28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.thehartfordHartford Fire Insurance Companythehartford.comView


The Hartford shall operate .THEHARTFORD as a closed Registry. The Hartford will itself handle all requests for the procurement and assignment of domain name registrations and will periodically check the validity of each. The Hartford will be the registrant for all .THEHARTFORD domain names and will allow access to agents, employers, customers, business partners, and others with a relationship to The Hartford. The Hartford’s internal Intellectual Property Unit (“IP Unit”), Information Technology Department (“IT Dept.”), and Information Security Department (“Security Dept.”) will respond quickly to all questions or potential issues. The Hartford has operated thehartford.com, responding quickly and effectively to user complaints and security threats posed by the Internet, and expect .THEHARTFORD to operate without any negative impact on Internet stability or security.

1.1 .THEHARTFORD Abuse Prevention and Mitigation Implementation Plan

Because The Hartford will be the sole registrant of all .THEHARTFORD domain names, it will manage all registrant-related issues. The websites posted at domain names are for the sole use of Hartford-licensed, appointed agents⁄brokers and⁄or authorized customers, business partners or similar business-related parties, and employees (hereafter referred to as “Hartford Users”). The Hartford may set up portals through which the Hartford Users can log in and access information, but such individuals will have no control over the domain names or have the ability to alter the information posted on the websites, including name servers. Should a Hartford User wish to change any information presented on a .THEHARTFORD website, such User will be required to send a request to dnsadmin@thehartford.com. The request will then be reviewed by the IP Unit, IT Dept. Security Dept., or other department, as appropriate, and will either be granted or denied. If the request is granted, the IT Dept. will make the requested change.

If, in the future, The Hartford allows domain names to be registered using the name of a Hartford User (i.e., JOHNSMITH.THEHARTFORD or EXAMPLEAGENCY.THEHARTFORD), The Hartford will still serve as the registrant of all domain names. Such Hartford User will not have access to the administration of the domain name and would need to request administrative changes through the procedure defined in the paragraph above.

After a Hartford User requests the registration of a domain name, The Hartford will verify and authenticate that it is a bona fide Hartford User and will verify the Hartford User’s identity and other pertinent information (such as identifying information, including birth date and address, etc., as applicable) to determine whether to issue the domain name per the Hartford User’s request. If Hartford Users with the same name request a domain name registration, The Hartford will provide differing nomenclature.

The Hartford’s IP Unit will check all requested domain names for any trademark issues, including confirming that the requested domain name does not incorporate any trademarks listed in the Trademark Clearinghouse. Further, only Hartford Users will be able to submit a request for the registration of a domain name; and only those with a verified relationship with The Hartford will be granted requests. If a domain name registration request is granted, The Hartford’s Information Technology Unit will work with .THEHARTFORD’s registrar to complete the domain name registration.

1.2 Policies for Handling Complaints Regarding Abuse

The Hartford will operate a closed Registry, and will register and issue all domain names to verified Hartford Users only. Thus, few complaints should arise. The Hartford will nevertheless maintain a mailbox for complaint submissions. Complaints will be sent to the dnsadmin@thehartford.com inbox (“Complaint Inbox”) and will be handled by The Hartford’s Network Operations group, which will be responsible for evaluating the type of complaint and forwarding the complaint to the appropriate area of the company within two business days of receipt. If, for example, it is a complaint from a news agency, the complaint will be forwarded to Media Relations. If the complaint involves an allegation of trademark or copyright abuse, it will be forwarded to the IP Unit. If it relates to a regulatory issue or consumer complaint, it will be forwarded to the central Compliance officer for further distribution to the appropriate Compliance officer. The appropriate department will respond to the complaint within three business days of receipt.

1.3 Proposed Measures for Removal of Orphan Glue Records

Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. The Hartford’s selected backend registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.

To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:
• Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
• If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
• Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
• If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
• If no domains reference a name server, then the zone file removes the glue record.

1.4 Resourcing Plans

Details related to resourcing plans for the initial implementation and ongoing maintenance of The Hartford’s abuse plan are provided in Section 2 of this response.

1.5 Measures to Promote Whois Accuracy

The Hartford will procure all domain name registrations through its ICANN accredited registrar and will also control the administration of all registered domain names; as a result, all WhoIs information will be uniform. For all domain names, The Hartford will be listed as the registrant and administrator, with the administrative contact identified as Hartford Fire Insurance Company, listing the Complaint Inbox as the applicable method of contact. Verisign will serve as the technical contact for all .THEHARTFORD domain names.

1.5.1 Authentication of Registrant Information

The Registry will be centrally managed by The Hartford’s IT Dept. As set forth in 1.1, The Hartford will verify all Hartford Users’ identification and relationship to The Hartford through customer lists, agent and broker lists, vendor information, and other sources. All requests for the procurement and assignment of domain names will be internal to the Hartford and its affiliates. The Hartford’s internal IP Unit, IT Dept. and Security Dept. will respond quickly to all questions or issues that arise.

1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness

The Hartford will regularly spot check registrations. In addition, The Hartford’s IT Dept. will work with its ICANN accredited registrar and its backend registry service provider, Verisign, to remove old registrations and⁄or delete domain names when, for example, Hartford Users exit their relationship with The Hartford.

Only the IT Dept. supervisor, in conjunction with the IP Unit, will make required updates and corrections to registration data, thereby ensuring accuracy and completeness. Only employees of The Hartford, authorized to do so as part of their job function, will be permitted to make changes to Registration Data; all such changes will be subject to review by the employee’s supervisor. Upon review, if any Registration Data connected to a domain name is determined to be inaccurate, authorized employees will update the Registration Data within one business day of notification thereof.

Verisign, The Hartford’s selected backend registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s Whois accuracy requirements. Verisign provides the following services to The Hartford for incorporation into its full-service registry operations:
Registrar self certification.

The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Process steps are as follows:
• Verisign sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification.
• When the form is submitted, Verisign sends the registrar an automated email confirming that the form was successfully submitted.
• Verisign reviews the submitted form to ensure the certifications are compliant.
• Verisign sends the registrar an email notification if the registrar is found to be compliant in all areas.
• If a review of the response indicates that the registrar is out of compliance or if Verisign has follow-up questions, the registrar has 10 days to respond to the inquiry.
• If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Verisign sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach.
• If the registrar does not cure the breach, Verisign terminates the Registry-Registrar Agreement (RRA).

Whois data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.

1.5.3 Use of Registrars

The Hartford will instruct its registrar(s) to only use The Hartford’s standard WhoIs information unless instructed to use different WhoIs information by the IT Dept. at The Hartford. The Hartford will provide all applicable information to the registrar, such as domain name servers. The Hartford will verify all such information as it applies to the Hartford User or such other such affiliated entity to whom The Hartford provides a domain name for use.

1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution

All Complaints will be addressed on a case-by-case basis. Complaints received by the Network Operations group will be forwarded to the appropriate department within two business days of receipt. The appropriate department will respond to the complaint within three business days of receipt.

As noted above, complaints received in the Complaint Inbox will be handled by The Hartford’s Network Operations group, which will be responsible for evaluating the type of complaint and forwarding the complaint to the appropriate area of the company. If, for example, it is a complaint from a news agency, the complaint will be forwarded to Media Relations. If it is an allegation of trademark or copyright abuse, it will be forwarded to the IP Unit. If it relates to a regulatory issue or consumer complaint, it will be forwarded to the central Compliance officer for further distribution to the appropriate Compliance officer.

The Hartford responds to security incidents in an effective and timely fashion. The Hartford has a Data Incident Response Process to ensure identification and effective, efficient, and consistent responses to data incidents as required by business, contractual, and legal⁄regulatory requirements. The Data Incident Response Process includes, but is not limited to, data incident investigation, impact determination, engagement of appropriate teams, corrective and remedial measures to prevent future incidents, and notification as required by applicable law. The Hartford’s Data Incident Response Process is managed and executed by The Hartford’s Information Protection department (THIP) and Corporate Privacy Office. There is a core team of interested stakeholders that participate in the Data Incident Response Process. This group includes Corporate Communications, Enterprise IT, Corporate Compliance, and all Hartford Lines of Business’ and Media Relations. Other departments are brought in as necessary.

The Data Incident Response Process is initiated when a data security event is detected within the Hartford enterprise. An incident can be reported 24⁄7 by any employee or employee of an affiliate to the Service Desk. Depending on the severity of the incident, the incident details will be communicated either via email, phone call, or both to the THIP Incident Management Team mailbox (THIP, information Incident Response). In addition, during business hours, some business areas have implemented their own reporting procedures that require that incidents be reported to a designated compliance person. After hours the process reverts to the Service Desk. The compliance team has the authority to record and address certain types of incidents; more severe incidents, however, must be reported to the Service Desk.

When an incident is detected, the affected business unit has the following accountabilities:

• Report the incident within 24 hours of discovery.
• Conduct all business process-related triage activities.
• Undertake any necessary Breach Team activities.
• If notifications are required, provide financial and resource support to execute the notifications.

When an incident is received from either the Service Desk or Compliance team, THIP has the following accountabilities:

• Conduct an immediate analysis of the incident to determine the magnitude of the breach and, if any, immediate action that needs to be taken to prevent propagation of the breach (i.e., shut down servers, disconnect internet access, stop paper product, etc.).
• Obtain any missing information that will be needed for the Corporate Privacy Office to determine statutory reporting obligations, if any.
• Consult with the Corporate Privacy Office to determine if the breach warrants convening the applicable Data Breach Team. If a Data Breach Team is convened, THIP will provide incident coordination and will have overall responsibility for coordinating the activities of the team, communicating activities to stakeholders, and concluding the incident in a timely and professional manner, ensuring the incident is well documented for future reference.

When an incident is received from THIP, the Privacy Office has the following accountabilities:

• Review incident details and determine if any statutory reporting obligations exist.
• Work with the reporting business unit to provide applicable notifications to impacted individuals.
• Conduct any notifications to any applicable state or federal authorities.

THIP reviews each incident to determine the degree of risk posed to The Hartford and its clients and affiliates. A risk determination is based on two factors: the type of personal information breached and the number of individuals impacted. These risk factors may change depending on legal requirements and industry best practices.

1.7 Controls to Ensure Proper Access to Domain Functions

The Hartford takes access to its information very seriously, and takes action immediately to protect the security interests of its businesses. Only employees of The Hartford, authorized to do so as part of their job function, will be permitted to access the domain functions of .THEHARTFORD; all such access will be subject to review by each employee’s supervisor. The Hartford itself will provide all information to its registrar. The Hartford implements very strong password control requirements for any level of access to any of The Hartford’s systems, which would also include access to and through the new domains.

1.7.1 Multi-Factor Authentication

To ensure proper access to domain functions, The Hartford incorporates Verisign’s Registry-Registrar Two-Factor Authentication Service into its full-service registry operations. The service is designed to improve domain name security and assist registrars in protecting the accounts they manage by providing another level of assurance that only authorized personnel can communicate with the registry. As part of the service, dynamic one-time passwords (OTPs) augment the user names and passwords currently used to process update, transfer, and⁄or deletion requests. These one-time passwords enable transaction processing to be based on requests that are validated both by “what users know” (i.e., their user name and password) and “what users have” (i.e., a two-factor authentication credential with a one-time-password).

Registrars can use the one-time-password when communicating directly with Verisign’s Customer Service department as well as when using the registrar portal to make manual updates, transfers, and⁄or deletion transactions. The Two-Factor Authentication Service is an optional service offered to registrars that execute the Registry-Registrar Two-Factor Authentication Service Agreement. As shown in Figure 28-1, the registrars’ authorized contacts use the OTP to enable strong authentication when they contact the registry. There is no charge for the Registry-Registrar Two-Factor Authentication Service. It is enabled only for registrars that wish to take advantage of the added security provided by the service.

1.7.2 Requiring Multiple, Unique Points of Contact

The Hartford employs a structured decision making process, which demonstrates trust and teamwork and results in a single point of accountability. The Hartford has created an environment where teammates understand the who, what, how, and when for making high-quality decisions. The Hartford’s executive leadership team has established operating principles, created a common approach and vocabulary to improve challenging decisions, and conducted training towards understanding decision roles. As shown in Figure 28-2, the RAPID model has been implemented across The Hartford to streamline decision making while defining key roles and responsibilities in the process. All employees are responsible for leveraging this structured approach to ensure that decisions are made in an efficient and fully vetted manner. The Decider gains input and guidance from other RAPID model members so she can make an informed and committed decision.

1.7.3 Requiring the Notification of Multiple, Unique Points of Contact

The Harford has assigned to the following contacts the responsibility of responding to various questions or issues, as follows:

• Complaints will be assigned based on the following issue areas:

o Compliance:
 Vice President, Law Department
 Business Compliance

o Intellectual Property:
 Vice President & Assistant General Counsel, Law Department

o Information Technology:
 Chief Information Officer

o Information Security:
 Vice President, The Hartford’s Information Protection (THIP)

• Taking action in response to complaints:
o Vice President, Compliance, Law Department

• Communicating with ICANN
o Executive Vice President, Marketing & Communications

• Ensuring WhoIs accuracy
o Director of Operations Infrastructure

• Confirming that requested domain names do not infringe trademark rights:
o Vice President & Assistant General Counsel, Intellectual Property Unit, Law Department

Resource Planning

The Hartford will use Verisign as its backend registry service provider and has allocated funds for this service, as noted in the Financial Projections Template found in The Hartford’s answer to Question 46. The Hartford will use employees in existing departments to complete any abuse prevention and mitigation tasks not completed by Verisign; such tasks will be incorporated into those employees’ existing responsibilities, and thus will not require any additional outlay of funds. Therefore, The Harford will not incur any costs related to abuse prevention and mitigation other than those already allocated to Verisign.

The employees (part time and full time) who will assist in connection with .THEHARTFORD are as follows:
• IT Dept. – Engineers and Programmers: 10
• IP Unit – Attorneys: 3
• Security Dept.: 2
• Marketing: 3

Resource Planning Specific to Backend Registry Activities

Verisign, The Hartford’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to The Hartford fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
• Application Engineers: 19
• Business Continuity Personnel: 3
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11
• Network Administrators: 11
• Network Architects: 4
• Network Operations Center (NOC) Engineers: 33
• Project Managers: 25
• Quality Assurance Engineers: 11
• Systems Architects: 9

To implement and manage the .THEHARTFORD gTLD as described in this application, Verisign, The Hartford’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.


3.1 Start-Up Anti-Abuse Policies and Procedures

Verisign, The Hartford’s selected backend registry services provider, provides the following domain name abuse prevention services, which The Hartford incorporates into its full-service registry operations. These services are available at the time of domain name registration.

Registry Lock. The Registry Lock Service allows registrars to offer server-level protection for their registrants’ domain names. A registry lock can be applied during the initial standup of the domain name or at any time that the registry is operational. The Hartford does not plan on using a Registry Lock at this time, but to the extent that it becomes necessary, The Hartford will contract with Verisign to provide the service pursuant to this section.

Specific Extensible Provisioning Protocol (EPP) status codes are set on the domain name to prevent malicious or inadvertent modifications, deletions, and transfers. Typically, these ‘server’ level status codes can only be updated by the registry. The registrar only has ‘client’ level codes and cannot alter ‘server’ level status codes. The registrant must provide a pass phrase to the registry before any updates are made to the domain name. However, with Registry Lock, provided via Verisign, The Hartford’s subcontractor, registrars can also take advantage of server status codes.
The following EPP server status codes are applicable for domain names: (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination.

The EPP also enables setting host (i.e., name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting host status codes at the registry reduces the risk of inadvertent disruption of DNS resolution for domain names.

The Registry Lock Service is used in conjunction with a registrar’s proprietary security measures to bring a greater level of security to registrants’ domain names and help mitigate potential for unintended deletions, transfers, and⁄or updates.

Two components comprise the Registry Lock Service:
• The Hartford and⁄or its registrars provides Verisign, The Hartford’s selected provider of backend registry services, with a list of the domain names to be placed on the server status codes. During the term of the service agreement, the registrar can add domain names to be placed on the server status codes and⁄or remove domain names currently placed on the server status codes. Verisign then manually authenticates that the registrar submitting the list of domain names is the registrar-of-record for such domain names.
• If The Hartford and⁄or its registrars requires changes (including updates, deletes, and transfers) to a domain name placed on a server status code, Verisign follows a secure, authenticated process to perform the change. This process includes a request from a The Hartford-authorized representative for Verisign to remove the specific registry status code, validation of the authorized individual by Verisign, removal of the specified server status code, registrar completion of the desired change, and a request from the The Hartford-authorized individual to reinstate the server status code on the domain name. This process is designed to complement automated transaction processing through the Shared Registration System (SRS) by using independent authentication by trusted registry experts.

The Hartford will be the registrant of all .THEHARTFORD domain names and will therefore not be charging any Hartford User fees incurred due to the Registry Lock Service.

3.2 Ongoing Anti-Abuse Policies and Procedures That Identify Malicious or Abusive Behavior

Because The Hartford will control all .THEHARTFORD domain names, only The Hartford’s desktops, servers, and laptops will be used to manage .THEHARTFORD, with the exception of work done by the registrar and Verisign. The Hartford employs a leading enterprise Anti Virus vendor solution, which is updated and maintained for desktops, servers, and laptops. Holistically, a layered defense approach is applied to address malicious code before it impacts The Hartford’s environment. The first layer is at the perimeter and additional filtering occurs at other layers internally, all the way to the desktop. All antivirus definitions are managed centrally from The Hartfordʹs enterprise infrastructure support organization. Virus definitions are pushed to all client⁄server devices at least daily or more often as required. Furthermore, The Hartford regularly scans systems for technical vulnerabilities and generates a weekly report indicating the results of the scans. Vulnerabilities contained in the report are corrected with the appropriate patch or software update. Real-time scanning is enabled on all servers. Initial security vulnerability scans are run weekly and when new networks are created.

3.3 Policies and Procedures That Address the Abusive Use of Registered Names
Suspension processes.

All complaints will be directed to the Complaint Inbox. All Complaints received in the Inbox will be handled by The Hartford’s Network Operations group which will be responsible for evaluating the type of complaint and forwarding the complaint to the appropriate area of the company (examples of which are set forth above) within two business days of receipt. The appropriate department will respond to the complaint within three business days of receipt.

Upon receipt of a reasonably viable complaint, the IT Dept. will suspend use of the subject domain within two business days of receipt of the complaint. THIP will investigate the complaint and work with the .THEHARTFORD registrar and Verisign to take-down the domain if it is found to be in violation of any laws or .THEHARTFORD policies or terms of use.

Suspension processes conducted by backend registry services provider. In the case of domain name abuse, The Hartford will determine whether to take down the subject domain name. Verisign, The Hartford’s selected backend registry services provider, will follow the following auditable processes shown in Figure 28-3 to comply with the suspension request.

Verisign Suspension Notification. The Hartford submits the suspension request to Verisign for processing, documented by:
• Threat domain name
• Registry incident number
• Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
• Threat classification
• Threat urgency description
• Recommended timeframe for suspension⁄takedown
• Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
• Incident response, including surge capacity

Verisign Notification Verification. When Verisign receives a suspension request from The Hartford, it performs the following verification procedures:
• Validate that all the required data appears in the notification.
• Validate that the request for suspension is for a registered domain name.
• Return a case number for tracking purposes.

Suspension Rejection. If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to The Hartford with the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Error reason

Upon The Hartford request, Verisign can provide a process for registrants to protest the suspension.
Domain Suspension. Verisign places the domain to be suspended on the following statuses:
• serverUpdateProhibited
• serverDeleteProhibited
• serverTransferProhibited
• serverHold

Suspension Acknowledgement. Verisign notifies The Hartford that the suspension has been completed. Acknowledgement of the suspension includes the following information:
• Threat domain name
• Registry incident number
• Verisign case number
• Case number
• Domain name
• The Hartford abuse contact name and number, or registrar abuse contact name and number
• Suspension status


The Hartford will be in compliance with all terms and policies set forth in the ICANN Registry Agreement within thirty (30) calendar days of the execution of the ICANN Registry Agreement. The Hartford will incorporate all applicable terms of the ICANN Registry Agreement into its Terms of Use, privacy policy, agreements with registrants, and any other gTLD-related internal policies or agreements.

Scope⁄Scale Consistency

The Hartford will keep the scope and scale of the technical components of .THEHARTFORD consistent with its business plan, as laid out in its response to Question 18 of this application. The Hartford plans to keep its domain name registrations under 1,000 domain names, which will also keep its backend registry and registrar vendor fees consistent with its financial projections laid out in response to Question 46 of this application.

Scope⁄Scale Consistency Specific to Backend Registry Activities

Verisign, The Hartford’s selected backend registry services provider, is an experienced backend registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.

Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .THEHARTFORD gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the backend registry services it provides to The Hartford fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail