28 Abuse Prevention and Mitigation

Prototypical answer:

As mentioned in response to Question 18 (b) above, the Applicant is a world-leading satellite operator. In connection to its business, the Applicant has a substantial experience and expertise in managing complex information technology infrastructures, hereby relying on in-house and external resources.
However, the Applicant has no in-depth experience in managing a domain name registry system and it would require too much effort for the Applicant to develop a system itself that complies with the specific technical requirements imposed upon new gTLD registries. Therefore, the Applicant has decided to rely on Verisign Inc. (“Verisign” – see http:⁄⁄www.verisigninc.com⁄), who accepted to provide back-end registry services for the Applicants applied-for .SES registry.
The response to this question describes the Abuse Prevention and Mitigation for the .SES TLD as it will be provided by Verisign. When it is stated that Verisign will perform certain services or comply with certain standards or processes, Verisign will do this for the Applicant, who itself is committed to comply with these standards or processes towards ICANN. The same is true where it is stated that certain services will be provided (without the express mention of Verisign). Unless it is expressly mentioned otherwise, services will be provided by Verisign for the Applicant. Where use is made of the first person plural, reference is made to Verisign, as throughout the technical portion (Questions #23 - #44) of this application, answers are provided directly by Verisign, the back-end provider of registry services for the applied-for .SES TLD (also referred to as ‘this TLD’).
Q28 – Abuse Prevention and Mitigation

1. COMPREHENSIVE ABUSE POLICY, WHICH INCLUDES A CLEAR DEFINITION OF WHAT CONSTITUTES ABUSE IN THE TLD, AND THE PROCEDURES THAT WILL EFFECTIVELY MINIMIZE POTENTIAL FOR ABUSE IN THE TLD
The Applicant has identified Verisign as a trusted partner based on its stable organization with strong financial stability and the resources to ensure responsible backend operator services. Verisign has proven to the Applicant that it is the high-value and low-risk vendor of choice to meet the gTLD program needs. The Applicant will rely on Verisign to provide all the technical support linked to the new gTLD program and to enforce all ICANN mandatory procedures to minimize all potential abuse in the TLD
As per the vision ⁄ mission statement stated in response to Question 18 of this application, some of the key reasons why Applicant is applying for .SES are safety and security, given the fact that the TLD and most if not all of the domain names registered therein will be completely or at least partially under the control of the Registry Operator. Given the single-registrant character that the applied-for TLD shall (at least) initially have and the control of the Registry Operator in operating the applied-for TLD, the risks that the TLD or domain names registered therein will be used in an abusive manner is already limited in itself.
The Applicant is of the opinion that the operation of the .SES TLD will not be facing the challenges in mitigating abuses that most true “generic” top-level domain names are and will continue to be coping with.

Nevertheless, the Applicant is factoring in mechanisms to prevent and mitigate possible abuses.
1.1 .SES Abuse Prevention and Mitigation Implementation Plan
The Applicant will monitor all possible abuses such as:
a) Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of websites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.
b) Phishing: The use of counterfeit web pages that are designed to trick recipients into divulging sensitive data such as user names, passwords, or financial information.
c) Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, key loggers, and Trojan horses.
d) Botnet command and control: Services that run on domain names that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct distributed denial-of-service attacks (DDoS attacks).
e) Distribution of child pornography


The client is also relying on Verisign as its technical backend operator due to its longstanding legacy in the industry and its capabilities to support SES in mitigating all above mentioned abuse.
As mentioned above, the Applicant expects few risks of abuses as it intents initially to use the .SES gTLD as a single registrant TLD, as described by ICANN in Section 4.5 of the Registry Operator Agreement:
“(…) all domain name registrations in the TLD are registered to, and maintained by, Registry Operator for its own exclusive use”;
“Registry Operator does not sell, distribute, or transfer control or use of any registrations in the TLD to any third party that is not an Affiliate of Registry Operator”.
Furthermore, as abuses of the TLD will be detrimental to the reputation of the Applicant’s key brand, the Applicant aims to strictly control the use of its TLD and to have clear policies in place that grant the Applicant the right to cancel, suspend, or even revoke domain names registered in the TLD.
1.2 Policies for Handling Complaints Regarding Abuse
The selection of Verisign was based on the technical expertise of Verisign and its experience in running different large registries and managing right protection mechanisms. Verisign has demonstrated its ability to provide high levels of service that are scalable while still flexible enough to provide appropriate right protections measures.
The Applicant has a domain name and legal department, which protects and enforces the intellectual property rights of the Applicant in various ways. For the .SES gTLD, the Applicant relies on various internal and external resources in order to ensure that the organization is able to plan for right protection matters that may occur.
Furthermore, this department is responsible for registering and monitoring domain names in existing TLDs. Following award of the .SES TLD to the Applicant, this department will also be controlling registrations and⁄or registration volumes, as well as potential abuses of domain names within this extension.
The Applicant’s back-end registry service provider will also monitor the on-going technical abuses processes.
1.3 Proposed Measures for Removal of Orphan Glue Records
Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. SES’s selected backend registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.
To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during the deletion of a domain name:

• Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
• If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
• Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:

• If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
• If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans
Details related to resourcing plans for the initial implementation and ongoing maintenance of SES’s abuse plan are provided in Section 2 of this response.
1.5 Measures to Promote Whois Accuracy
The Applicant supported by its backend operator will comply to all ICANN requirements such as WhoIs accuracy.
The Applicant believes that WhoIs accuracy will be fully under control, considering the fact that it is a single registrant TLD that is monitored and operated in-house. The Applicant performed in this preparatory stage a rather high-level analysis of the possible uses of the .SES TLD. The analysis showed the following:
- Phase 1: initially, the .SES would be a single registrant TLD, as described by ICANN in Section 4.5 of the Registry Operator Agreement:
o “(…) all domain name registrations in the TLD are registered to, and maintained by, Registry Operator for its own exclusive use”;
o “Registry Operator does not sell, distribute, or transfer control or use of any registrations in the TLD to any third party that is not an Affiliate of Registry Operator”;

However, in the event the Applicant determines that there would be a business reason for the Applicant to allow third parties to register domain names in the .SES TLD, the Applicant may decide to liberalize the eligibility requirements. However, the Applicant understands that any such offering needs to encompass a thorough analysis and process for adequately protecting the rights of third parties, by implementing the rights protection mechanisms developed by ICANN. In any case, it will only take such a decision if and when adequate safeguards are effectively put in place in order to protect the reputation and distinctive character of the Applicant and its brands.

1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness
As part of internal auditing and risk mitigation, the Applicant will perform on a regular basis Whois data control process. As the Applicant is willing to provide selected stakeholders in SES brands with the opportunity to create a secure and safe Internet environment that is mainly or even fully under control of the Applicant and⁄or such stakeholders, the Applicant will regularly audit its domain name portfolio, as this is the case with its current intellectual property rights.
Verisign, SES’s selected backend registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s Whois accuracy requirements. Verisign provides the following services to SES for incorporation into its full-service registry operations.
Registrar self-certification. The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Process steps are as follows:
• Verisign sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification.
• When the form is submitted, Verisign sends the registrar an automated email confirming that the form was successfully submitted.
• Verisign reviews the submitted form to ensure the certifications are compliant.
• Verisign sends the registrar an email notification if the registrar is found to be compliant in all areas.
• If a review of the response indicates that the registrar is out of compliance or if Verisign has follow-up questions, the registrar has 10 days to respond to the inquiry.
• If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Verisign sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach.
• If the registrar does not cure the breach, Verisign terminates the Registry-Registrar Agreement (RRA).

Whois data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.
1.5.3 Use of Registrars
To ensure full control of its registrar network, the Applicant has decided to operate the TLD on a single registrant TLD basis, as described by ICANN in Section 4.5 of the Registry Operator Agreement. All ICANN mandatory specifications will be included in the registry-registrar agreement and the Applicant will also rely on the registrars to report any potential abuses in the TLD.
1.7.1 Multi-Factor Authentication
To ensure proper access to domain functions, SES incorporates Verisign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).
Registrars can use the one-time-password when communicating directly with Verisign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is enabled only for registrars that wish to take advantage of the added security provided by the service.

Figure 28-1: Verisign Registry-Registrar Two-Factor Authentication Service

1.7.2 Requiring Multiple, Unique Points of Contact
As per ICANN requirements, the Applicant will establish and publish on its website a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD through all registrars. The Applicant has planned adequate resources to implement and take care of any abuse matter. Moreover, the Applicant will also rely on various internal and external resources in order to ensure that the TLD remains secured and controlled, such as monitoring phishing mailing lists, etc.
.
2. TECHNICAL PLAN THAT IS ADEQUATELY RESOURCED IN THE PLANNED COSTS DETAILED IN THE FINANCIAL SECTION
Resource Planning
Customer support in relation to the operation of the .SES gTLD will be part of the services provided by the Applicant, its sponsoring registrar (and possibly other ICANN-accredited registrars) and its backend operator, Verisign. However, the Applicant took into account the cost of supervising this activity and also took into account that its general customer service will have employees available who can respond to concerns of third parties in relation to the operation of the gTLD. Considering the fact that the .SES gTLD envisages in the first place to secure and protect the Applicant’s distinctive and reputable brand, the Applicant considers that its current staff shall be sufficient. Should there be an increased demand, the Applicant will take the necessary measures to ensure a stable and reliable operation, management and use of the TLD.
Resource Planning Specific to Backend Registry Activities
Verisign, SES’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to SES fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.
Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.
Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
• Application Engineers: 19
• Business Continuity Personnel: 3
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11
• Network Administrators: 11
• Network Architects: 4
• Network Operations Center (NOC) Engineers: 33
• Project Managers: 25
• Quality Assurance Engineers: 11
• Systems Architects: 9

To implement and manage the .SES gTLD as described in this application, Verisign, SES’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.
When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.
3. POLICIES AND PROCEDURES IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES AT STARTUP AND ON AN ONGOING BASIS
3.1 Start-Up Anti-Abuse Policies and Procedures
the Applicant is not of the opinion that the operation of the .SES TLD would face the challenges that most true “generic” top-level domain names will be facing, including:
- the need to accredit multiple ICANN Accredited Registrars in order to have sufficient market reach with respect to their proposition;
- charging fees for domain name registrations in the gTLD;
- incurring high up-front and ongoing marketing and outreach costs in order to build awareness of the gTLD;
- etc.

In the Applicant’s view, the .SES TLD will be a platform for supporting its business activities.
3.2 Ongoing Anti-Abuse Policies and Procedures
3.1 Policies and Procedures That Identify Malicious or Abusive Behavior
Verisign, SES’s selected backend registry services provider, provides the following service to SES for incorporation into its full-service registry operations.
Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.
3.2 Policies and Procedures That Address the Abusive Use of Registered Names
Suspension processes. The Applicant will ensure that all abusive use of registered domains will be analyzed. Should there be sufficient burden of proof, the client will take the appropriate measure to suspend or delete the abusive use of registered domains.
Suspension processes conducted by backend registry services provider. In the case of domain name abuse, SES will determine whether to take down the subject domain name. Verisign, SES’s selected backend registry services provider, will follow the following auditable processes to comply with the suspension request.
Verisign Suspension Notification. SES submits the suspension request to Verisign for processing, documented by:
• Threat domain name
• Registry incident number
• Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
• Threat classification
• Threat urgency description
• Recommended timeframe for suspension⁄takedown
• Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
• Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from SES, it performs the following verification procedures:
• Validate that all the required data appears in the notification.
• Validate that the request for suspension is for a registered domain name.
• Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to SES with the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Error reason

Domain Suspension. Verisign places the domain to be suspended on the following statuses:
• serverUpdateProhibited
• serverDeleteProhibited
• serverTransferProhibited
• serverHold

Suspension Acknowledgement. Verisign notifies SES that the suspension has been completed. Acknowledgement of the suspension includes the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Case number
• Domain name
• SES abuse contact name and number, or registrar abuse contact name and number
• Suspension status

5. TECHNICAL PLAN SCOPE⁄SCALE THAT IS CONSISTENT WITH THE OVERALL BUSINESS APPROACH AND PLANNED SIZE OF THE REGISTRY
Scope⁄Scale Consistency
The Applicant is a world-leading satellite operator. In connection to its business, the Applicant has a substantial experience and expertise in managing complex information technology infrastructures, hereby relying on in-house and external resources.
However, the Applicant has no in-depth experience in managing a domain name registry system and it would require too much effort for the Applicant to develop a system itself that complies with the specific technical requirements imposed upon new gTLD registries. Therefore, the Applicant has decided to rely on Verisign Inc. (“Verisign” – see http:⁄⁄www.verisigninc.com⁄), who accepted to provide back-end registry services for the Applicants applied-for .SES registry.
Scope⁄Scale Consistency Specific to Backend Registry Activities
Verisign, SES’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.
Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .SES gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the backend registry services it provides to SES fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.

Similar gTLD applications: (0)