28 Abuse Prevention and Mitigation

Prototypical answer:

28. The .firmdale TLD will be a single registrant registry with only the Applicant, as registrant with and its affiliates and subsidiaries using domains for its Hotel, Restaurant, Bars and other ancillary businesses such as the hotel property development company and laundry business. The Whois record will show Firmdale Holdings Ltd, as the Registrant, with named contact personnel, ie the Head of IT Mr Mark Rupert Read, and other personal named for the technical contacts and administrative contacts, with complete and correct address, telephone numbers and email. This is in line with current practice. Firmdale operates in transparency with all its key directors and managers publicly named and displayed on its main website with email and telephone numbers.

1) Implementation Plan
Single Abuse Point of Contact

In the setting up of its registry Firmdale will also set up a registry website with a contact form to report abuse, a searchable whois function and provide a single point of contact emails for third parties and or for law enforcement to contact Firmdale in respect of any abuse of domain names. A uniform naming convention will be utilized to facilitate discovery of the website. In addition any third parties will be able to contact Firmdale whether to report trademark infringement or abuse. Firmdale will publish its registry policies and anti-abuse policies. Any request submitted by verified law enforcement agencies will receive an acknowledgement of receipt from Firmdale within 24 hours and with the authority to take such action as firmdale determines in its sole discretion including acting in accordance with law enforcement recommendations or requests.

For the registration of domain names in TLD, these will be under the control of the Head of IT of Firmdale, Mr Mark R Read. Together with his deputy they will be responsible for the registration of domains strictly for the company use in its business. The Registry Service provider will provide multi-factor identification, strong passwords and other secure facilities for the process of domain registration, renewal, deletion and setting of name servers. Internal controls and adequate supervision in line with company security policy guidelines will ensure these functions are managed in a secure manner.

In summary, as a single registrant registry, Firmdale can set accurate whois records and control uses of its domain names on the Internet to prevent abuse from occurring in the first place. Secondly with a well equipped internal controls and by using experienced third party service providers (Qinetics⁄Registry ASP) for the back-end registry functions, Firmdale fully expects to prevent abuse and be well positioned to act quickly to mitigate any abuse should it occur.

2) Anti-Abuse Policy

The Applicant is a well established an award winning 5 star hotel and has no place for abusive practices in its business. Therefore its abuse policy will be strictly applied and enforced. The Anti-Abuse Policy will be incorporated into any Registry Registrar Agreement (RRA). Any failure by a registrar to comply with Firmdale’s Anti-Abuse Policy shall constitute a material breach of the RRA and shall give rights and remedies available to Firmdale under the RRA.

FIRMDALE DOMAIN NAME ANTI-ABUSE POLICY

Firmdale may in its sole discretion take such action including cancelling, suspension, locking or freezing domain names to comply with this Anti-Abuse Policy.
Domain Name abuse is strictly prohibited and includes:

Illegal or fraudulent actions or uses including;

Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of websites and Internet forums. Includes conduct such as the use of email in denial-of-service attacks; Spamming activities including the development of tools used to spam ; or any software or resources to be used for illegal activities, including viruses and hacking tools;

Wilful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent.
Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses;

Phishing: The use of fake websites that are designed to trick the unsuspecting publicinto divulging sensitive data such as usernames, passwords, or financial data;
Abuse attacks such as using domains as a destination address for mail bombs, Internet packet flooding, packet corruption, or other abusive attack. Server hacking or other perpetration of security breaches is prohibited.

Pharming: A hacker’s attack that results in the redirecting of unsuspecting users to fraudulent sites or services, typically through DNS hijacking or poisoning;

Fast flux techniques: Use of fast-flux techniques to disguise the location of websites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves for hiding phishing and malware delivery sites.
Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to distribute denial-of-service attacks (DDoS attacks);

Morally objectionable activities which include but not limited to: activities which are designed to defame, embarrass, harm, abuse, threaten, slander or harass third parties; activities which are designed to encourage unlawful behaviour by others , such as hate crimes or terrorism; activities which are tortuous , vulgar, obscene, invasive of the privacy of a third party, racially, ethnically or are otherwise objectionable; and activities designed to impersonate the identity of a third party.

Illegal child abuse content or distribution of child abuse

Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). In addition any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

Any other activity which is illegal in the jurisdictions in which Firmdale has its business: United States and United Kingdom.

Firmdale prohibits its domain names used for infringement or misappropriation of any copyright, patent, trademark, trade secret, music, image, or other proprietary or property right, false advertising, unfair competition, defamation, invasion of privacy or rights of celebrity, violation of any anti-discrimination law or regulations.

Firmdale reserves the right at its sole discretion to place upon registry lock, hold or similar status a domain name during resolution of a dispute. Abusive uses, as defined above, undertaken with respect to .firmdale domain names shall give rise to the right of Firmdale to take such actions including cancelling and suspension as it determines in its sole discretion.

Firmdale may cancel registration, renewal or transfer or suspend registrations:
a) if ordered to do so by a court of competent jurisdiction;
b) to comply with government rules or requirements, to comply with requests of law enforcement or any applicable laws;
c) to comply with any dispute resolution process;
d) if there is breach of its terms and conditions including its privacy policy;
e) if the continued use of a domain name could cause technical problems on the Internet, or the integrity or stability of the registry or Internet
f) if the website the name has been judged to infringe the trademark or other intellectual property of a third party
g) if inaccurate or false contact details are provided; or
h) if to avoid any liability, civil or criminal on the part of Firmdale, as well as its affiliates, subsidiaries and subcontractors, employees, and stockholders or each of them.

3) Proposed measures for removal of Glue Records

The Registry does not allow orphan glue records. Glue records are removed when (or required to be removed before) the delegation point NS record is removed. Other domain names that need the glue record for correct DNS operation may become unreachable or less reachable depending on their settings of DNS service.

4) Resourcing plans for the initial implementation

The IT Department of Firmdale operates 24⁄7 to support the business, provide internet access to guests, and website availability across all time zones. Being a hotel operation, it is a business that never closes. Mr Mark R Read Group IT Manager will be managing the security his staff of the following 5 persons: Deputy IT Manager, Project Manager, Senior Systems Technician, Junior Systems Technician and a Systems Trainer and Implementation Manager to deal with any complaints, intrusions or other breaches of its policies. As such Firmdale is well equipped to deal with complaints of abuse, maintain coverage and take action on matters in a timely manner.

With Firmdale’s restrictive registration policy, the whois records will be accurate and domain name misuse should never occur, unless an illegal intrusion into its networks (hacker), or some other criminal activity, in which it would be in Firmdale’s best interests to deal with quickly and efficiently. Firmdale has won numerous awards for its Operation and Employment Practices and has every intention to continue to maintain its high standards.

Firmdale, as a merchant processing credit cards, has instituted tight controls and complies with Payment Card Industry (PCI) security standards at level 4. The full details of its security are confidential as to release them would compromise security itself. For further details https:⁄⁄www.pcisecuritystandards.org⁄ ) It is in this environment that registry access for domain registration will be handled. Other measures for internal security include the following:
a. Firmdale uses firewalls (Sonicwalls) to protect its systems. Reports are reviewed daily.
b. All staff are full vetted before hiring and are bound by practices set out in the Firmdale Company Handbook
c. Firmdale maintains physical security to a high standards including: Doors to IT Rooms are on electronic locking systems, and CCTV is in place in and outside the IT rooms
d. The Hotel also has security personnel to prevent intrusions.
e. Firmdale maintains disaster recovery systems in two 2 Disaster Recovery sites.

5) Measures to promote Whois accuracy

Firmdale will operate a under a non-discriminatory registrar policy. Any ICANN accredited registrar may apply for accreditation by entering into a Registrar Accreditation Agreement with Firmdale for TLD .firmdale domains. However, there will be little if any interest by Registrars to apply for such accreditation, when the only permitted registrant will be: Firmdale Holdings Ltd. Thus in practice as a single registrant registry, Firmdale will be the only entity registering domains. Firmdale will eliminate the most of the risks associated with inaccurate whois records by prohibiting third party registrations, maintaining its whois data and Firmdale will be able to prevent rogue or fraudulent activities associated with .Firmdale domains. The Registry intends to incorporate the WHOIS Accuracy policy into the RRA where Registrars are required to regularly monitor registration data for accuracy and completeness.


In prohibiting third party registrations, Firmdale can set its brand name apart from other domains which may be more susceptible to spam and other abusive practices.

6) A description of policies and procedures –

Please see above full Firmdale Anti-Abuse policy which will apply to all names in the registry. Firmdale will lock, suspend or cancel registrations in its sole discretion.

Regular Monitoring of Registration Data for Accuracy and Completeness
The Registry will rely on the WHOIS Data Reminder Policy (WDRP) set down by ICANN for the accredited registrars to ensure the WHOIS data of all domain names are at least reviewed once a year for accuracy.

7) Adequate controls to ensure proper access to domain functions

Firstly there will be controls at the Registry level managed by Registry ASP⁄Qinetics of Malaysia. Firmdale has engaged the services of outside specialist registry service provider experienced in managing all the security and infrastructure required for maintaining a single registrant registry. The Registry will maintain strict control for proper access to domain function. Firmdale Registry will provide the strict measures to promote access control to domain functions by the registrars. The measures to be outlined in the RRA shall include:
1) requiring strong passwords from registrants to process update, transfers and deletion requests;
2) requiring the notification of multiple, unique points of contact when a domain has been updated, transferred or deleted.

Secondly as Firmdale TLD will be a single registrant TLD, Firmdale will control access to the registry in its secured IT environment as described above. Firmdale will operate to ensure accurate whois and prevent abusive registrations. Every registration, renewal notice or deletion will be reported to the Head of IT and the Deputy IT Manager on an ongoing basis, to monitor and prevent unauthorised access and unauthorised uses of .firmdale domains. There will always be two contact points for regular monitoring of registry transactions and checking completeness of entries on the whois. Any reporting of abuse, whether by law enforcement or third parties will be reported directly to Firmdale compliance officers. Firmdale has adequate resources in place with a Head of IT Dept and 5 other personnel to oversee the registrations of less than 100 domain names anticipated in the next 3-5 years.

Third Party Dispute Resolution Procedures
URS
The Registry will cooperate with ICANN for the implementation of URS, shall the policies and procedures are finalized. The involvement of the registry for the scope of URS shall include the followings:
• Upon completion of the Administrative Review, the URS Provider will immediately notify the registry (via email) (“Notice of Compliant”) after the Compliant has deemed compliant with the filing requirements. Within 24 hours of receipt of the Notice of Complaint from the URS Provider, the registry shall “lock” the domain name, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will continue to resolve. The registry will notify the URS provider immediately upon locking the domain name (“Notice of Lock”).
• If after the Examination in Default case, the Examiner rules in favor of the Registrant, the URS provider shall notify the registry. Upon receiving the official notice from the URS provider, the registry will unblock the name and return full control of the domain name registration to the Registrant.
• If the Determination is in favor of the Complainant, upon receiving the official decision from the URS provider, the registry will suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be re-directed to an informational web page provided by the USR Provider.
• The Registry will incorporate URS into the Registration policies, as a takedown measures and procedures to minimize abusive registration.

Alternative use of Rapid Takedown Dispute Resolution Policies

Firmdale reserves its rights to provide a Rapid Takedown process 48 hours of receipt of a short and simple claim of involving a well-known mark or otherwise inherently distinctive mark and a domain name where no conceivable good faith basis exists. The results may result in an immediate termination of the domain name, but will not prejudice either party’s election to pursue other dispute mechanisms.

UDRP
The Firmdale Registry will also subscribe to the Uniform Dispute Resolution Process (UDRP) UDRP as a means for dispute resolution for issues of trademark infringement

Law enforcement requests

In responding to law enforcement requests, the Registry will use the provision within the Anti-Abuse Domain Use policy to act quickly to take down sites that are harboring malware, launching phishing attacks, or otherwise being used to launch attacks across the Internet.

Conclusion

Internet users will come to recognise dot.Firmdale as an extension of the awarding winning hotel business and free from spam, worms, viruses, and other illegal activities.

Similar gTLD applications: (0)