28 Abuse Prevention and Mitigation
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.lplfinancial||LPL Holdings, Inc.||lpl.com||View|
The .lplfinancial TLD application concerns a restricted gTLD, which means that for the first phase of the gTLD launch only the Applicant will be entitled to register domain names. In phase two the Applicant will organize a sunrise period where Applicant’s financial advisors will be allowed to apply for a domain name that corresponds with its trademark or company name(s) (see our response to question 29). During the third phase product sponsors and affiliates of the Applicant and the Applicant itself will be allowed to register domain names that correspond both directly or indirectly. It is important to note that the domain name registrations for .lplfinancial TLD will never be open to the general public.
These limitations, requirements and procedures will be reflected in the following:
- the policies for the registration of domain names, which will contain provisions regarding:
o how domain names will be allocated;
o the responsibility of the various parties involved in the registration process, including the Registrars sponsoring a domain name registration in the .lplfinancial TLD; and
o the measures taken by Applicant and its accredited Registrars in order to prevent abuse made by any Registrant of a domain name in the .lplfinancial gTLD, as well as measures to suspend or delete any domain name registrations made in this extension above and beyond the mandatory policies and procedures set out by ICANN;
- the registry-Registrar agreement, which will contain provisions regarding:
o the authentication of candidate Registrants of domain names in the gTLD;
o the verification in cooperation with the Applicant’s Marketing department (see next page) – on a continuous basis – of whether these Registrants meets these requirements;
- putting in place an Abuse Complaints Point of Contact, who will investigate any non-compliant or infringing domain name registrations at no cost to the third party complainant who is of the opinion that a domain name has been registered without the Registrant meeting the eligibility requirements referred to above, and⁄or a domain name has been registered that potentially infringes the rights or legitimate interests of such complainant.
2. Proposed Policies and procedures
As already stated due to the restricted nature of .lplfinancial TLD, occurrences of domain name abuse are inherently prevented. Nevertheless Applicant ensures that extensive measures will be taken in order to manage domain name abuse in compliance with ICANN regulations as described in the following paragraphs.
1. An implementation plan to establish and publish on its website a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in .lplfinancial TLD.
Applicant commits itself to addressing matters regarding abuse in an expedient fashion and to provide a timely response to all abuse complaints concerning domain names registered in .lplfinancial TLD. As will be documented in Applicant’s Domain Name Anti-Abuse Policy scope this application concerns a restricted gTLD, meaning:
- There will be a limited number of Registrants:
o Financial advisors of Applicant;
o Product sponsors and affiliates of the Applicant ;
Operating a restricted gTLD will in itself limit the possibilities of domain name abuse, however to comply to ICANN’s requirements Applicant intends to appoint a single point of contact to address matters regarding domain name abuse. As described in the Applicant’s Domain Name Anti-Abuse Policy, it is the intention of the Applicant to create a specialized governing body (Governance Committee) within Applicant’s organization to create and maintain the Applicant’s Domain Name Anti-Abuse Policy.
This Governance Committee will consist of highly skilled professionals with extensive experience in legal, business and technical domain name matters, trained to handle abuse complaints. In addition to handling possible abuse complaints, they will also correlate these complaints to create new procedures or to improve Applicant’s Domain Name Anti-Abuse Policy.
To further minimize abusive registrations and other activities that have a negative impact on Internet users, all domain name applications will be presented to Applicant’s marketing department through a centralized, web-based, request system. The marketing department will determine whether or not the domain name request is approved. This approval process will ensure that the domain name applied for corresponds with a trademark, company name, or service and products that are provided by financial advisors and product sponsors and affiliates and that the domain name complies with the abuse registration polices as set out by the Governance Committee.
2. Policies for handling abuse complaints.
As mentioned earlier, as a result of the restricted nature of .lplfinancial, Applicant does not foresee any actual domain name abuse or any misuses. This is due to the fact that all domain names that will be registered will be either directly or indirectly linked to Applicant’s services and products and⁄or their financial advisors, products sponsors and affiliates their products and⁄or services and because all domain names will be submitted to an internal compliance check by the marketing department before any domain name is registered. Nevertheless, should any complaints be filed, the Applicant will have a mature policy in place to act accordingly. This policy will be published on the website.
As will be described in Applicant’s Domain Name Anti-Abuse Policy it is the intention of the Applicant to handle complaints regarding abuse and⁄or misuse, by means of a Governance Committee, created to oversee policy non-compliance. According to the level of the complaint Applicant will reserve the right to:
- deny or cancel any registration or transaction;
- place any domain name(s) on registry lock, hold or similar status during the resolution of a dispute.
This in order to:
- protect the integrity and stability of the registry;
- to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;
- to avoid any liability, civil or criminal, on the part of the Applicant , as well as its affiliates, subsidiaries, officers, directors, and employees;
- to correct mistakes made by Applicant.
Applicant will create a Domain Name Anti-Abuse Policy containing clear definitions of what constitutes abuse.
A high-level description of the Domain Name Anti-Abuse Policy can be found below.
The objective of the Anti-Abuse Policy is to define abusive uses pertaining to domain name registration and domain name usage. Consequently, the Applicant intends to define “abuse” as follows:
Abuse is an action that:
- Causes actual and substantial harm, or is a material predicate of such harm;
- Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed.
In the section below a distinction is made between Registration Abuses and Malicious Use of Domain Names (Domain Name Usage Abuses), as a failure to do so could lead to confusion.
The following practices are considered registration abuses and will result in sanctions taken by the Applicant:
- Cyber squatting;
- Gripe sites;
- Deceptive, pornographic and⁄or offensive domain names;
- Fake renewal notices;
- Name spinning;
- Cross-gTLD Registration Scam;
- Domain kiting.
Detailed descriptions of these abuses will be available in the Domain Name Anti-Abuse Policy that will be provided to all Registrants.
Malicious Use of Domain Names
Malicious use of domain names will apply to what a Registrant does with his or her domain name after the domain is created—the purpose the Registrant puts the domain to, and⁄or the services the Registrants operates on. As stated earlier, due to the restricted nature of the gTLD the probability of any malicious use of domain names is severely reduced.
However, the following practices are considered malicious use of domain names and will result in actions taken by the Applicant.
- Illegal or fraudulent actions;
- Traffic diversion;
- False affiliation;
- Wilful distribution of malware;
- Fast flux hosting;
- Botnet command and control;
- Distribution of any pornography;
- Illegal Access to Other Computers or Networks.
- Any ideas or opinions of any kind of philosophical matter
Detailed descriptions of these abuses will be available in the Domain Name Anti-Abuse Policy that will be provided to all of Applicant’s its Registrants. Non-compliance to the Anti-Abuse Policy will be monitored the marketing department and the governance committee
The Applicant will reserve the right to deny, cancel or transfer any registration or transaction, or
place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Applicant , as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by the Applicant . Applicant also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.
The abusive uses, as defined above, undertaken with respect to applicable domain names can give rise to the right of the Applicant to take such actions in its sole discretion. Should a dispute occur, the domain name will be put on hold immediately. Within 48 hours after the domain name was put on hold the dispute will be resolved and the domain will be accessible again or will be removed.
3. Proposed measures for removal of orphan glue records for names removed from the zone when provided with evidence in written form that the glue is present in connection with malicious conduct (see Specification 6)
As already stated, Applicant does not foresee any issues regarding orphan glue records.
Glue records can only be inserted with the domain name itself. Inclusion is based on the fact that the name servers have the same extension as the domain name. These address records only exist by the grace of the domain name itself. Since the IP address is always linked to the domain name, the address will also disappear from the zone as soon as the domain name is removed from the registration database. Should any evidence be provided that a domain name, registered with the Applicant is present in connection with malicious conduct, the name and glue will be simultaneously be removed. This limits the possibility of orphan glue records.
In view of the possible risks and dangers this is a very balanced choice of limitations and it allows for a flexible and consistent handling of glue records.
4. Adequate controls to ensure proper access to domain functions
Due to the restricted nature of .lplfinancial, some domain name functions will - at least initially not be allowed, such as domain name transfers. Access to other domain function requests, such as domain name update and deletion, are only possible through a centralized web-based request system owned and managed by the Applicant , after authentication via a strong password. The following principles are used for strong passwords:
- Users shall pick a password of sufficient complexity, which contain characters from at least 3 of following characteristics:
o English uppercase characters (A through Z);
o English lowercase characters (a through z);
o Base 10 digits (0 through 9);
o Non-alphabetic characters (for example, !, $, #, %).
- A password should have a minimal length of 8 characters.
- Passwords & PIN codes shall not be based on easily-guessable information, such as:
o words from a dictionary;
o data linked to a user (phone numbers, license plate, date or place of birth, ...);
o significant portions of the userʹs account name or full name.
The usage of the strong passwords will be enforced, where possible, by the application used to access domain function.
5. Measures to promote WHOIS accuracy.
As described in earlier, this application concerns a restricted⁄closed gTLD. WHOIS accuracy will be the responsibility of the Applicant. It is understood by the Applicant that is very important that the WHOIS maintains accurate and complete information. Consequently, the Applicant intends to take this responsibility for its account. As all requests for a domain name application will be submitted to a prior approval to the marketing department, it will be the marketing department’s responsibility to ensure that all Whois related information is accurate and complete.
And due to the fact that only the Applicant, its financial customers and in a later stage its products sponsors and affiliates will only be allowed to apply and register a domain name within the TLD, Applicant will be able to ensure that the necessary background checks have been done and the contact details are correct.
6. Other measures
All applied for domain names will be submitted to the marketing department in order to verify that the domain name applied for corresponds with the requirements as laid down in the registration policies.
1.6. Resourcing plans
As already stated above, Applicant intends to create a governance committee that will oversee the marketing department responsible for the initial implementation and ongoing maintenance of abuse prevention and mitigation.
Both the Governance Committee and the marketing department will consist of highly skilled professionals, experienced in legal, business and technical domain name matters. In order to ensure that all staff that will be working on this project is up to date, periodical trainings in relation to abuse and misuse complaint handling and in all relevant fields will be provided.
In addition, as these domain names within the TLD will be provided as an additional service to it the Applicant current services, the Applicant does not foresee to hire any additional staff for this specific purpose.
Due to the limited number of domain name registration and the restricted use of the TLD, Applicant is of the opinion that it is sufficient to dedicate 0.5 FTE. In the event that due Applicant would need to dedicate more staff than Applicant intends to allocate more resources. For more information, we refer to our response in questions 46 and 47.
Similar gTLD applications: (1)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|
|.lpl||LPL Holdings, Inc.||lpl.com||-4.52||Compare|