28 Abuse Prevention and Mitigation
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.BBC||British Broadcasting Corporation||bbc.co.uk||View|
Question 28 - Abuse Prevention and Mitigation
The dot BBC Top Level Domain (TLD) will be a single entity registry. All domain names will be registered to and used by authorised representatives of the BBC, the registry operator. As such, domain names will be subject to direct controls by the registry operator to avoid abuse and the risk of abusive registrations will therefore be significantly mitigated.
Abuse is defined as action in the registration or usage of a domain in the TLD that would cause actual and substantial harm, and is illegal or illegitimate. Such abuse may occur at any stage of the domain name lifecycle.
In the context of domain name registration, abuse includes infringement of a third party right where the domain is used in a way that is unfairly detrimental to that third party. Abuse also includes phishing, pharming, botnets, fraud, spam, distribution of malware, Fast Flux Hosting and other abuses that we identify in the future or that are brought to our attention including the misuse of trademarks and other IPR including unauthorized distribution of copyright material
Abusive activity also includes that which gives rise to the registry’s reasonable belief that the dot BBC domain space is being brought into disrepute, or where the activity related to a dot BBC domain name risks placing the Registry in breach of any applicable laws, government rules or requirements, requests of law enforcement, or to avoid any liability, civil or criminal, on the part of the Registry Operator and Registry Services Provider, affiliates, subsidiaries, officers, directors, and employees.
The BBC, working with Nominet, will take the requisite operational and technical steps to promote WHOIS data accuracy, limit domain abuse, remove outdated and inaccurate data, and other security measures to ensure the integrity of the TLD. The specific measures include, but are not limited to:
• Posting a TLD Anti-Abuse Policy that clearly defines abuse, and provides point-of-contact information for reporting suspected abuse;
• Committing to rapid identification and resolution of abuse, including suspensions;
• Ensuring completeness of WHOIS information at the time of registration;
• Publishing and maintaining procedures for removing orphan glue records for names removed from the zone;
• Establishing measures to deter WHOIS abuse, including rate-limiting, determining data syntax validity, and implementing and enforcing requirements from the Registry-Registrar Agreement; and,
• Removing a domain name from the DNS before it can cause harm which is often the best preventative measure for thwarting botnets and malware distribution.
Single point of contact
In advance of the launch of the dot BBC TLD, a single Abuse Point of Contact responsible for addressing matters requiring expedited attention will be published. This will be clearly published on the registryʹs existing website at bbc.co.uk and on the new registry website.
The Abuse Point of Contact can be contacted through a role-based e-mail address of the form “abuse@registry.BBC”. This e-mail address will be widely published and will allow multiple staff members to monitor abuse reports on a 24x7 basis, and then work toward closure of cases as each situation calls for. As previously stated, the .BBC registry will be run as a single entity registry without resellers or third party registrants so occurrences of abuse are unlikely.
The BBCʹs existing Domain Name Management Team is responsible for the development, maintenance and enforcement of the dot BBC Registry Domain Management Policy (DMP). This policy defines the rules associated with eligibility and domain name allocation, sets out the license terms governing the use of a .BBC domain name and describes the dispute resolution policies for the dot BBC TLD. This policy is intended to be updated and revised regularly to reflect the BBC’s strategic plans and public interest and, where appropriate, ICANN consensus policies.
The policy sets out that registration must comply with the following regarding abuse prevention:
- Domains must be used solely for purposes that enhance the strategic goals of the BBC.
- BBC domains may not be used in a way which knowingly infringes any third party intellectual property rights.
- A BBC registration must be an acceptable term that will not give rise to any moral or public order questions or in any way damage the strategic interests or reputation of the BBC.
- All BBC domains will carry accurate and up to date registration records.
- BBC domain names may not be used for illegal activities
- BBC domain names may not be used for other activities that would be considered as abusive. This includes, but is not limited to: phishing, pharming, fraud, spam, botnet command and control, hacking, malicious fast flux hosting, distribution of malware.
Pursuant to the Registry-Registrar Agreement, the BBC reserves the right at its sole discretion to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, serverhold, or similar status, that it deems necessary: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement and this Anti-Abuse Policy, or (5) to correct mistakes made by applicant or any registrar in connection with a domain name registration. The BBC also reserves the right to place upon registry lock, hold, or similar status a domain name during resolution of a dispute.
The policy stated above will be accompanied by notes about how to submit a report to 〈applicant〉’s Abuse Point of Contact, and how to report an orphan glue record suspected of being used in connection with malicious conduct (see below).
Complaints policy and procedure
The BBC treats complaints from members of the public extremely seriously and already has a well-established complaints procedure to enable members of the public to complain about any of the BBCʹs output or activities. The procedure is publicised on the BBCʹs existing website at bbc.co.uk. It provides a first stage complaints procedure, a second stage internal appeals procedure and a third stage procedure for further appeal, to the BBCʹs governing body, the BBC Trust. Complainants are able to make their complaint via the website, by post or by telephone and the BBC indicates that it will generally respond to complaints within 10 working days. The BBCʹs response may include, if appropriate, an apology and an explanation as to how the BBC intends to resolve the complaint. The BBCʹs response to significant complaints are published on the BBC website.
Any person wishing to complain about alleged abusive registrations or other activities concerning the operation of the dot BBC domain would be entitled to utilise this complaints procedure in the usual manner.
In the event that resolving a complaint requires the suspension (removing the domain name from the zone file, but not from Whois records) or cancellation of a domain name, this will be handled by the Domain Name Management Team.
Rights holders will also have the option to complain via the UDRP and URS about any registration that they regard as abusive, but we would encourage any concerned rights holders to contact us in the first instance to attempt to resolve their concerns informally. Further details regarding rights protection can be found in our answer to question 29.
Nominet, the registry provider, have well-established relationships with UK Law Enforcement agencies. Nominet and the BBC will work together to respond to complaints by these agencies, and such complaints will be acknowledged by Nominetʹs abuse team within twenty four hours. Following review, the complaint may result one of the following actions:
- Modification of the usage of the domain name
- Suspension of the domain name
- Cancellation of the domain name.
The standard procedure in response to a complaint is that Nominet will forward a credible alleged case of malicious domain name use to the domain’s sponsoring registrar with a request that the registrar investigate the case and act appropriately. The sponsoring registrar will have 12 hours to investigate the activity. Even though the BBC will be using one gateway registrar, it is important to ensure this process is followed. The registrar will be provided evidence collected as a result of the investigation conducted by the trained abuse handlers. As part of the investigation, if inaccurate or false WHOIS registrant information is detected, the registrar is notified about this. Generally, a registrar will also have vital information that the registry operator will not, such as:
Details about the domain purchase, such as the payment method used (credit card, PayPal, etc.);
The identity of a proxy-protected registrant;
The purchaser’s IP address;
Whether there is a reseller involved, and;
The registrant’s past sales history and purchases in other TLDs (insofar as the registrar can determine this).
The registrar can determine if the use violates the registrar’s legal terms of service or the .BBC registry Anti-Abuse Policy, and can decide whether or not to take any action. While the language and terms vary, registrars will be mandated to include language in their registrar-registrant contracts that indemnifies the registrar if it takes action, and allows the registrar to suspend or cancel a domain name; this will be in addition to the registry Anti-Abuse Policy. Generally, a registrar can act if the registrant violates the registrar’s terms of service, or violates ICANN policy, or if illegal activity is involved, or if the use violates the registry’s Anti-Abuse Policy.
If a registrar does not take action within a time period indicated by the registry operator (usually 24 hours), the registry operator might then decide to take action itself. At all times, the registry operator reserves the right to act directly and immediately if the potential harm to Internet users seems significant or imminent, with or without notice to the sponsoring registrar.
When valid court orders or seizure warrants are received from courts or law enforcement agencies of relevant jurisdiction, the registry operator will order execution in an expedited fashion. Compliance with these will be a top priority and will be completed as soon as possible and within the defined timelines of the order. There are certain cases where Law Enforcement Agencies request information about a domain including but not limited to:
History of a domain, including recent updates made
Other domains associated with a registrant’s account
Patterns of registrant portfolio
Requests for such information will be handled on a priority basis and sent back to the requestor as soon as possible. Nominet sets a goal to respond to such requests within 24 hours. The BBC will aim to react at least this quickly and if possible within 12 hours if required information is under its control. All requests from law enforcement etc. for information about a potentially compromised domain will be acknowledged immediately. The .BBC Registry will place the domain on “ServerHold” if the registrar has not acted within the 12-hour period.
Proposed measures for removal of orphan glue records
The default process for dot BBC is to automatically detect and remove orphan glue records. However, where clear evidence in written form is presented that orphan glue records are present in the zone files of dot BBC, Nominet, the registry service provider, will take the following action:
- A change request will be presented to Nominet’s second line support team by the person handling the complaint. The orphan glue record will be manually removed from the register and, if necessary, locks will be put in place which will prevent any further changes being made to the domain name record in question.
- The dot BBC zone files update dynamically and so within 5 minutes of the change being made on the register the zone files will reflect the changed name server record.
Nominet runs a daily audit of the contents of its zone files and compares these against the contents of the registry database. In the event of a mismatch, Nominet personnel are alerted and the mismatch is corrected. This audit will help to reduce the occurrence of orphan glue records.
Measures to promote WHOIS accuracy
The BBC is committed to transparency in relation to domain name registration records and to the provision of complete and accurate Whois records.
As a single entity registry, in which only BBC personnel will be able to register second level domain names and only for business purposes, the BBC will be able to ensure the accuracy and completeness of all Whois records. It will operate a Thick Whois.
All domain names must be registered through the Domain Name Management Team. As part of this process, BBC personnel requesting the registration of a new second level domain will be required to provide a statement to the team as to their business need for the domain name as well as full contact details of their name, position and business area.
The Domain Name Management Team will perform regular audits to ensure this data remains up to date and accurate.
Nominet is well established in national and international industry networks covering registry specific threats as well as threats to the broader internet landscape. It will continue this work, ensuring dot BBC is as resilient and secure as it can be.
Nominet provides an aggregated feed of information highlighting domain names in its domains used for phishing purposes to the relevant registrar. This feed is collated from trusted sources and allows registrars to take prompt action against abusive domains. In the event that any dot BBC domain names appear in the feed, action will be taken by the BBCʹs Domain Management Team to remove abusive content or to place the domain name in ʹserverHoldʹ
Role of registrars
As part of the RRA (Registry Registrar Agreement), the BBC will require its registrar to be responsible for ensuring the input of accurate WHOIS data. With only one registrant, this will not be burdensome. The Registrar⁄Registered Name Holder Agreement will include a specific clause to ensure accuracy of WHOIS data, and to give the registrar rights to cancel or suspend registrations if the Registered Name Holder fails to respond to the registrar’s query regarding accuracy of data. ICANN’s WHOIS Data Problem Reporting System (WDPRS) will be available to those who wish to file WHOIS inaccuracy reports, as per ICANN policy (http:⁄⁄wdprs.internic.net⁄).
Controls to ensure proper access to domain functions
The ability to register domain names and amend details on the register will be limited to members of the Domain Name Management Team. Access to the mechanisms by which such changes can be made will be password protected as a minimum, and consideration will be given to implementing further security measures (such as multi-factorial authentication). Records will be kept of all registration and amendment requests to maintain a full audit trail.
The BBC already has a centralised Domain Management team that is responsible for all domain name registrations for the BBC and its subsidiaries. It is anticipated that this team will be responsible for the accuracy of Whois details.
In addition, The BBC has a dedicated team responsible for responding to complaints. As to whether additional personnel will be required to accommodate any uplift in complaints as a result of the operation of dot BBC will be closely monitored and addressed as necessary.
Nominet has a large customer support team from which it operates the dot UK registry. It will provide sufficient resources to deal with orphan glue records and Law enforcement complaints. It is expected that this will require less than one hour per week from this team.
The designated abuse prevention staff in Nominet and the BBC will be subject to regular evaluations, receive adequate training and work under expert supervision. The abuse prevention resources will comprise both internal staff and external abuse prevention experts who would give extra advice and support when necessary. This external staff includes experts in the BBC’s registrar where one legal manager and four operational experts will be available to support the BBC.
The abuse response team will also maintain subscriptions for a variety of security information services, including the blocklists from organisations like SURBL and Spamhaus and anti-phishing and other domain related abuse (malware, fast-flux etc.) feeds.
Similar gTLD applications: (0)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|