications when someone tries to register a domain name that is identical to their trademarks.

4. UDRP – As stated on ICANN’s UDRP page, all registrars must follow the Uniform Domain-Name Dispute-Resolution Policy (often referred to as the ʺUDRPʺ). Under the policy, most types of trademark-based domain-name disputes must be resolved by agreement, court action, or arbitration before a registrar will cancel, suspend, or transfer a domain name. Disputes alleged to arise from abusive registrations of domain names (for example, cybersquatting) may be addressed by expedited administrative proceedings that the holder of trademark rights initiates by filing a complaint with an approved dispute-resolution service provider. In this regard, we absolutely adopt this policy and implemented in RRA (Registry-Registrar-Agreement).

5. URS – Also known as Uniform Rapid Suspension System is designed to offer trademark owners a quick and low-cost procedure to take down infringing websites. Unless the decision is reversed, the domain name will point to a mandatory URS placeholder page for the remaining registration period. Within 1 working days of the receipt of the notice of Complaint from the accredited URS provider, we will place administrative “lock” on the domain name; in the case, the domain name can’t be transferred, deleted, and its whois information can’t be updated. Upon receipt of the determination, we will act to comply with the Determination within 1 working day of receipt.

6. Deletion-Limit in AGP- As known, the five-day ‘Add Grace Period’ is commonly given to registrars to rectify errors when registering new domain names without cost. However, it is unfairly token advantage of by speculators testing the profitability of domain names through advertising revenues and or put it in bad-faith use. Based on this, we will introduce limits on the number of domains a registrar could delete against this kind of abuse. The limit is set at 10% of the total number of domains registered, which will deter abuse and at the same time keep the flexibility for registrars to correct the genuine errors might occur, like mistype, anti-fraud, etc.

The registry seeks Collaborative work with Law Enforcement and the Antiphishing Working Group (APWG), the Computer Emergency Response Teams (CERT) and share data with them. Besides that, the registry intends to apply for membership of industry groups, like the RISG (Registry Internet Safety Group, thus sharing best anti-abuse practices and set up collaboration across the industry.

Note,
All the requests and decisions from the UDRP & URS provider will be executed in the time scope defined by the consensus policy published.

Handling Complaints procedure

In addition to the Phishing and Spam feed provided to help accredited registrars monitor and reduce domain’s abusive use, we will also provide an channel for the public to report any abuse. Any individual and party can lodge a complain via abuse@registry.life. Below is the procedure of for handling complaints:

1.Categories:

[Category 1], 24-hour Response:
Spam

[Category 2], 16-Hour Response:
Fast flux hosting

[Category 3], 8-Hour Response:
Phishing
Pharming
Willful distribution of malware
Botnet command and control
Illegal Access to Other Computers or Networks
Illegal or fraudulent actions

[Category 4], 1-Hour Response:
Distribution of child pornography

1.1 Above is the standard response time for the various categories imposed on registrars. The response times act as a guide and are not a guarantee and may be modified on a case-by-case basis depending on the abuse type, severity, history, quantity of complaints, upstream provider requirements, and other factors.

2. Procedure for handling complaint:

2.1 The complainant collects the evidence of abuse in connection to the alleged domain name and sends them to abuse@registry.life. The content must include the domain name in question, the abuse type and evidence material.

2.2 Within 24 hours of the receipt of complaint, if material is verified, we will forward the complaint to the registrar that is sponsoring the registration of domain name concerned.

2.3 The sponsoring registrar shall take appropriate steps to investigate the case and act within the response time given in 1 paragraph. The registrar might suspend the domain name first to prevent further abuse to third parties.

2.4 The domain name will be taken out of the zone by the registry if the registrar fails to respond to the complaint.

2.5 In the event that the breach has been resolved, the “hold” status can be removed from the domain name.

The registry is committed to offering a high level of cooperative service with law enforcement. Our legal team will respond to the request of all subpoenas, court orders, search warrants, emergency requests and the other legal requests within 24 hours of receipt of the request which could be accepted by email and fax. The email and fax contact information being published on our website contact page. The registry is permitted to disclose account’s registered information, log-in and other information voluntarily to a federal, state, or local governmental entity, and reserve the right to temporarily suspend or even terminate the account, disclose the information according to the relevant Electronic Act where applicable.

Orphan Glue Record

As definition in SAC 048 - SSAC Comment on Orphan Glue Records in the Draft Applicant Guidebook, orphan records used to be glue records, however, it becomes an ʺorphanʺ when the delegation point NS record referencing it is removed without also removing the corresponding glue record. The delegation point NS record is sometimes referred to as the parent NS record.

As pointed out in the book, there might be inconsistencies and even abuse behavior connecting to the domain name which is still using on the orphan record because of the lack of administrative control and lack of attribution for this orphan record. The registry doesn’t allow the existence of orphan records. Once the parent NS record is removed, the associated glue record(s) will also be removed consequently.

Service Level Requirement for resolution

1. Rapid Takedown Dispute Resolution Policy

The registry may provide a Rapid Takedown process through engagement with a dispute solution provider that consists of a response team of qualified expert (qualified UDRP panelists). The registry agrees that majority of cases that go through the Uniform Dispute Resolution Process (UDRP) are mainly obvious variant of well-known marks. As such, it would be a waste time or resources for the most obvious cases of infringement to go through the UDRP fillings. Registry may provide a rapid takedown process where a response team of qualified experts (qualified UDRP panelists) will be involved to determine within 48 hours of receipt of a short and simple claim of involving a well-known mark or otherwise inherently distinctive mark and a domain name where no conceivable good faith basis exists. The results may result in an immediate termination of the domain name, but will not prejudice either partyʹs election to pursue other dispute mechanisms.

2. Response to Law enforcement requests

In response to law enforcement requests, the registry will use the provision within the Anti-abuse policy to act quickly to take down sites that are being involved with any illegal activities.

3. Uniform Rapid Suspension System

Registry will cooperate with ICANN for the implementation of URS, shall the policies and procedures are finalized. The involvement of the registry for the scope of URS shall include the followings:

3.1. Upon completion of the Administrative Review, the URS Provider will immediately notify the registry (via email) (“Notice of Compliant”) after the Compliant has deemed compliant with the filing requirements. Within 24 hours of receipt of the Notice of Complaint from the URS Provider, the registry shall “lock” the domain name, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will continue to resolve. The registry will notify the URS provider immediately upon locking the domain name (“Notice of Lock”).

3.2. If after the Examination in Default case, the Examiner rules in favor of the Registrant, the URS provider shall notify the registry. Upon receiving the official notice from the URS provider, the registry will unblock the name and return full control of the domain name registration to the Registrant.

3.3 If the Determination is in favor of the Complainant, upon receiving the official decision from the URS provider, the registry will suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be re-directed to an informational web page provided by the USR Provider.

The Registry will incorporate URS into the Registration policies, as a takedown measures and procedures to minimize abusive registration.

4. Disqualification of Registrant

Traditionally, speculative abusive domain name registrations have always attracted a small group of individuals and organizations specializing in high volume registrations due to the profitability of abusive registrations. Registry may disqualify any registrants that have been found to be making abusive registrations and their agents or any parties determined to be acting in cahoots will also be disqualified from maintaining any registrations or making future registrations.

Measures to promote Whois accuracy

1. Registrar and Registrant Obligations About Whois.
1.1 Submission of Registered Name Holder Data to Registry
1.1.1 Registrar shall submit the following data elements to the registry:
The name of Registered Name being registered;
The IP addresses of the primary name server and secondly name servers for the registered name;
The original creation date of the registration;
The expiration date of the registration;
The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the registrant for the registered name;
The name, postal address, email address, voice telephone number, and (where available) fax number of the administrative contact for the registered name; and
The name, postal address, email address, voice telephone number, and (where available) fax number of the technical contact for the registered name; and
The name, postal address, email address, voice telephone number, and (where available) fax number of the billing contact for the registered name; and

1.2 Upon receiving any updates to the data elements listed in Section 3.3 from the Registrant, Registrar shall promptly, and no later than twenty-four (24) Hours, update its database and provide such updates to the Registry.

1.3 Registrar shall require all registrants to enter into an electronic or paper registration agreements with registrar including at the least the following provisions:
1.3.1 The registrant shall provide to registrar accurate and reliable contact details and promptly correct and update them during the term of the registered name registration, including: the full name, postal address, email address, voice telephone number, and fax name if available of the registrant; name of authorized person for contact purposes in the case of a registrant that is an organization, association, or corporation.

1.3.2 A registrantʹs willful or grossly negligent provision of inaccurate or unreliable information, its willful or grossly negligent failure promptly to update information provided to registrar shall constitute a material breach of the registration’s registration agreement with the registrar and be a basis for cancellation of the registered name registration.

1.3.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.

1.4 Enforcement of Accurate Whois Data

1.4.1 Registrar shall accept written complaints from third parties regarding false and⁄or inaccurate whois data of registrants.

1.4.2 No later than thirty (30) days after receipt of a written complaint, the registrar shall conduct an initial investigation into the veracity and accuracy of the contact details. If the registrar determines that the information is false, inaccurate or not up to date, registrar shall issue a letter to the registrant via email, and regular fist class mail, stating that the information contained in the registrant’s whois record may be false, inaccurate or not up to date.

1.4.3 The registrant shall be required to update its contact information not later than thirty (30) calendar days from the date of such notice. If, within(30) days, registrant can either (i) show that it has not provided false or inaccurate contact information or (ii) provide the updated whois information, then the registrant will be allowed to maintain its TLD domain name registration. If, however, after thirty (30) days, the registrant either does not respond to registrar’s notice or is unable to provide true and accurate contact information, the registrant shall be deemed to have breached its registration agreement and the registrar shall be required to delete the registration.

1.4.4 The registrant shall abide by any specifications or policies establish, (a) verification, at the time of registration, of contact information associated with a registered name sponsored by Registrar or (b) periodic re-verification of such information. Registrar shall, upon notification by registry or any other third party of an inaccuracy in the contact information associated with a registered name sponsored by registrar, take the steps to investigate the claimed inaccuracy. In the event registrar learns of inaccuracy contact information associated with a registered name it sponsors, it shall take the steps to correct that inaccuracy. In addition, registrar shall designate an agent to receive notification from registry regarding inaccurate or incomplete data concerning all active registered name sponsored by registry in the .Life TLD, and shall provide to registry the name, postal address, voice telephone number and e-email address of such designated agent.

2. Whois Reminder

2.1 Routine Whois Data Reminder

At least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections.

2.1.1 Time for Coming into Compliance: As provisions stated in our Accreditation Agreement, all accredited registrars must come into compliance with the WDRP by their ʺCompliance Dateʺ, as described in the next two sentences. The compliance date for registrars accredited is the effective date of their accreditation agreements.

Beginning on its Compliance Date, each registrar must provide, before the passage of the anniversary of the creation date of each registration the registrar sponsors, a WDRP Notice (described below) to the registrant for that registration. By way of example, a registrar with a Compliance Date of April 15, 2012 is required to give a WRDP notice for registrations it sponsors on the following schedule:

Compliance Date is April 15, 2012
Domain Name | Creation Date | DRP Notice Required No Later Than
example.life | 14 October 2013 | 14 October 2014 (and by 14 October of every year thereafter)
Example2.life| 25 January 2014 | 25 January 2015 (and by 25 June of every year thereafter)

(Note: WDRP Notices for registrations with creation dates of 29 February may be given no later than 1 March in non-leap years.)

2.1.2 What the WDRP Notice Must Include: Each WDRP notice must include a copy of the data elements listed in RAA subsection 3.3.1 as contained in the registrarʹs database for each registration, plus a statement reminding the registrant that under the terms of the registration agreement the provision of false Whois information can be grounds for cancellation of a domain name registration.

2.1.3 How, and to whom, the WDRP Notice May Be Presented: The WDRP Notice can be presented via web, fax, postal mail, e-mail, or other appropriate means. It can be presented in one or more languages, including at least the language of the registration agreement. The Notice may be presented to the registrant either directly or through the administrative contact for each registration.

2.1.4 Documentation Requirements: Registrars must maintain either copies of each WDRP Notice or an electronic database documenting the date and time, and the content, of each WDRP notice sent under this policy. Registrars shall make these records available for inspection by ICANN in accordance with the usual terms of the Registrar Accreditation Agreement. ICANN will consider proper notification to have been given for a registration if the registrar can show that a WDRP Notice meeting the requirements stated above was given at any time in the year before each anniversary of the registrationʹs creation date (for anniversary dates on or after the Compliance Date).

Model WDRP Notice: In order to assist registrars in preparing the required notice, the following sample of WDRP Notice has been given below:

[Sample begins]
Whois Data Reminder
Dear Valued Customer,
This message is a reminder to help you keep the contact data associated with your domain registration up-to-date. Our records include the following information:
Domain: example.life
Registrar Name: Registry Registrar
Registrant Contact:
Name: 35.com.
Address: 35.com building
No 8 guanri road
City: Xiamen
State⁄Province: Fujian
Country: CN
Postal Code: 361008
Phone: 0086-0592-539-0000
Fax: 0086-0592-539-0000
Email: support@registry.life
Administrative Contact:
Name: 35.com.
Address: 35.com building
No 8 guanri road
City: Xiamen
State⁄Province: Fujian
Country: CN
Postal Code: 361008
Phone: 0086-0592-539-0000
Fax: 0086-0592-539-0000
Email: support@registry.life
Technical Contact:
Name: 35.com.
Address: 35.com building
No 8 guanri road
City: Xiamen
State⁄Province: Fujian
Country: CN
Postal Code: 361008
Phone: 0086-0592-539-0000
Fax: 0086-0592-539-0000
Email: support@registry.life
Billing Contact:
Name: 35.com.
Address: 35.com building
No 8 guanri road
City: Xiamen
State⁄Province: Fujian
Country: CN
Postal Code: 361008
Phone: 0086-0592-539-0000
Fax: 0086-0592-539-0000
Email: support@registry.life
Original Creation Date: 25⁄10⁄2012
Expiration Date: 25⁄10⁄2013
Nameserver Information:
Nameserver: ns1.registry.life
Nameserver: ns2.registry.life

If any of the information above is inaccurate, you must correct it by visiting our website. (If your review indicates that all of the information above is accurate, you do not need to take any action.) Please remember that under the terms of your registration agreement, the provision of false Whois information can be grounds for cancellation of your domain name registration.

Thank you for your attention.

Best regards,
Registry registrar
[Sample ends]

2.2 Whois Reminder

Upon receiving the update to the data elements to the domain name sponsored, Registrar shall provide separate notices to new registrant and old registrant about the details of the update, including the old data and the new data and IP conducted the change. This is to inform the old registrant that change might be done without his⁄her consent and he⁄she shall report this to registrar’s support team for this potential illicit change and make any corrections. The new registrant must review the whois data, and assure its accuracy. A sample of notice to the old registrant given below,

[Sample begins]
Dear Domain Registrant,

We have detected that the change below. If you believe someone else has changed your account without authorization, please contact our support team by any means available immediately for data protection. The time of modification and IP address of the computer sending the request are below.

Time of modification: Year-Month-Day Time IP address: 110.222.113.114

[Domain name]

[The Old Data]

[The New Data]

Sincerely,

Registry Registrar

[Sample ends]

3. Whois Data Compliance

3.1 Outside Reach

Every accredited Registrar is required to maintain accurate WHOIS information for all domain names as per the RAA. if there are reported inaccuracies in the contact information for any domain name, the sponsored registrar shall investigate and take steps for correction.

The registry makes every endeavor on improving Whois data accuracy. The registry also provides a reporting tool to allow the public to report the inaccuracy of Whois data on any .life domain names. The link will be located at http:⁄⁄www.regsitry.life⁄whois-report.html. The domain’s sponsoring Registrar is required to act on the complaint according to ICANN’s Registrar Advisory Concerning the ʺ15-day Periodʺ in Whois Accuracy.

How the public reporting system works

3.1.1 Upon receiving a compliant from the public, the registry will ask for verification from the complainant by email. If the complainant does not reply within 2 days, the report will be disregarded.

3.1.2 Once complaint is verified, the registry will forward it to the registrar, that is sponsoring the domain names in question, for handling according to ICANN’s Registrar Advisory Concerning the ʺ15-day Periodʺ in Whois Accuracy.
3.1.3 The sponsoring registrar will initiate an investigation and update its findings to the registry accordingly. The result may include: 1) The data inaccuracy was corrected. 2) The information was verified and found to be correct. 3) The domain has been deleted, cancelled or suspended.

3.1.4 The reporting system will record the result and close the complaint automatically.

3.1.5 The registry compliance team will review the case and ask for for more supporting information if necessary.

The complaint will remain open in the Registry’s internal tracking system untill the Registrar’s investigation result has been received. The registry’s compliance manager will give registrar formal notice if the report has been ignored.

3.2 Registry’s Audit

3.2.1 The registry will randomly sample registered domain names from every active accredited registrar and attempt to verify the validity of the Whois data on daily basis. Each Whois record will be reviewed for population of the following data fields:
The name of the registered name
The names of the primary nameserver and secondary nameservers for the registered name
The identity of registrar (which may be provided through the registrarʹs website)
The original creation date of the registration
The expiration date of the registration
The name and postal address of the registered name holder
The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the registered name
The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the registered name

3.2.2 If the Whois output by registry’s manual verifying is deemed satisfactory, the result will be noted so the domain name will not be sampled next round again.

3.2.3 If the Whois output is deemed unsatisfactory, the sponsoring registrar will be notified of their obligation to take reasonable steps to investigate and correct the Whois inaccuracies. The registrar will be requested to submit the investigation steps and result to the registry’s compliance team within 15 days.

3.2.4 The failure of response to the WDPRS reports filed concerning domain names registered through their companies constitutes the breach of registrar’s obligation provisions in RRA and RAA. The registry’s compliance manager will then contact the registrar to ensure the breach is resolved.


Data Access Security Control

The registry include provision below in RRA that,
1. the data access requires strong passwords given to domain’s registrant to process update, transfer, and deletion requests.
2. the only registrant contact is authorized to process update, transfers, and deletion requests.
3. the notification of multiple, unique points of contact when a domain name has been updated, transferred or deleted.


Resourcing Plan

Xiamen 35.com Technology Co. Ltd will commit the following resources to manage domain name abuse and Whois accuracy:

Job description and requirements:

Position⁄Number
The Compliance Manager ⁄ 1
Responsibilities:
Coordination with the outsource service providers towards the RPM mechanisms namely Trademark Clearing House, URS, PDDRP, and UDRP, and legal affairs.
Responsible for various compliance matters of .Life registry
Works independently within established policies, guidelines and strategies; develop relevant policies and procedures as necessary.
Advanced professional knowledge and expertise.
Demonstrates seasoned and proven judgment.
Compliance Training & Compliance Manual.
Internal reports and inquiries: prepare compliance internal reports.
Supervision: supervise compliance rep and delegate some of the responsibilities as appropriate.
Other compliance matters that may be assigned.

Requirements:
5 years industry experience required.
Extensive knowledge and understanding of the internet and network.
Previous compliance experience is required.
Computer literate.
Strong interpersonal skills and a team player.
Strong written and spoken English in addition to the local language.
Bachelor⁄University degree.
Skilled in MS OS and Office software.
Legal background is a plus.

The compliance staff ⁄ 1
Job Responsibilities:
Receive incoming reports and abuse complaints.
Carry out handling procedure.
Review the issues.
Regular Report to the manager.

Requirements:
Solid understanding of internet terminology.
Knowledge of basic office skills (Word, Outlook, Excel, general database).
Exceptional written & verbal communication.
Ability to learn and effectively utilize customer support tools⁄resources.
Six months customer service experience.
Preferred educational background in legal and Computer technology.
Strong written and spoken English in addition to the local language.

The registry compliance team’s daily work may mostly include the following,
1.Randomly sample domain for domain’s whois validation
2.Review the result on public whois reporting system and contact the registrar(s) for further supporting information wherever necessary.
3.Receive the public abuse report and handle it in accordance with applicable polices and procedures. Keep in contact with the registrar(s) for solution and support when needed.
4.Liaison with ICANN for the compliance issues
5.Coordination with the outsource service providers towards the RPM mechanisms namely Trademark Clearing House, URS, PDDRP, and UDRP, and legal affairs.

Please further refer to the detailed resource plan in question 31 for the human resource policy.

Similar gTLD applications: (0)