28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.TRUSTDeutsche Post AGmarkmonitor.comView

1. Introduction r />r /> Next to ensuring that a TLD is operated in a technically stable and secure manner, it is also of utmost importance that the Internet community at large is safeguarded from abusive and malicious behavior. Existing TLDs have often suffered from such behavior and, gradually, best practices have been developed in order to not only counter abusive or malicious conduct, but also prevent such issues from happening. r />r /> Abusive use of a domain name generally includes, but is not limited to the following: r /> 1) illegal or fraudulent actions; r /> 2) using domain names in the TLD in order to send or forward unsolicited bulk messages, generally referred to as ʺspamʺ; r /> 3) distribution of malware: using domain names in order to disseminate software (e.g. computer viruses, keyloggers, etc.) that is designed to damage or harm the integrity of computers; r /> 4) phishing: displaying web pages that are intended to mislead Internet users, with the aim of obtaining in a malicious manner from such users their sensitive data such as logins and passwords of the pirated websites; r /> 5) pharming: redirecting Internet users to fraudulent website, which is generally done by hijacking or poisoning the DNS or changing host files on the victimʹs computer; r /> 6) fast-flux hosting and botnets; r /> 7) Illegal access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity); r /> 8) Using domain names in the TLD in order to disseminate illegal content, such as child pornography r />r /> Given the fact that the applied-for TLD will likely be and remain a single registrant TLD, as explained in our response to Question 18 et seq., where only Deutsche Post AG will be entitled to register domain names in the TLD, the likelihood for any such abusive behavior in this TLD to materialize is lower. Nonetheless, the Applicant commits to implement the preventive and curative measures described in the following paragraphs, in order to ensure that the applied-for TLD is operated in a responsible manner. r />r /> 2. Control r />r /> Considering the fact that the applied-for gTLD will be a so-called brand-TLD, the Applicant Registry Operator will put in place various tools in order to mitigate or even exclude the possibility that the reputation of the key brands and identifiers of Deutsche Post AG is not harmed in any way. Especially, these tools and techniques will ensure that the Applicant will have the ability at all times to exercise control over: r /> 1) the registrant; r /> 2) the domain name; r /> 3) the contact information associated with any domain name; and r /> 4) the products, services and information provided under such domain name. r />r /> In order to effectuate this, a limited number of identified individuals within Deutsche Postʹs organization will be able to control the applied-for TLD and any and all domain names registered therein from one portal, which has the following functionalities: r /> 1) validating the registrantʹs eligibility and user rights in order to register domain names in the applied-for TLD; r /> 2) validating whether an (about to be) registered domain name in the applied-for TLD corresponds to the naming conventions that will be established by the Registry Operator for domain names registered in the applied-for TLD; r /> 3) validating contact information associated with registered domain names, in particular these contacts that can exercise control over the domain name itself, the name servers associated with such domain name, etc.; r /> 4) validating specific commands, including create, update and delete commands; r /> 5) approving for some or all domain names any transfer or trade requests, or intervene in the execution of such requests where the Registry Operator suspects that such transfer or trade requests are initiated in bad faith; and r /> 6) review whether the use that is made of a particular domain name corresponds with the Registry Operatorʹs use policy, and suspend domain name registrations or even delete name servers associated with domain names that are being used in a manner that does not comply with the types of uses that are allowed by the Registry Operator. r />r /> Bearing in mind that the registry is intended to be single registrant-registry only certain individuals are involved in above mentioned processes, reducing the risk of registering and⁄or using domain names in bad faith by any party that is not a member of Deutsche Post AG. r />r /> Access to this portal will be given to the administrators of the Registry Operator; furthermore, the Complaints Point of Contact will also obtain access to a limited number of features explained above. r />r /> 3. Reporting r />r /> Also, the Registry Operator will obtain access to reports generated by its back-end registry services provider, which reports include: r /> 1) number of DNS queries for each particular domain name registration; r /> 2) number of new domain names registered; r /> 3) number of new contacts created; r /> 4) etc. r />r /> If any suspicious activity is being detected following analysis of these reports, the Registry Operator will thoroughly investigate the matter and take appropriate action where required. r />r /> 4. Anti-abuse policy r />r /> Prior to the delegation of the TLD, the Registry Operator will publish the terms and conditions for the registration of domain names in the applied-for TLD, which will include an anti-abuse policy. Highlights of such policy will include: r />r /> Complaints Point of Contact: the Registry Operator will put in place a Complaints Point of Contact. The Complaints Point of Contactʹs contact details will be mentioned on the home page of the Registry Operator, including on the web-based WHOIS interface. r />r /> 5. Monitoring r />r /> The Registry backend service provider, appointed by the Applicant, will put in place certain tools and methodologies in order to proactively screen for malicious conduct. Such tools include scanners that automatically scan for viruses or other forms of malware on all services deployed under applied-for domain names. r />r /> These tools will operate in the background, and will not effect the functioning of the applied-for TLD. r />r /> 6. Prevention of Orphan glue records r />r /> In compliance with SSAC recommendations, the Registry backend service provider, appointed by the applicant, will check for the existence of glue records following the receipt of a deletion request for a particular domain name registration. If it would appear that no other domain names other than the domain name that is up for deletion are using the glue records associated with that domain name registration, the Registry Operator will remove such glue records after the domain name is deleted. r />r /> Furthermore, any interested party will be entitled to file a complaint before the Complaints Point of Contact if it would appear that orphan glue records would still exist. If it would appear, following investigation by the Registry Operator, that orphan glue records would still exist in the zone file, such records will be promptly deleted from the zone file. r />r /> 6.1. Glue record r />r /> RFC 1034 defines glue as r /> A zone contains ʺglueʺ resource records which are not part of the authoritative data, and are address resource records for the servers. r />r /> And specifies further that r /> These resource records are only necessary if the name serverʹs name is ʺbelowʺ the cut, and are only used as part of a referral response. r />r /> In this specific case a glue record is the IP address of a name server held at the domain name registry. They are required when a set of name servers of a domain name point to a hostname under the domain name itself. For example, if the name servers of example.com are ns1.example.com and ns2.example.com: to make the domain name system work, glue records (i.e. the IP addresses) for ns1.example.com and ns2.example.com are required. Without the glue records for these name servers the domain name would not work as anyone requiring DNS information for it would get stuck in a loop. r />r /> Example: r /> What is the name server for example.com? -〉 ns1.example.com r /> What is the IP address of ns1.example.com? -〉 donʹt know, try looking at name server for example.com r /> What is the name server for example.com? -〉 ns1.example.com r /> With the glue record in place the registry will hold the IP address and the loop will not occur. r />

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.DEUTSCHEPOSTDeutsche Post AGmarkmonitor.com-3.52Compare