28 Abuse Prevention and Mitigation

Prototypical answer:

Q28 – Abuse Prevention and Mitigation
Question Applicants should describe the proposed policies and procedures to minimize abusive registrations and other activities that have a negative impact on Internet users. A complete answer should include, but is not limited to:
An implementation plan to establish and publish on its website a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD through all registrars of record, including those involving a reseller;
Policies for handling complaints regarding abuse;
Proposed measures for removal of orphan glue records for names removed from the zone when provided with evidence in written form that the glue is present in connection with malicious conduct (see Specification 6); and
Resourcing plans for the initial implementation of, and ongoing maintenance for, this aspect of the criteria (number and description of personnel roles allocated to this area).

To be eligible for a score of 2, answers must include measures to promote Whois accuracy as well as measures from one other area as described below.
Measures to promote Whois accuracy (can be undertaken by the registry directly or by registrars via requirements in the Registry-Registrar Agreement (RRA)) may include, but are not limited to:

o Authentication of registrant information as complete and accurate at time of registration. Measures to accomplish this could include performing background checks, verifying all contact information of principals mentioned in registration data, reviewing proof of establishment documentation, and other means.
o Regular monitoring of registration data for accuracy and completeness, employing authentication methods, and establishing policies and procedures to address domain names with inaccurate or incomplete Whois data; and
o If relying on registrars to enforce measures, establishing policies and procedures to ensure compliance, which may include audits, financial incentives, penalties, or other means. Note that the requirements of the RAA will continue to apply to all ICANN-accredited registrars.
Description of policies and procedures that define malicious or abusive behavior, capture metrics, and establish Service Level Requirements for resolution, including service levels for responding to law enforcement requests. This may include rapid takedown or suspension systems and sharing information regarding malicious or abusive behavior with industry partners;
Adequate controls to ensure proper access to domain functions (can be undertaken by the registry directly or by registrars via requirements in the Registry-Registrar Agreement (RRA)) may include, but are not limited to:
o Requiring multi-factor authentication (i.e., strong passwords, tokens, one-time passwords) from registrants to process update, transfers, and deletion requests;
o Requiring multiple, unique points of contact to request and⁄or approve update, transfer, and deletion requests; and
o Requiring the notification of multiple, unique points of contact when a domain has been updated, transferred, or deleted.
A complete answer is expected to be no more than 20 pages.
Public Posting Yes
Notes Note that, while orphan glue often supports correct and ordinary operation of the DNS, registry operators will be required to take action to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct.
Scoring Range 0 – 2
Criteria Complete answer demonstrates:
(1) Comprehensive abuse policies, which include clear definitions of what constitutes abuse in the TLD, and procedures that will effectively minimize potential for abuse in the TLD;
(2) Plans are adequately resourced in the planned costs detailed in the financial section;
(3) Policies and procedures identify and address the abusive use of registered names at startup and on an ongoing basis; and
(4) When executed in accordance with the Registry Agreement, plans will result in compliance with contractual requirements.
Scoring 2 – exceeds requirements: Response meets all the attributes for a score of 1 and includes:
(1) Details of measures to promote Whois accuracy, using measures specified here or other measures commensurate in their effectiveness; and
(2) Measures from at least one additional area to be eligible for 2 points as described in the question.
1 - meets requirements
Response includes:
(1) An adequate description of abuse prevention and mitigation policies and procedures that substantially demonstrates the applicant’s capabilities and knowledge required to meet this element;
(2) Details of well-developed abuse policies and procedures;
(3) Plans are sufficient to result in compliance with contractual requirements;
(4) Plans are consistent with the technical, operational, and financial approach described in the application, and any commitments made to registrants; and
(5) Demonstrates an adequate level of resources that are on hand, committed, or readily available to carry out this function.

0 – fails requirements: Does not meet all the requirements to score 1.

1. Comprehensive abuse policies, which include clear definitions of what constitutes abuse in the TLD, and procedures that will effectively minimize potential for abuse in the TLD
1.1 livestrong Abuse Prevention and Mitigation Implementation Plan
.livestrong will not be open to the public for registration. All instances of this TLD will be licensed to existing partners of The Lance Armstrong Foundation. All partners are contractually bound to use any instance of the TLD within the strict requirements of each of their respective agreements.
1.2 Policies for Handling Complaints Regarding Abuse
.livestrong will not be open to the public for registration.
1.3 Proposed Measures for Removal of Orphan Glue Records
Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. The Lance Armstrong Foundation’s selected backend registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.
To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:
Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans
Details related to resourcing plans for the initial implementation and ongoing maintenance of The Lance Armstrong Foundation’s abuse plan are provided in Section 2 of this response.
1.5 Measures to Promote Whois Accuracy
〈Applicant to complete: Provide high-level overview of Sections 1.5.1 through 1.5.3. Describe audit procedures or other methods used to verify Whois accuracy. Note that evidence of measures to promote Whois accuracy is required to receive a score of 2 on this response.〉
1.5.1 Authentication of Registrant Information
.livestrong will not be open to the public for registration.
1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness
Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s Whois accuracy requirements. Verisign provides the following services to The Lance Armstrong Foundation for incorporation into its full-service registry operations.
Registrar self certification. 〈If the applicant is managing registrars directly, the applicant may need to modify this section. The following text provides a starting point for applicant provided content.〉
The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Process steps are as follows:
Verisign sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification.
When the form is submitted, Verisign sends the registrar an automated email confirming that the form was successfully submitted.
Verisign reviews the submitted form to ensure the certifications are compliant.
Verisign sends the registrar an email notification if the registrar is found to be compliant in all areas.
If a review of the response indicates that the registrar is out of compliance or if Verisign has follow-up questions, the registrar has 10 days to respond to the inquiry.
If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Verisign sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach.
If the registrar does not cure the breach, Verisign terminates the Registry-Registrar Agreement (RRA).

Whois data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.
1.5.3 Use of Registrars
.livestrong will not be open to the public for registration.
1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution
.livestrong will not be open to the public for registration.
1.7 Controls to Ensure Proper Access to Domain Functions
.livestrong will not be open to the public for registration.
1.7.1 Multi-Factor Authentication
To ensure proper access to domain functions, The Lance Armstrong Foundation incorporates Verisign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).
Registrars can use the one-time-password when communicating directly with Verisign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is enabled only for registrars that wish to take advantage of the added security provided by the service.

Figure 28-1: Verisign Registry-Registrar Two-Factor Authentication Service

1.7.2 Requiring Multiple, Unique Points of Contact
.livestrong will not be open to the public for registration.
1.7.3 Requiring the Notification of Multiple, Unique Points of Contact
.livestrong will not be open to the public for registration.
2. Technical plan that is adequately resourced in the planned costs detailed in the financial section
Resource Planning
.livestrong will not be open to the public for registration.
Resource Planning Specific to Backend Registry Activities
Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to The Lance Armstrong Foundation fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.
Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.
Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
Application Engineers: 19
Business Continuity Personnel: 3
Customer Affairs Organization: 9
Customer Support Personnel: 36
Information Security Engineers: 11
Network Administrators: 11
Network Architects: 4
Network Operations Center (NOC) Engineers: 33
Project Managers: 25
Quality Assurance Engineers: 11
Systems Architects: 9

To implement and manage the .livestrong gTLD as described in this application, Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.
When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.
3. Policies and procedures identify and address the abusive use of registered names at startup and on an ongoing basis
3.1 Start-Up Anti-Abuse Policies and Procedures

Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, provides the following domain name abuse prevention services, which The Lance Armstrong Foundation incorporates into its full-service registry operations. These services are available at the time of domain name registration.
Registry Lock. The Registry Lock Service allows registrars to offer server-level protection for their registrants’ domain names. A registry lock can be applied during the initial standup of the domain name or at any time that the registry is operational.
Specific Extensible Provisioning Protocol (EPP) status codes are set on the domain name to prevent malicious or inadvertent modifications, deletions, and transfers. Typically, these ‘server’ level status codes can only be updated by the registry. The registrar only has ‘client’ level codes and cannot alter ‘server’ level status codes. The registrant must provide a pass phrase to the registry before any updates are made to the domain name. However, with Registry Lock, provided via Verisign, The Lance Armstrong Foundation’s subcontractor, registrars can also take advantage of server status codes.
The following EPP server status codes are applicable for domain names: (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination.
The EPP also enables setting host (i.e., name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting host status codes at the registry reduces the risk of inadvertent disruption of DNS resolution for domain names.
The Registry Lock Service is used in conjunction with a registrar’s proprietary security measures to bring a greater level of security to registrants’ domain names and help mitigate potential for unintended deletions, transfers, and⁄or updates.
Two components comprise the Registry Lock Service:
The Lance Armstrong Foundation and⁄or its registrars provides Verisign, The Lance Armstrong Foundation’s selected provider of backend registry services, with a list of the domain names to be placed on the server status codes. During the term of the service agreement, the registrar can add domain names to be placed on the server status codes and⁄or remove domain names currently placed on the server status codes. Verisign then manually authenticates that the registrar submitting the list of domain names is the registrar-of-record for such domain names.
If The Lance Armstrong Foundation and⁄or its registrars requires changes (including updates, deletes, and transfers) to a domain name placed on a server status code, Verisign follows a secure, authenticated process to perform the change. This process includes a request from a The Lance Armstrong Foundation-authorized representative for Verisign to remove the specific registry status code, validation of the authorized individual by Verisign, removal of the specified server status code, registrar completion of the desired change, and a request from the The Lance Armstrong Foundation-authorized individual to reinstate the server status code on the domain name. This process is designed to complement automated transaction processing through the Shared Registration System (SRS) by using independent authentication by trusted registry experts.


The Lance Armstrong Foundation intends to charge registrars based on the market value of the Registry Lock Service. A tiered pricing model is expected, with each tier having an annual fee based on per domain name⁄host and the number of domain names and hosts to be placed on Registry Lock server status code(s).
3.2 Ongoing Anti-Abuse Policies and Procedures
3.1 Policies and Procedures That Identify Malicious or Abusive Behavior
Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, provides the following service to The Lance Armstrong Foundation for incorporation into its full-service registry operations.
Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.
3.2 Policies and Procedures That Address the Abusive Use of Registered Names
Suspension processes.
.livestrong will not be open to the public for registration.
Suspension processes conducted by backend registry services provider. In the case of domain name abuse, The Lance Armstrong Foundation will determine whether to take down the subject domain name. Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, will follow the following auditable processes to comply with the suspension request.

Verisign Suspension Notification. The Lance Armstrong Foundation submits the suspension request to Verisign for processing, documented by:
Threat domain name
Registry incident number
Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
Threat classification
Threat urgency description
Recommended timeframe for suspension⁄takedown
Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from The Lance Armstrong Foundation, it performs the following verification procedures:
Validate that all the required data appears in the notification.
Validate that the request for suspension is for a registered domain name.
Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to The Lance Armstrong Foundation with the following information:
Threat domain name
Registry incident number
Verisign case number
Error reason

Registrar Notification (Optional). Once Verisign has performed the domain name suspension, and upon The Lance Armstrong Foundation request, Verisign notifies the registrar of the suspension. Registrar notification includes the following information:
Threat domain name
Registry incident number
Verisign case number
Classification of type of domain name abuse
Evidence of abuse
Anti-abuse contact name and number
Suspension status
Date⁄time of domain name suspension

Registrant Notification (Optional). Once Verisign has performed the domain name suspension, and upon The Lance Armstrong Foundation request, Verisign notifies the registrant of the suspension. Registrant notification includes the following information:
Threat domain name
Registry incident number
Verisign case number
Classification of type of domain name abuse
Evidence of abuse
Registrar anti-abuse contact name and number

Upon The Lance Armstrong Foundation request, Verisign can provide a process for registrants to protest the suspension.
Domain Suspension. Verisign places the domain to be suspended on the following statuses:
serverUpdateProhibited
serverDeleteProhibited
serverTransferProhibited
serverHold

Suspension Acknowledgement. Verisign notifies The Lance Armstrong Foundation that the suspension has been completed. Acknowledgement of the suspension includes the following information:
Threat domain name
Registry incident number
Verisign case number
Case number
Domain name
The Lance Armstrong Foundation abuse contact name and number, or registrar abuse contact name and number
Suspension status

4. When executed in accordance with the Registry Agreement, plans will result in compliance with contractual requirements

5. Technical plan scope⁄scale that is consistent with the overall business approach and planned size of the registry
Scope⁄Scale Consistency

Scope⁄Scale Consistency Specific to Backend Registry Activities
Verisign, The Lance Armstrong Foundation’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.
Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the 〈new string〉 gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the backend registry services it provides to The Lance Armstrong Foundation fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.

Similar gTLD applications: (0)