28 Abuse Prevention and Mitigation

Prototypical answer:

The dot WALES TLD will be operated in the public interest and for the benefit of Wales and the Welsh people. It will therefore employ robust and effective abuse prevention and mitigation strategies, some of which are operated at the registration stage relating to rights protection, further details of which we provide at Q29.

The dot WALES registry will operate proportionate policies that minimise the prospect of abusive registration in the first instance, enhanced by effective measures to respond to malicious and harmful activities in the domain. These policies will define the types of behaviours that would be considered unacceptable in the dot WALES TLD and the process by which such domains might be suspended, whilst minimising any potential adverse impact on innocent parties, including the registrant and registrar. We will publish on our website, no less than three months prior to the launch of the dot WALES TLD, the policies and procedures by which registration abuse and domain usage complaints will be managed, including:

- notification procedures;
- scope of acceptable complaints;
- jurisdiction;
- appeals mechanisms;
- review procedures; and
- relevant registrar and registrant responsibilities.

These policies will be developed through consultation with interested parties including registrars, rights-holders, UK public law enforcement agencies, regulators, government, and civil society. The registry will also mirror and implement any consensus policies relating to the Registrar Accreditation Agreement through its own registry⁄registrar agreement. The policy will include further details in relation to rapid suspension procedures over and above those outlined here.


Abuse

For these purposes we define ʺabuseʺ as action in the registration or usage of a domain in the TLD that would cause actual and substantial harm, or which is illegal or illegitimate. Such abuse may occur at any stage of the domain name lifecycle and therefore we will establish policies and procedures to manage and mitigate such instances.

In the context of domain name registration, abuse includes infringement of a third party right where the domain is used in a way that is unfairly detrimental to that third party (further details provided in our response to Q29). Abuse also includes phishing, pharming, botnets, malware, fraud and other harms or illegitimate uses that we may identify in the future or that are brought to our attention.

Abusive activity includes that which gives rise to the registry’s reasonable belief that the dot WALES domain space is being brought into disrepute, or where the activity related to a dot WALES domain name risks placing the registry in breach of any applicable laws, government rules or requirements, requests of law enforcement, or where Nominet in its role as registry operator and its affiliates, subsidiaries, officers, directors, and employees, may incur a civil or criminal liability.


Policies for handling complaints regarding abuse

1. Process for standard abuse notifications
Nominet will provide a number of mechanisms for complainants to bring allegations of abuse to its attention.

In advance of the launch of the dot WALES TLD we will publish a single abuse point of contact responsible for addressing matters requiring expedited attention, along the lines of abuse@nic.wales. This will be clearly signposted as well as being explicitly brought to the attention of relevant stakeholders.

We will require complaints to be submitted directly in writing to the registry’s abuse team for investigation using standard abuse report templates. Telephone notifications will not be accepted.

Nominet’s abuse team will acknowledge all complaints within 72 hours (note there is a separate rapid take down process). An investigation of the complaint will be conducted within a further 48 hours. The outcome of the investigation may lead to the registrant of the domain name being put on notice of the complaint and the need to rectify the alleged abuse.

Where abuse is found this could result in transfer, cancelation or suspension of the domain name by the registrar or registry. The registrant will be contacted in advance to advise of the pending action where appropriate and will be informed of the appeal procedure.

The complainant will be advised of the outcome of the investigation.

We will require dot WALES registrars, via the registry⁄registrar agreement, to have a robust abuse policy and to promptly take steps to disable or remove abusive domains. The registry reserves the right to require a registrar (or its re-seller through the registrar) to transfer, delete or suspend a domain contravening this policy, and reserves the right to exercise the transfer, deletion or suspension of such a domain where the registrar is unable to act.

Note: for large scale operations Nominet will work with LEAs to develop appropriate service level agreements recognising the need to act promptly whilst also ensuring thorough and appropriate investigations are carried out.

2. Rapid take down or suspension
Complaints relating to illegal activities will only be accepted where they have come from a UK public law enforcement agency (LEA) with which the dot WALES registry has an existing working relationship, in order to ensure that the complaints are valid and that the agency has a proper understanding of the domain name system. Agencies that have not had previous dealings with the registry will be referred to an agency with whom Nominet has an existing relationship, so that they can work together to make a complaint. These complaints will have to follow the published policy and be authorised at a high level.

We will require complaints to be submitted directly in writing to the registry’s abuse team for investigation using a rapid suspension request template. Telephone notifications will not be accepted.

Rapid suspension requests received by the registry will be acknowledged by the abuse team within 24 hours. A review will be conducted within a further 48 hours. The outcome of this review may include placing the registrant of the domain name on notice of the complaint and the need to rectify the alleged abuse.

Where abuse is found this could result in transfer, cancelation or suspension of the domain name by the registrar or registry. The registrant will be contacted in advance to advise of the pending action where appropriate and will be informed of the appeal procedure.
The complainant will be advised of the outcome of the investigation.

Where abuse is alleged by any other third party (whether an LEA or not), the dot WALES registry will:

- where appropriate, provide details to the complainant of the Uniform Rapid Suspension Process, the Uniform Dispute Resolution Procedure or to the registry’s own free mediation service;
- invite the complainant to bring their allegation to the attention of a UK LEA which can assess whether it wishes to bring a complaint directly to the registry in order to start the rapid suspension process; and
- where a registrant alleges abusive activity by a registrar, the registry will investigate the complaint and take steps to enforce compliance with the registry-registrar agreement, including if necessary, amending data in the register.

Note: for large scale operations Nominet will work with LEAs to develop appropriate service level agreements recognising the need to act promptly whilst also ensuring thorough and appropriate investigations are carried out.

Note: the scope of the application of the rapid suspension policy will be developed in consultation with the wider stakeholder community.

Nominet will document complaints, investigations, and their outcomes and will conduct regular audits to identify issues and best practice.


Measures to promote WHOIS accuracy

Registrants will have a positive obligation to ensure their contact details are up to date.

All applicants for a dot WALES domain names will be contractually required to provide complete and accurate WHOIS data. Verification will be undertaken by the registrar in the first instance and enforced through the registry⁄registrar agreement. The registrar will conduct regular post registration checks on WHOIS data quality as required by the WHOIS Data Reminder Policy.

Nominet will also conduct proactive validation checks on the name and address of all registrants. Failure of the registrant to provide correct data will result in the process of suspension being initiated by the registrar. Where the registrar fails to act, Nominet will suspend the domain pending confirmation and verification of the registrant’s compliance.

Nominet will conduct routine audits of WHOIS data provided by registrars for accuracy. Where data quality falls below acceptable thresholds we will have the option to impose financial and⁄or technical restrictions on those registrars. We will also consider financial incentives where registrars consistently meet high standards.


Controls to ensure proper access to domain functions

Under the registry⁄registrar agreement, registrars may only make changes to registrant details with the specific authorisation of the registrant, including renewal requests, transfers, changes of contact details, and deletion requests.

The registry will require registrars to provide a secure environment in which registrants can initiate updates to their domain names, for example, registrant transfers or registrant name changes. Registrars will be required to demonstrate their systems to us when they apply to contract with us as a registrar for dot WALES. Registrars must ensure that registrants provide an authorised administrative contact that has a secure and unique username (identity) and login credentials (comprising at least two-factor authentication) in order that they can initiate transactions on their domain. We will restrict domain name updates solely to authorised administrative contacts for a domain name.

Registrars will be required to ensure that appropriate authentication of registrants is carried out to ensure that they have confidence in the authenticity of a request to update a domain name before they act. This includes recovery of login credentials where the registrant requires them to be reset. Registrars will be under the same obligation to ensure the quality of registrant data as per the registration policy and to validate the authenticity of the request.

Registrars are required to confirm to the registrant’s primary administrative contact the details of any updates that are made to their domain name record. This confirmation can be sent electronically through a domain name control panel service or via email or other electronic means.


Proposed measures for removal of orphan glue records

The default process for dot WALES will be to automatically detect and remove orphan glue records. However, where clear evidence in written form is presented that orphan glue records are present in the registry zone files, Nominet will take the following action:

- a change request will be presented to Nominet’s second line support team by the person handling the complaint. The orphan glue record will be manually removed from the register and, if necessary, locks will be put in place which will prevent any further changes being made to the domain name record in question;
- Nominet’s zone files update dynamically and so within 5 minutes of the change being made on the register, the zone files will reflect the changed name server record.


Information sharing and development of best practice

Nominet is well established in national and international industry networks covering registry-specific threats as well as threats to the broader internet landscape. We will continue this work, ensuring dot WALES is as resilient and secure as it can be.

The registry will work with registrars to develop tools and promote best practice through training and the provision of solutions to address common sources of abuse, including:

- identifying stolen credentials and verifying registrant identity;
- identifying and investigating common sources of abuse;
- identifying compromised⁄hacked domains versus domains registered by abusers;
- practices for suspending domain names; and
- identifying or providing relevant security resources.

We will also provide an aggregated feed of information highlighting domain names used for phishing purposes to the relevant registrar. This feed will be collated from trusted sources allowing registrars to take prompt action against abusive domains.


Resource plan

The implementation of the policy will be managed by Nominet through its dedicated abuse team. The four-person abuse team work 08:00 to 18:00 GMT, with 24⁄7 support available on call. The team is supported by the 24FTE strong Customer Support Team.

Pre-launch

- Policy development and stakeholder engagement: 15 days by Nominetʹs policy secretariat and legal team

Total pre-launch resource time: 15 days.

Ongoing business as usual:

- Abuse team: 4 hours per week
- Legal, policy and stakeholder engagement: 1 full time equivalent (FTE) split equally across dot WALES adn dot CYMRU

Total ongoing business as usual resource: 1 FTE plus 4 hours

Similar gTLD applications: (1)