Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.SCASVENSKA CELLULOSA AKTIEBOLAGET SCA (publ)valideus.comView
1 COMPREHENSIVE ABUSE POLICIES, WHICH INCLUDE CLEAR DEFINITIONS OF WHAT CONSTITUTES ABUSE IN THE TLD, AND PROCEDURES THAT WILL EFFECTIVELY MINIMIZE POTENTIAL FOR ABUSE IN THE TLD

Svenska Cellulosa Aktiebolaget SCA (“SCA”) is fully aware that a solid abuse prevention and mitigation plan of a new gTLD is essential to guarantee the stability and security of the Internet space. SCA and its registry services provider believe that a registry must achieve all the technical standards established by ICANN which will ultimately benefit the entire Internet community. Verisign, SCA’s registry services provider, brings extensive experience on minimizing malicious and abusive behaviors within the domain name space. For this reason, .SCA will be fully prepared and supported by Verisign to combat any kind of threat or malicious activity in its new gTLD.

Abusive or malicious activities cover a wide range of threats, including but not limited to:
• Illegal or fraudulent actions
• Spam
• Phishing
• Pharming
• Distribution of malware
• Botnets command and control
• Misuse of trademarks and other IPR
• Unauthorized distribution of copyright material
• Distribution of child pornography

SCA will undertake the required measures to eliminate or minimise domain name abuse, including the implementation of an Anti-Abuse policy, providing Whois accuracy services and other monitoring activities to maintain the security of .SCA registry.

SCA assures that the abuse prevention strategy will be implemented according to ICANN’s requirements for the benefit of the entire Internet community. The following paragraphs intend to explain the Anti-Abuse policies and procedures that SCA will implement with the support and expertise of Verisign.

1.1 .SCA Abuse Prevention and Mitigation Implementation Plan
SCA designed its Anti-Abuse Policy, which will apply to all of its new gTLDs, to combat malicious or abusive use activities that could harm not only SCA, but also Internet users. Because SCA intends to run a private brand TLD registry, abusive or malicious behavior will be far less likely to occur. Requests for domains will be made by members of SCA to the SCA Domain Name Management Team and will only be processed if the proposed use of the domain is acceptable.

No names will be registered that will be harmful to the reputation of .SCA or the wider Internet: there will be no cybersquatting, typosquatting, phishing or misuse of trademarks and other IPR.

Furthermore the content associated with registrations in .SCA registry will not be involved in the distribution of illegal and⁄or offensive material, spam, malware, or other harmful behavior such as botnets and harassment. There will be no unauthorized distribution of copyright material. Name servers and other systems for the delegated names will be configured and operated in line with best practices and corporate IT policies featuring documented change management procedures, controls to restrict access to authorized personnel (using two-factor authentication), monitoring and security audits. Careful oversight by experts will ensure that there will be no operational problems to the DNS such as fax flux, orphaned glue and lame delegations.

.SCA will operate with a single “gateway” registrar. In addition to the provisions of the standard Registry-Registrar Agreement (RRA), the registrar will have a contract with SCA, which defines mutual roles and responsibilities. This contract will define how the registrar carries out its duties: preventing unauthorized access and⁄or updates, change control and audit procedures, a documented registration procedure which requires the registrar to act only on the instructions of authorized personnel when registering, updating or removing domain names

As this is a single entity registry, all Whois data will be accurate and up to date, reflecting the ownership of .SCA.

Although the above measures should be sufficient to prevent abuse in .SCA, further steps will be taken. The applicant and its registry partner have developed an Anti-Abuse Policy for .SCA as described in Section 1.2. This will of course be subject to regular review and updated to take account of new threats or abusive conduct and revised examples of best practice like those published at http:⁄⁄stopbadware.org.

1.2 Policies for Handling Complaints Regarding Abuse
SCA will establish and publish a unique abuse point of contact, which will include a role e-mail address (e.g. contact@abuseprevention.sca). This role address will allow the designated staff to receive and promptly respond to reports of or complaints about abuse and⁄or malicious activity under .SCA.

The .SCA Abuse Point of Contact will evaluate complaints and reports and produce abuse reports when necessary. All reports and complaints will be analyzed by abuse prevention staff and experts to assess the threat posed by the reported abusive or malicious behavior. Action in response to reported and confirmed abusive or malicious behavior will be commensurate with the assessed threat level. Such action may include rapid takedown, suspension, or cancellation and sharing of information regarding abusive or malicious behavior with other organizations and entities with which SCA cooperates in combating abusive and malicious behavior.

SCA intends to cooperate with appropriate law enforcement entities and investigations in connection with and in furtherance of abuse prevention in .SCA.

1.3 Proposed Measures for Removal of Orphan Glue Records
Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. SCA’s selected backend registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.
To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:
Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans
Details related to resourcing plans for the initial implementation and ongoing maintenance of SCA’s abuse plan are provided in Section 2 of this response.
1.5 Measures to Promote Whois Accuracy
The registry operator manages a safe, solid and searchable Whois accurate service, and will offer this exact service for the .SCA registry.

Whois service for .SCA will operate as follows: all basic contact details for each domain name will be kept in a unique internal system by the registry, which facilitates access to the domain information. In addition, SCA will perform internal monitoring checks and procedures which will only allow accurate Whois information and remove outdated data .

1.5.1 Authentication of Registrant Information
All registrant information will be authenticated as complete and accurate at the time of registration through verification of all contact information mentioned in registration data. As all domains will be registered to SCA, 100% accuracy is expected. In addition, the .SCA registry will regularly monitor registration data for accuracy and completeness, employ authentication methods, and establish policies and procedures to address domain names with inaccurate or incomplete Whois data
1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness

Verisign, SCA’s selected backend registry services provider, has implemented specific policies and procedures to require registrars to comply with ICANN’s Whois requirements. SCA will regularly remind its registrar of its obligation to comply with ICANN’s Whois Data Reminder Policy, which includes accuracy in dealing with the Whois information provided, to evaluate claims of fraudulent Whois data and to cancel domain name registrations with outdated Whois details.

1.5.3 Use of Registrars
As stated previously in other answers, only SCA and its Affiliates will be permitted to register and use dot .SCA domain names. Accordingly, the duties of the SCA registrar will be very limited and closely defined. However, as part of the RRA (Registry Registrar Agreement), SCA will require the SCA registrar to take all steps necessary to ensure Whois data is complete and accurate and to implement the .SCA registration policies.

1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution
SCA defines malicious or abusive behavior as including, without limitation, the following:

• Illegal or fraudulent actions;
• Spam:
• Phishing:
• Pharming:
• Willful distribution of malware:
• Botnet command and control:
• Misuse of trademarks and other IPR:
• Unauthorized distribution of copyright material:
• Distribution of child pornography;

1.7 Controls to Ensure Proper Access to Domain Functions

SCA takes very seriously a registry operator’s responsibility of ensuring a secure and stable access to domain functions. SCA believes that its decision to restrict registration and use of .SCA domains to itself and its Affiliates will decrease the likelihood of abusive or malicious domain activity in .SCA. However, SCA’s registry services provider will employ a multi-factor authentication process (as be explained below) to minimize potential threats to .SCA, the registry services provider and Internet users.

1.7.1 Multi-Factor Authentication
To ensure proper access to domain functions, SCA incorporates Verisign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).
Registrars can use the one-time-password when communicating directly with Verisign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is enabled only for registrars that wish to take advantage of the added security provided by the service.

2. TECHNICAL PLAN THAT IS ADEQUATELY RESOURCED IN THE PLANNED COSTS DETAILED IN THE FINANCIAL SECTION
Resource Planning

SCA dedicates significant financial and personnel resources to combating malicious and abusive behavior in the DNS. SCA will extend these resources to encompass the designation and maintenance of the unique abuse point of contact, regular monitoring of potential abusive and malicious activities with support from dedicated technical staff, analysis of reported abuse and malicious activity, and action to address such reported activity.

The designated abuse prevention staff will be subject to regular evaluations, receive adequate training and work under expert supervision. The abuse prevention resources will comprise both internal staff and external abuse prevention experts who would give extra advice and support when necessary.
SCA’s registrar will also assist in abuse prevention. Information and best practice will be shared to ensure that opportunities for malicious and abusive behavior are minimized.
Resource Planning Specific to Backend Registry Activities
Verisign, SCA’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance.
Verisign’s pricing for the backend registry services it provides to SCA fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.
Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.
Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
Application Engineers: 19
Business Continuity Personnel: 3
Customer Affairs Organization: 9
Customer Support Personnel: 36
Information Security Engineers: 11
Network Administrators: 11
Network Architects: 4
Network Operations Center (NOC) Engineers: 33
Project Managers: 25
Quality Assurance Engineers: 11
Systems Architects: 9

To implement and manage the .SCA gTLD as described in this application, Verisign, SCA ’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.
When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.
3. POLICIES AND PROCEDURES IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES AT STARTUP AND ON AN ONGOING BASIS
3.1 Start-Up Anti-Abuse Policies and Procedures
Verisign, SCA’s selected backend registry services provider, provides the following domain name abuse prevention services, which SCA is planning to incorporate into its full-service registry operations. These services are available at the time of domain name registration.
Registry Lock. The Registry Lock Service allows registrars to offer server-level protection for their registrants’ domain names. A registry lock can be applied during the initial standup of the domain name or at any time that the registry is operational.
Specific Extensible Provisioning Protocol (EPP) status codes are set on the domain name to prevent malicious or inadvertent modifications, deletions, and transfers. Typically, these ‘server’ level status codes can only be updated by the registry. The registrar only has ‘client’ level codes and cannot alter ‘server’ level status codes. The registrant must provide a pass phrase to the registry before any updates are made to the domain name. However, with Registry Lock, provided via Verisign, SCA’s subcontractor, registrars can also take advantage of server status codes.
The following EPP server status codes are applicable for domain names: (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination.
The EPP also enables setting host (i.e., name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting host status codes at the registry reduces the risk of inadvertent disruption of DNS resolution for domain names.
The Registry Lock Service is used in conjunction with a registrar’s proprietary security measures to bring a greater level of security to registrants’ domain names and help mitigate potential for unintended deletions, transfers, and⁄or updates.
Two components comprise the Registry Lock Service:
SCA and⁄or its registrars provides Verisign, SCA’s selected provider of backend registry services, with a list of the domain names to be placed on the server status codes. During the term of the service agreement, the registrar can add domain names to be placed on the server status codes and⁄or remove domain names currently placed on the server status codes. Verisign then manually authenticates that the registrar submitting the list of domain names is the registrar-of-record for such domain names.
If SCA and⁄or its registrars require changes (including updates, deletes, and transfers) to a domain name placed on a server status code, Verisign follows a secure, authenticated process to perform the change. This process includes a request from a SCA authorized representative for Verisign to remove the specific registry status code, validation of the authorized individual by Verisign, removal of the specified server status code, registrar completion of the desired change, and a request from the SCA authorized individual to reinstate the server status code on the domain name. This process is designed to complement automated transaction processing through the Shared Registration System (SRS) by using independent authentication by trusted registry experts.
3.2 Ongoing Anti-Abuse Policies and Procedures
3.1 Policies and Procedures That Identify Malicious or Abusive Behavior
Verisign,SCA’s selected backend registry services provider, provides the following service to SCA for incorporation into its full-service registry operations.
Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.
3.2 Policies and Procedures That Address the Abusive Use of Registered Names
Suspension processes based on Court Orders or investigations. Because domain names can be used to engage in malicious and abusive activity on the Internet, including malware, pharming, and phishing, the most efficient measure to combat such activity may, under certain circumstances, be to deactivate the domain. SCA will implement a rapid takedown process based on, for example, court orders, appropriate and documented requests from law enforcement, and the results of its own internal threat analyses and assessment. The fact that the .SCA registry will be a single entity registry hopefully minimizes the chance of this ever happening.
Suspension processes conducted by backend registry services provider. In the unlikely case of domain name abuse in what is a private dot brand registry, SCA will determine whether to take down the subject domain name. Verisign, SCA’s selected backend registry services provider, will then adopt the following auditable processes to comply with the suspension request – though it should be emphasized that as a single entity registry, the likelihood of this is viewed by SCA as very remote.
Verisign Suspension Notification. SCA submits the suspension request to Verisign for processing, documented by:
Threat domain name
Registry incident number
Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
Threat classification
Threat urgency description
Recommended timeframe for suspension⁄takedown
Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from SCA, it performs the following verification procedures:
Validate that all the required data appears in the notification.
Validate that the request for suspension is for a registered domain name.
Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to SCA with the following information:
Threat domain name
Registry incident number
Verisign case number
Error reason

Upon SCA’s request, Verisign can provide a process for registrants to protest the suspension.
Domain Suspension. Verisign places the domain to be suspended on the following statuses:
serverUpdateProhibited
serverDeleteProhibited
serverTransferProhibited
serverHold

Suspension Acknowledgement. Verisign notifies SCA that the suspension has been completed. Acknowledgement of the suspension includes the following information:
Threat domain name
Registry incident number
Verisign case number
Case number
Domain name
SCA abuse contact name and number, or registrar abuse contact name and number
Suspension status

4. WHEN EXECUTED IN ACCORDANCE WITH THE REGISTRY AGREEMENT, PLANS WILL RESULT IN COMPLIANCE WITH CONTRACTUAL REQUIREMENTS
SCA is confident that its very considerable expertise in combating malicious and abusive activity on the Internet, its extensive and detailed attention to the potential issue of abuse, and the experience and advice of its chosen backend registry provider, Verisign, will enable SCA to comply with all its contractual requirements in the Registry Agreement.

5. TECHNICAL PLAN SCOPE⁄SCALE THAT IS CONSISTENT WITH THE OVERALL BUSINESS APPROACH AND PLANNED SIZE OF THE REGISTRY
SCA intends to register no more than a maximum of 1000 SCA domains for its own use across three years of operation. SCA is confident that the plans and processes outlined in this answer are, in fact, consistent with a registry of much greater size. .SCA will have its Abuse Point of Contact, its expert in-house IT staff and the support of its registrar. These resources should be sufficient for a private brand registry where third parties are not eligible to register.

Scope⁄Scale Consistency Specific to Backend Registry Activities
Verisign, SCA’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.
Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .SCA gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the backend registry services it provides to SCA fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.


gTLDFull Legal NameE-mail suffixDetail
.WINDOWSMicrosoft Corporationmicrosoft.comView

1. COMPREHENSIVE ABUSE POLICIES, WHICH INCLUDE CLEAR DEFINITIONS OF WHAT CONSTITUTES ABUSE IN THE TLD, AND PROCEDURES THAT WILL EFFECTIVELY MINIMIZE POTENTIAL FOR ABUSE IN THE TLD
Microsoft is fully aware that a robust abuse prevention and mitigation plan is essential for a new gTLD to guarantee the stability and security of the Internet space. Microsoft and its registry services provider believe that a registry must achieve all the technical standards established by ICANN, which will ultimately benefit the entire Internet community.

Microsoft has systems and experts in place to combat malicious behaviors targeted at Microsoft and indeed at internet users: it is Microsoft’s policy to be pro-active in tackling malicious behaviors to prevent its millions of customers around the world from having their systems and data compromised. For example, see http:⁄⁄www.microsoft.com⁄presspass⁄press⁄2009⁄feb09⁄02-12confickerpr.mspx which describes how Microsoft’s Trustworthy Computing Group helped unify broad efforts being employed across the security industry and within academia, to implement a community-based defense to disrupt the spread of Conficker. Co-operating with security researchers, ICANN and operators within the Domain Name System, Microsoft coordinated a response designed to disable domains targeted by Conficker. Microsoft also announced a $250,000 reward for information leading to the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet.

In addition, Verisign, Microsoft’s registry services provider, also brings extensive experience on minimizing malicious and abusive behaviors within the domain name space. Microsoft will be fully prepared and supported by Verisign to combat any kind of threat or malicious activity in its new gTLD.

Abusive or malicious activities cover a wide range of threats, including but not limited to:
• Illegal or fraudulent actions
• Spam
• Phishing
• Pharming
• Distribution of malware
• Botnets command and control
• Misuse of trademarks and other IPR
• Unauthorized distribution of copyright material
• Distribution of child pornography

In addition to the measures required by ICANN to eliminate and minimize domain name abuse, Microsoft will implement an Anti-Abuse policy, provide Whois accuracy services, and conduct monitoring activities to maintain the security of its registry.

Microsoft will implement its abuse prevention strategy in accordance with ICANN requirements for the benefit of the entire Internet community. The following paragraphs explain the Anti-Abuse policies and procedures that Microsoft will implement with the support and expertise of Verisign.
1.1 .WINDOWS Abuse Prevention and Mitigation Implementation Plan

Microsoft designed its Anti-Abuse Policy, which will apply to all of its new gTLDs, to combat malicious or abusive use activities that could harm not only Microsoft, but also Internet users. Because Microsoft intends to run a closed brand TLD registry, abusive or malicious behavior will be less likely to occur.

1.2 Policies for Handling Complaints Regarding Abuse

Microsoft will establish and publish a unique Abuse Point of Contact, which will include a role e-mail address and a telephone number and mailing address. This role e-mail address will allow the designated staff to receive and promptly respond to reports of or complaints about abuse and⁄or malicious activity in the new gTLD.

Microsoft’s Abuse Point of Contact will evaluate complaints and reports and produce abuse reports when necessary. All reports and complaints will be analyzed by abuse prevention staff and experts to assess the threat posed by the reported abusive or malicious behavior. Action in response to reported and confirmed abusive or malicious behavior will be commensurate with the assessed threat level. Such action may include rapid takedown, suspension, or cancellation, and sharing of information regarding abusive or malicious behavior with other organizations and entities with which Microsoft cooperates in combating abusive and malicious behavior.

The Abuse Point of Contact email and telephone number will be monitored 24⁄7. A response will be supplied to 99.9% of on-line reports of malicious or abusive behavior within one minute of reporting with the subsequent investigations starting the next working day when verification of malicious activity and the process to remove infections will be commenced. The aim will be to conclude a response within 24 hours if this is technically possible.

Microsoft intends to cooperate with appropriate law enforcement entities and investigations in connection with and in furtherance of abuse prevention in .WINDOWS.

1.3 Proposed Measures for Removal of Orphan Glue Records
Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf ) when provided with evidence in written form that such records are present in connection with malicious conduct. Microsoft’s selected backend registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.

To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:

• Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
• If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:

• Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:

• If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
• If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans
Details related to resourcing plans for the initial implementation and ongoing maintenance of Microsoft’s abuse plan are provided in Section 2 of this response.

1.5 Measures to Promote Whois Accuracy
The .WINDOWS registry will implement several measures to promote Whois accuracy.

Whois service for .WINDOWS will operate as follows: all basic contact details for each domain name is kept in a unique internal system by the registry, which facilitates the access to the domain information. In addition, Microsoft will perform internal monitoring checks and procedures which will only allow accurate Whois information and remove outdated data.

1.5.1 Authentication of Registrant Information
All registrant information will be authenticated as complete and accurate at the time of registration through verification of all contact information mentioned in registration data. In addition, the .WINDOWS registry will regularly monitor registration data for accuracy and completeness, employ authentication methods, and establish policies and procedures to address domain names with inaccurate or incomplete Whois data.

1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness
Verisign, Microsoft’s selected backend registry services provider, has implemented specific policies and procedures to require registrars to comply with ICANN’s Whois requirements. Microsoft will regularly remind its registrar of its obligation to comply with ICANN’s Whois Data Reminder Policy, which includes accuracy in dealing with the Whois information provided, to evaluate claims of fraudulent Whois data and to cancel domain name registrations with outdated Whois details.

1.5.3 Use of Registrars
As stated previously in other answers, only Microsoft Corporation and its Affiliates will be permitted to register and use .WINDOWS domain names. Accordingly, the duties of the .WINDOWS registrar will be very limited and closely defined. However, as part of the RRA (Registry Registrar Agreement), Microsoft will require the .WINDOWS registrar to take steps necessary to ensure Whois data is complete and accurate and to implement the .WINDOWS registration policies.

1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution

Microsoft defines malicious or abusive behavior as including, without limitation, the following:

• Illegal or fraudulent actions
• Spam
• Phishing
• Pharming
• Willful distribution of malware
• Botnet command and control
• Misuse of trademarks and other IPR
• Unauthorized distribution of copyright material
• Distribution of child pornography

The Registry Abuse team will respond to reports alleging malicious or abusive behaviors in conformance with strict SLAs that will be set to reflect industry Best Practice. Currently it is anticipated that a response will be supplied to 99.9% of on-line reports of malicious or abusive behavior within one minute of reporting with the subsequent investigations starting the next working day when verification of malicious activity and the process to remove infections will be commenced. The aim will be to conclude a response within 24 hours if this is technically possible. As suspending or cancelling a compromised domain can be undertaken very quickly, we are confident abusive behaviors will be minimized. A valid email address will be maintained to assist with reporting.

1.7 Controls to Ensure Proper Access to Domain Functions
Microsoft takes very seriously a registry operator’s responsibility of ensuring secure and stable access to domain functions. Microsoft believes that its decision to restrict registration and use of .WINDOWS domains to itself and its Affiliates will decrease the likelihood of abusive or malicious domain activity in .WINDOWS. However, Microsoft’s registry services provider will employ a multi-factor authentication process (to be explained below) to minimize potential threats to Microsoft, the registry services provider and Internet users.

1.7.1 Multi-Factor Authentication
To ensure proper access to domain functions, Microsoft incorporates VeriSign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).
Registrars can use the one-time-password when communicating directly with VeriSign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is enabled only for registrars that wish to take advantage of the added security provided by the service.

1.7.2 Requiring Multiple, Unique Points of Contact

The Registry Service Provider will maintain correspondence with multiple points of contact within Microsoft including but not limited to the Legal Manager and the Domain Management Team in order to ensure that all relevant stakeholders are kept abreast of important issues as they occur. Any decision in relation to the suspension or termination of a domain name that is supporting abusive behavior will be taken by the Legal Manager who will first consult with the Domain Management Team. Microsoft has an experienced Anti-Abuse & Security Team who will be available around the clock to assist with the most serious incidents.

1.7.3 Requiring the Notification of Multiple, Unique Points of Contact
The primary contact for all abuse incidents will be the Legal Manager. The Legal Manager will have the responsibility, for example, of determining when a domain should be locked or cancelled.

2. TECHNICAL PLAN THAT IS ADEQUATELY RESOURCED IN THE PLANNED COSTS DETAILED IN THE FINANCIAL SECTION

Resource Planning
Microsoft dedicates significant financial and personnel resources to combating malicious and abusive behavior in the DNS. Microsoft will extend these resources to encompass the designation and maintenance of the unique Abuse Point of Contact, regular monitoring of potential abusive and malicious activities with support from dedicated technical staff, analysis of reported abuse and malicious activity, and action to address such reported activity.

The designated abuse prevention staff will be subject to regular evaluations, receive adequate training and work under expert supervision. The abuse prevention resources will comprise both internal staff and external abuse prevention experts who will give extra advice and support when necessary.

Resource Planning Specific to Backend Registry Activities
Verisign, Microsoft’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLDs initial implementation and ongoing maintenance. VeriSign’s pricing for the backend registry services it provides to Microsoft fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in VeriSign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving VeriSign’s ability to align personnel resource growth to the scale increases of VeriSign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:

• Application Engineers: 19
• Business Continuity Personnel: 3
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11
• Network Administrators: 11
• Network Architects: 4
• Network Operations Center (NOC) Engineers: 33
• Project Managers: 25
• Quality Assurance Engineers: 11
• Systems Architects: 9

To implement and manage the .WINDOWS gTLD as described in this application, Verisign, Microsoft’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, VeriSign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

3. POLICIES AND PROCEDURES IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES
3.1 Policies and Procedures That Identify Malicious or Abusive Behavior
Verisign, Microsoft’s selected backend registry services provider, provides the following service to Microsoft for incorporation into its full-service registry operations.

Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.

VeriSign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. VeriSign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.

3.2 Policies and Procedures That Address the Abusive Use of Registered Names

Suspension processes based on Court Orders or investigations. Because domain names can be used to engage in malicious and abusive activity on the Internet, including malware, pharming, and phishing, the most efficient measure to combat such activity may, under certain circumstances, be to deactivate the domain. Microsoft will implement a rapid takedown process based on, for example, court orders, appropriate and documented requests from law enforcement, and the results of its own internal threat analyses and assessment.

Suspension processes conducted by backend registry services provider. In the case of domain name abuse, Microsoft will determine whether to take down the subject domain name. Verisign, Microsoft’s selected backend registry services provider, will follow the following auditable processes to comply with the suspension request.

Verisign Suspension Notification. Microsoft submits the suspension request to Verisign for processing, documented by:
• Threat domain name
• Registry incident number
• Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
• Threat classification
• Threat urgency description
• Recommended timeframe for suspension⁄takedown
• Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
• Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from Microsoft, it performs the following verification procedures:
• Validate that all the required data appears in the notification.
• Validate that the request for suspension is for a registered domain name.
• Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to Microsoft with the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Error reason

Upon Microsoft request, Verisign can provide a process for registrants to protest the suspension.

Domain Suspension. Verisign places the domain to be suspended on the following statuses:
• serverUpdateProhibited
• serverDeleteProhibited
• serverTransferProhibited
• serverHold

Suspension Acknowledgement. Verisign notifies Microsoft that the suspension has been completed. Acknowledgement of the suspension includes the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Case number
• Domain name
• Microsoft abuse contact name and number, or registrar abuse contact name and number
• Suspension status

4. WHEN EXECUTED IN ACCORDANCE WITH THE REGISTRY AGREEMENT, PLANS WILL RESULT IN COMPLIANCE WITH CONTRACTUAL REQUIREMENTS
Microsoft is confident that its vast expertise in combating malicious and abusive activity on the Internet, its extensive and detailed attention to the potential issue of abuse, and the experience and advice of its chosen backend registry provider, Verisign, will enable Microsoft to comply with all its contractual requirements in the Registry Agreement.

5. TECHNICAL PLAN SCOPE⁄SCALE THAT IS CONSISTENT WITH THE OVERALL BUSINESS APPROACH AND PLANNED SIZE OF THE REGISTRY
Scope⁄Scale Consistency
Microsoft intends to register a maximum of 100 .WINDOWS domains for its own use across three years of operation. Microsoft is confident that the plans and processes outlined in this answer are, in fact, consistent with a registry of much greater size.

Scope⁄Scale Consistency Specific to Backend Registry Activities
Verisign, Microsoft’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct VeriSign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.

VeriSign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .WINDOWS gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. VeriSign’s pricing for the backend registry services it provides to Microsoft fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.