28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.frogansOP3FTop3ft.orgView

Table of contents:

1. Application overview
2. Single point of contact
3. Anti-abuse policy
3.1. Definitions
3.2. Policies and procedures
3.3. Policies for handling complaints regarding abuse
3.4. Orphan glue records
3.5. Controls for ensuring the proper access to domain functions
4. Whois Abuse Prevention Policies
4.1. Measures for promoting Whois accuracy
4.2. Protection against unfair use of Whois service
4.2.1 Protection against Data Mining
4.2.2 Prevention of unauthorized data modification
5. Resources for policy implementation


1. Application overview

The registration policy for the .frogans gTLD registry conforms to its following characteristics:

- The OP3FT (the Applicant) will be the sole and unique holder of domain names in the .frogans gTLD registry;

- The OP3FT will not commercialize any domain names in the .frogans gTLD registry to third parties;

- The maximum number of domain names in the .frogans gTLD registry will be 1,000.

The OP3FT will use domain names in the .frogans gTLD registry for addressing the computers that are dedicated to the functioning of the Frogans layer on the Internet. Typically, the domain names in the .frogans gTLD registry will be composed of informative terms such as “service1.frogans” for example.

To the extent that the OP3FT is both the Registry Operator of the .frogans gTLD and the unique registrant of domain names in the .frogans gTLD registry, there will be neither abusive nor malicious domain name registrations in the .frogans gTLD registry, nor will there be orphaned registrations or erroneous or abusive data in the Whois.

The OP3FTʹs objective in answering question 28 is to provide a thorough explanation of its policies and procedures to minimize abusive registrations and other activities that have a negative impact on Internet users.


2. Single point of contact

For that which concerns an implementation plan to establish and publish on its Web site a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD through all registrars of record, including those involving a reseller, the OP3FT will publish on its Web site (www.op3ft.org) the contact information of the person in charge of receiving all questions and requests concerning domain name registrations in the .frogans gTLD registry.

This single point of contact will comprise a Web interface offering the possibility for Internet users to report any abuse (phishing, spamming, trademark abuse etc.) concerning a name registered in the gTLD .frogans registry. This contact Web interface will be available on the OP3FT’s Web site.

This single point of contact will enable a quicker and better management of complaints. Complaints will be addressed by filling out a form through online services on the OP3FTʹs Web site.

A dedicated team will be in charge of handling these complaints in a due time. All requests should be acknowledged and processed within 24 hours. According to the nature of the reported abuse (phishing, spamming, trademark abuse, etc), an appropriate action will be taken by the OP3FT.

Internet users will be given access to all necessary information regarding remedies to abusive registrations on the OP3FTʹs single point of contact Web page. This Web page will also contain links to all relevant organizations addressing these issues.


3. Anti-abuse policy

By implementing the anti-abuse policy described below, the OP3FT will also contribute to and protect the integrity, security and stability of the DNS.


3.1. Definitions

The OP3FT will use the following definitions of what constitutes abuse in the .frogans gTLD registry.

From ICANN (online presentation of Registration Abuse Policy, available at http:⁄⁄www.icann.org⁄en⁄resources⁄policy⁄background⁄rap):

- registration abuse: “In general, the term covers a broad variety of illegal or illegitimate behaviors considered contrary to the intent and design of normal domain registration processes. Registration abuse often involves malicious actors trying to register in ways that avoid lawful authorities or conceal a registrantʹs identity. Registration abuse can also enable other kinds of abuses, such as phishing and spam.”

From the Public Interest Registry (Domain Name Anti-Abuse Policy, available at http:⁄⁄www.pir.org⁄why⁄anti_abuse_policy):

- Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.

- Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data.

- Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning.

- Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses.

- Fast flux hosting: Use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of PIR.

- Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks).

- Distribution of child pornography.

- Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

- Unlawful content or any content that contravene public order according to French law and in particular to Law on the Freedom of the Press of 29 July 1881 (crimes against humanity apology⁄promotion or contestation, incitement to discrimination, hatred or violence).

The OP3FT is committed to creating and implementing policies and procedures that prevent abusive registrations and other activities that have a negative impact on Internet users.

Conforming to the industry best practices presented in the Registration Abuse Policies Issues Report (ICANN 2008), the OP3FT will offer a wide range of effective safeguards to prevent abusive uses of registry and domain names, keeping in mind that the anti-abuse policy will be an internal procedure that the OP3FT pledges to follow as being the sole and unique registrant of all domain names in the .frogans gTLD registry.


3.2. Policies and procedures

This section provides a description of policies and procedures that define malicious or abusive behavior, capture metrics, and establish Service Level Requirements for resolution, including service levels for responding to law enforcement requests.

Although, there will be no possibility for the abusive or malicious registration of domain names in the .frogans gTLD registry, the OP3FT will take internal measures to ensure that registrations in the .frogans gTLD registry will be carried out by authorized and qualified personnel who will respect a procedure for preventing any abusive registration, as defined in section 3.1 above.

The OP3FT will develop strict internal rules for allowing only the registration of domain names in the .frogans gTLD registry that respect third party rights and the criteria set by ICANN, notably those in Module 3 of the Application Guidebook (AGB) and in the Registration Abuse Policies Issues Report (available at http:⁄⁄www.icann.org⁄en⁄resources⁄policy⁄background⁄rap) and according to the Domain Name Anti-Abuse Policy of the Public Interest Registry (PIR).

The OP3FT will carefully implement internal rules preventing various misconducts and abusive registration behaviors such as but not limited to using a name that:

- Appears on ICANNʹs list of reserved names;

- Corresponds to a protected geographic name;

- Corresponds to a trademark or other intellectual property for which the OP3FT has neither rights nor legitimate interests;

- Corresponds to an existing TLD;

- Corresponds to a Non-Governmental Organization (OGN);

- Is contrary to general principles of international law for morality and public order as defined in article 3.5.3 of the AGB;

- Is contrary to the criteria developed in the Uniform Domain-Name Dispute-Resolution Policy (UDRP) (each registration will be notably subject to a study for conformity regarding the criteria detailed in paragraphs 4(a), 4(b) and 4(c) of the UDRP so as to determine if there will be a risk of abuse);

- Is contrary to the criteria developed in the Registration Abuse Policies Issues Report; each registration will be subject to a study for conformity with this report and to the findings of ICANN working groups (GNSO) on this subject; each registration will be subject to the RAP (Registration Abuse Policy) upon that policyʹs finalization.

With respect to the last rule in the above list, the OP3FT will not:

- Use the .frogans gTLD, its registry or any related tool to violate laws or regulation, register deceptive and⁄or offensive domain names,

- Use the .frogans gTLD, its registry or any related tool to trick people into believing they are connected to a legitimate Web site (i.e. phishing),

- Edit, host or harbor pure gripe sites,

- Use the .frogans gTLD, its registry or any related tool to register domain names for which the OP3FT has neither rights nor legitimate interests, reproducing trademarks and brands or any other illicit behavior in regard of third parties rights, including intellectual property rights,

- Use computers or any other automated means to generate continuous or repeated requests to register domain names or use a Whois service,

- Use computers or any other automated means to slow down or alter online services, including DNS lookups.

Being both the registry operator and the sole and unique registrant of domain names in the .frogans gTLD registry, the OP3FT will have full hand on registrar activities and will formally prevent bad practices, such as name spinning, domain tasting, front running and other scams.

As such, OP3FT is dedicated to enforcing the respect of third parties rights, network and Internet tool integrity and is committed to make use of the .frogans gTLD in compliance with ICANN policies.

Concerning the particular abuses below:

- Cache poisoning:

One of the main authentication issue encountered on the DNS is the cache poisoning issue. This directly affect data flow at the DNS service level without having to corrupt or modify data in the registry database.

The answer to this issue is the implementation and deployment of DNSSEC. The registry back-end service provider of the OP3FT, AFNIC (Association Française pour le Nommage Internet en Coopération), already manages DNSSEC-enabled zones successfully: on September 29, 2010, AFNIC, finished adding its 6 ccTLDs key materials (DS records) into the IANA root zone, ending with .FR after extensive tests with its other TLDs. Since then, related DNSSEC operations and monitoring are spread inside the organization, alongside all other standard day to day operations, so that DNSSEC is a core service enabled by default.

- Domain name Sniping (grabbing):

Domain name sniping refers to the practice of trying to re-register potentially interesting domain names immediately after they are deleted.

The OP3FT being the sole and unique registrant of domain names in the .frogans gTLD registry, this type of abuse will not occur.

- Domain name tasting:

Domain name tasting is a practice used by registrants to check if a domain name is of interest or not, exploiting the 5-days Add Grace Period (AGP) during which a newly created domain name may be deleted with a refund of the domain fee. Domain name tasting is dealt with through the implementation of AGP.

However, as the OP3FT is the sole and unique registrant of domain names in the .frogans gTLD registry, this type of abuse will not occur.


3.3. Policies for handling complaints regarding abuse

The OP3FT will process any complaint with the greatest care and according to the ICANNʹs criteria, notably to delete any domain name registration which has been shown to represent an abusive registration, for example, through the reception of a detailed notice showing evidence of an infringement of rights through the registration of a domain name in the .frogans gTLD registry.

The OP3FT will implement this policy despite its conviction that such abuses will not occur in the .frogans gTLD registry given that:

- The OP3FT will be the sole and unique holder of domain names in the .frogans gTLD registry;

- The OP3FT will not commercialize any domain names in the .frogans gTLD registry to third parties.

In the execution of this policy, the OP3FT will process each complaint within 24 hours and will take all the necessary steps to offer a satisfactory response to the complainants.

Should immediate action be taken by competent authorities, the OP3FT is committed to comply with their demands without delay. The OP3FT will work closely with these authorities. This may concern the following cases (but not limited to):

- Court orders;

- Inquiries from law enforcement bodies (e.g, OCLCTIC - The Office central de lutte contre la criminalité liée aux technologies de lʹinformation et de la communication, which is the French Police unit specialized in cybercrime);

- Anti-phishing groups (e.g, CERTs).


3.4. Orphan glue records

According to the definition found in the ʺSSAC Comment on the Orphan Glue Records in the Draft Applicant Guidebook”, a glue record becomes an ʺorphanʺ when the delegation point NS record (the ʺparent NS recordʺ) that it references is removed while retaining the glue record itself in the zone. Consequently, the glue record becomes ʺorphanedʺ since it no longer has a parent NS record. In such a situation, registrars and registrants usually lose administrative control over the record, and the recordʹs attribution to a certain registrar may become unclear, which makes it a potential vector for abuse.

Concerning the question of proposed measures for removal of orphan glue records for names removed from the zone, when provided with evidence in written form that the glue is present in connection with malicious conduct, such a situation shall not occur for domain names in the .frogans gTLD registry given that:

- The OP3FT is both the registry operator and the sole and unique registrant of domain names in the .frogans gTLD registry; and

- The OP3FT will have full hand on registrar activities.

In any event, the glue record policy in effect for the .frogans TLD record avoids this situation entirely by disallowing orphan glue records altogether. This corresponds to policy #3 mentioned in section 4.3 (page 6) of the SSAC document mentioned above. The technical implementation within the Registry and its associated zone generation process ensures this by the following measures:

- Any host object which is a glue record can be created only if the domain name exist and is sponsored by the registrar creating the host.

- Any deletion of a domain name which have subordinate hosts can be done only when these hosts are deleted. If these hosts are used in delegations for other domain names in the .frogans gTLD registry, these delegations have to be removed to delete the host objects and then the domain name.

- If the sponsored registrar of the domain name cannot remove these delegations (e.g. explicit refusal or inactivity from subordinate hosts registrars), the sponsored registrar may use a specific procedure provided by the Registry Operator (OP3FT) in which the Registry Operator (OP3FT) will contact the registrar(s) used in delegating the host object(s) and will ask them to remove the delegation(s). The registrar(s) will then have 10 days to remove the delegation(s), after which time, if there is no removal of the delegation(s), the Registry Operator (OP3FT) will deactivate directly the DNS configuration of the domain name(s) concerned. At the end of the procedure, the Registry Operator (OP3FT) will contact the sponsored registrar to inform him that he can delete the host object(s) and the domain name.


3.5. Controls for ensuring the proper access to domain functions

The OP3FT will use the .frogans gTLD with the aim of ensuring the security, stability and reliability of the Frogans layer for the benefit of all Internet users.

Even though the OP3FT will be both the registry operator and the sole and unique registrant, it will implement very strict controls to ensure proper access to domain functions for the .frogans gTLD given that, according to ICANN requirements, any ICANN-accredited registrar may gain access to these domain functions. Controlling this access thus represents a critical issue for achieving the goal of the .frogans gTLD.

These controls will include multi-factor authentication at the registrar and registry operator levels (such as strong passwords, tokens or one-time passwords) from the registrant (the OP3FT) to process registration, update, transfer, and deletion requests.


4. Whois Abuse Prevention Policies


4.1. Measures for promoting Whois accuracy

RFC3912 specifies the Whois protocol and explains it as follows: ʺWhois is a TCP-based transaction-oriented query⁄response protocol that is widely used to provide information services to Internet users. While originally used to provide ʹwhite pagesʹ services and information about registered domain names, current deployments cover a much broader range of information services. The protocol delivers its content in a human-readable format.ʺ

The OP3FT understands that the availability of accurate information about registered domain names is a sensitive subject. This information shall contain registrant contact information, including administrative, technical and billing contact details.

In case of malicious or abusive activity, the Whois contact is usually the first and most important source of information. Whois accuracy is therefore a major step to counter malicious conduct. This information may be required by law-enforcement authorities to identify individuals and organizations responsible for domain names.

As being both the registry operator and the sole and unique registrant of domain names in the .frogans gTLD registry, the OP3FT pledges to keep the Whois for the .frogans gTLD registry correct, precise and complete. Moreover, a verification and updating process will be undertaken every year for ensuring the pertinence of the information posted in the Whois.


4.2. Protection against unfair use of Whois service

Whois Service gives access to sensitive data, including contact details of registrants. The OP3FT, as the .frogans gTLD registry operator, is committed to insure the protection of these data against abusive behaviors. Firstly, the OP3FT will implement technical measures to prevent data mining on the Whois, such as automated collection of registrants’ email addresses, that may result in spamming. Secondly, the OP3FT and its registry back-end service provider, AFNIC, will deploy all necessary means to secure access to its database, specifically by implementing procedures in order to prevent Unauthorized Data Modifications. These procedures will reinforce the security of both EPP and Web-based access to Whois data.


4.2.1 Protection against Data Mining

Users of the .frogans gTLD Whois database will commit to using the published data according to the laws and regulations in effect. Moreover, users shall respect the provisions of the French Data Protection Act. Violation of this act carries criminal penalties.

As users will access personal data, they must refrain from any collection, misuse or any act that could lead to the invasion of privacy or damaging the reputation of individuals.

The OP3FT can at any time filter the access to its Whois database services in case of suspicion of malevolent use.

Additionally, the OP3FT will implement the following methods:

- Captcha: users shall pass a Captcha before access is granted to the Web-based Registration Data Directory Services (RDDS).

- Rate-limiting: The registry has chosen limitation measures for the number of requests in order to prevent abuse in the use of personal data and to guarantee the quality of the service. By a transparent parameter adjustment policy, the registry guarantees quality of service to the punctual users and professionals. The rates and thresholds of this system are described in the registry use case of question 26.

- White list: The white list mechanism offers specific access for registrars to the port 43 whois considering that the incoming traffic must come from two pre-defined IP address. This white list access offers higher thresholds of rate limiting for the users.


4.2.2 Prevention of unauthorized data modification

Data modification is managed through strict authentication and access policies.

- SSL⁄TLS protocol is used on all interfaces with clients (both EPP and Web-based SRS).

- a password policy is applied both on the password itself (minimum length, mandatory digits and non-alphanumerical characters), and on the live length of the password;

- use of an SSL client certificate pre-installed by the registry for EPP access;

- IP authentication limited to two addresses.

The OP3FTʹs registry back-end service provider, AFNIC, will share its experience in the .fr ccTLD with the aim of ensuring effective, timely and sufficient Domain Data Access Control.

Further details on this subject can be found in the response to question 26.


5. Resources for policy implementation

For that which concerns the resources committed to the deployment and application of these policies, the OP3FT commits to assign, on a part-time basis, a specifically trained engineer who will be responsible for the registration of domain names in the .frogans gTLD registry. This engineer will be assisted by the OP3FTʹs legal team for ensuring that domain name registrations will be carried out in compliance with the applicable OP3FT policies, which themselves will remain compliant with ICANNʹs gTLD policies, and in order to process any complaints.

As to the technical processing system and policy implementation, these are provided by AFNIC in its capacity as technical registry back-end service provider for the .frogans gTLD registry. Their costs are included in the fixed fee agreed upon in the technical registry back-end service provider agreement between the OP3FT and AFNIC, signed on April 3, 2012, further detailed in the answer to question 47(a).

These technical functions for the protection of third-party rights and for the regulatory conformity of the .frogans gTLD are thus ensured without interruption and without discrimination.

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail