28 Abuse Prevention and Mitigation

Prototypical answer:

The Registry recognizes that the abusive uses of domain names, such as phishing, spamming and distribution of malware, are growing problem across the Internet. These behaviors are increasingly perpetrated by professional criminals who use technically and socially sophisticated means to victimize the public and misuse Internet resources.

The Registry will adopt an anti-abuse use policy that is designed to benefit registrants, registrars and end-users of the domain names across the Internet. It will define the abusive practices with respect to the domain names and outline the prevention and mitigation effort towards these practices.

Implementation Plan
1. Single Abuse Point of Contact

The Registry will establish an Implementation Plan for handling complaints about abuse, as following:
• Registry will prominently publish abuse contact information on its website;
• The abuse contact will prominently displayed on its webpage, and a uniform naming convention will be utilized to facilitate discovery of the website;
• The abuse contact information shall consist of telephone and email address. The email address may be an alias, not a specific person’s name, to manage operational efficiency;
• Request submitted by verified law enforcement agencies to this contact will receive an acknowledgement of receipt from the registry within 24 hours; and
• The contact at the registry will be empowered to act in response to a well-founded report of illegal, criminal or malicious activity involving the domain name registration.

Policies for Handling Complaints regarding Abuse
1. Scope of Jurisdiction
The Registry’s area of jurisdiction for handling complaints is only limited to matters related to the domain names. It does not have the authority to handle complaints related to other Top Level Domains (TLDs), web hosting, email services and objectionable website content.

2. Anti-Abuse Use Policy
a. Registrar
The Registry intends to incorporate Anti Abuse Use Policy into the The Registry Registrar Agreement (RRA). Registrars should not tolerate abusive use related to the domain names for which they act as sponsoring registrars.

Under the provision of the Registry Registrar Agreement (RRA), Registrar shall promptly investigate complaints alleging any such abusive practices, and shall take all appropriate actions based upon such investigations. Registrar shall use commercially reasonable effort to resolve the complaints, as request or recommended by the registry or any legal authority.

Registrar’s failure to comply with the policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to the registry under the RRA.

b. Registry
Pursuant to the RRA, The Registry reserve the right to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock or hold, in its discretion, with the aim to:
• Protect the security and stability of the DNS;
• Comply with any applicable court order, laws, government rules and requests of law enforcement;
• Comply with any dispute resolution process;
• Comply with the terms of Registration Agreement;
• Avoid any liability, civil or criminal, on the part of the registry, as well as its affiliates, subsidiaries, officers, directors and employees;
• Correct mistakes of the registry or any registrars with regards to the domain registration.

The Registry reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

Glue Records
The Registry does not allow orphan glue records. Glue records are removed when (or required to be removed before) the delegation point NS record is removed. Other domain names that need the glue record for correct DNS operation may become unreachable or less reachable depending on their settings of DNS service.

Resource Plan
Anti-Abuse Desk
The Registry will have a management staff (i.e. Operations Manager) to spearhead the setting up of an anti-abuse desk, dedicated to handle all matters with regards to abuse. An Administrative Executive will be hired to assist the Operations Manager for the handling of abuse complaints, shall the workload increase.

The Registry will intend to engage external providers to resolve the abuse complaints, such as:
• Uniform Rapid Suspension (URS), as drafted by ICANN;
• Rapid Takedown, as similar service engaged by ICM Registry (the operator of .XXX TLD); or⁄and
• Legal professional to deal with any legal matters arise.

The budget for the engagement of the legal professional is provisioned in the projection forecast in Template 1. The fees for the URS and Rapid Takedown would be borne by the complainant.

Joining Working Groups
To keep up with knowledge in dealing with anti-abuse issues and mitigation practises, The Registry intends to participate in Anti-Phishing Working Group (APWG). The APWG is the global pan-industrial and law enforcement association focused on eliminating fraud and identity theft that result from phishing, pharming, and email spoofing of all types. The APWG also focuses on policy-related issues associated with the DNS to examine abuses of the DNS that may require remediation.

The Registry may also tap into the forum of Registry Internet Safety Group (RISG). The purpose of RiSG is to facilitate dialogue, affect change, and promulgate best practices to combat domain name abuse, Internet identity theft in all its forms and malware distribution. The member registry operators are examining anti-abuse best practices and use cases for registries, and opportunities for data sharing.

WHOIS Accuracy
The Registry intends to outline measures to promote WHOIS accuracy that to be undertaken by the registry directly or by the registrars via the requirements in the The Registry-Registrar Agreement (RRA).

The Registry intends to incorporate the WHOIS Accuracy policy into the RRA where Registrars are required to regularly monitor registration data for accuracy and completeness.

Registrar shall use commercially reasonable effort to monitor and check on the registration data, as requested or recommended by the registry.

Registrar’s failure to comply with the policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to the registry under the RRA.

Authentication of registrant information
The domain name is for open registration and generic use TLD. The Registry (via its registrars) will perform authentication of the registrant information as complete and accurate during Sunrise registration.

Regular Monitoring of Registration Data for Accuracy and Completeness
The Registry will randomly sample WHOIS data from the registry database daily, and will check on the registration data for accuracy and completeness. Any WHOIS irregularities or inaccuracies found during the sampling will be forwarded to the sponsoring registrars for their subsequent remedies.

Any failure to remedy the situation in a timely fashion may result the domain name to be treated as violation of Registration Agreement, where anti-abuse domain use policy shall be enforced.

The Registry will rely on the WHOIS Data Reminder Policy (WDRP) set down by ICANN for the accredited registrars to ensure the WHOIS data of all the domain names are at least reviewed once a year for accuracy.

The Registry provides a Data Watch service which will will email the new and old registrant contact address when there is a change in contact information for the domain. This mechanism works as a counter check measurement to ensure that the registrant validates that the information. The registrant can contact The Registry through the anti-abuse helpdesk.

Policies and Procedures that define malicious or abusive behavior
1. Definition of Abuse
The Registry does not tolerate the abusive use of its domain name, which causes security and stability issues for the registry, registrars and the general Internet community. The Registry defines abusive use as the wrong use of power, position or ability and includes but is not limited to the following:
- Illegal or fraudulent actions;
- Any form of spam i.e. email spam, messaging spam etc;
- Phishing which involves the use of bogus websites to obtain personal information;
- Pharming which involves redirecting unknowing users to fraudulent websites to obtain personal information;
- Willful dissemination of malware;
- Fast-flux hosting which involves the use of DNS to frequently change the location of a website to hide its location or host illegal activities; and
- Botnet command and control.

Establishing Service Level Requirement for resolution
2. Participating in Uniform Rapid Suspension (URS)
The Registry will cooperate with ICANN for the implementation of URS, shall the policies and procedures are finalized. The involvement of the registry for the scope of URS shall include the followings:
• Upon completion of the Administrative Review, the URS Provider will immediately notify the registry (via email) (“Notice of Compliant”) after the Compliant has deemed compliant with the filing requirements. Within 24 hours of receipt of the Notice of Complaint from the URS Provider, the registry shall “lock” the domain name, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will continue to resolve. The registry will notify the URS provider immediately upon locking the domain name (“Notice of Lock”).
• If after the Examination in Default case, the Examiner rules in favor of the Registrant, the URS provider shall notify the registry. Upon receiving the official notice from the URS provider, the registry will unblock the name and return full control of the domain name registration to the Registrant.
• If the Determination is in favor of the Complainant, upon receiving the official decision from the URS provider, the registry will suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be re-directed to an informational web page provided by the USR Provider.
• The Registry will incorporate URS into the Registration policies, as a takedown measures and procedures to minimize abusive registration.

3. Alternative use of Rapid Takedown Dispute Resolution Policies
In the absence of URS, The Registry may provide a Rapid Takedown process through engagement with a dispute resolution provider that consists of a response team of qualified expert (qualified UDRP panelist).

The Registry agrees that majority of cases that go through the Uniform Dispute Resolution Process (UDRP) are mainly obvious variant of well-known marks. As such, it would be a waste of time or resources for the most obvious cases of infringement to go through the UDRP filings. The Registry may provide a rapid takedown process where a response team of qualified experts (qualified UDRP panellists) will be involved to determine within 48 hours of receipt of a short and simple claim of involving a well-known mark or otherwise inherently distinctive mark and a domain name where no conceivable good faith basis exists. The results may result in an immediate termination of the domain name, but will not prejudice either party’s election to pursue other dispute mechanisms.

4. Service Level for responding to law enforcement requests
In responding to law enforcement requests, The Registry will use the provision within the Anti-Abuse Domain Use policy to act quickly to take down sites that are harboring malware, launching phishing attacks, or otherwise being used to launch attacks across the Internet.

5. Disqualification of Registrant
Traditionally, speculative abusive domain registrations have always attracted a small group of individuals and organizations specializing in high volume registrations due to the profitability of abusive registrations. The Registry may disqualify any registrants that have been found to be making abusive registrations and their agents or any parties determined to be acting in cahoots will also be disqualified from maintaining any registrations or making future registrations in the TLD.

Control for proper access to domain function
The Registry intends to outline measures to promote access control to domain functions by the registrars. The measures to be outlined in the RRA shall include:
• Requiring strong passwords from registrants to process update, transfers and deletion requests;
• Requiring the notification of multiple, unique points of contact when a domain has been updated, transferred or deleted.

Similar gTLD applications: (2)