Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.MOSCOWFoundation for Assistance for Internet Technologies and Infrastructure Development (FAITID)sedari.comView
The registry operator will take the appropriate technical and operational steps required to limit domain abuse, promote WHOIS accuracy and to remove out-dated and inaccurate data.

WHOIS accuracy will be enforced via the Registrar-Registry agreement and will include requiring the completeness of WHOIS information. Technical measures to deter WHOIS abuse will include Implementing measures to deter WHOIS abuse, including rate-limiting, data syntax validation, enforcing requirements via the Registrar-Registry agreement.

The Anti-Abuse policy will be posted on the Registry website and will include clear definitions on abuse and provide a point-of-contact for reporting suspected abuse. Repeat violations of the abuse policy will be dealt with on a case-by-case basis and the registry operator reserves the right to levy sanctions .
Procedures will be published and maintained for the removal of orphan glue records for names removed from the zone.


Anti-Abuse Policy

The Anti-Abuse policy will be effective upon launch of the TLD. Malicious use of domain names will not be tolerated. The registry operator definition of abusive use of a domain includes, but is not limited to:

* Child endangerment: The use of domains that promote the exposure of children to psychological, emotional or physical abuse.
* Botnet command and control: Services originating from a domain name that are used to control a collection of compromised computers or which is used to direct a distributed denial-of-service attack;
* Phishing: The use of counterfeit web pages that are designed to miss-represent and fraudulently obtain sensitive data such as usernames, passwords or financial data;
* Pharming: The redirecting of unsuspecting users to fraudulent sites or services, typically through DNS hijacking or cache poisoning;
* Spam: the use of electronic messaging to send unsolicited bulk messages. This includes, but is not limited to, email, instant messaging, mobile messaging and social network sites.

Pursuant to the Registry-Registrar Agreement, registry operator reserves the right at its sole discretion to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement and this Anti-Abuse Policy, or (5) to correct mistakes made by registry operator or any registrar in connection with a domain name registration. Registry operator also reserves the right to place upon registry lock, hold, or similar status a domain name during resolution of a dispute.

The policy will be accompanied by procedures for the submission of a policy related complaint to the registry operatorʹs abuse point of contact.

Abuse point of contact and procedures for handling abuse complaints.

The registry operator will establish an abuse point of contact. This contact will be a role-based e-mail address in the form abuse@registry.TLD, where TLD is the TLD string applied for in this application. For tracking purposes the registry operator will have a ticketing system with which all complaints will be tracked internally. The use of a ticketing system permits multiple staff members to monitor abuse reports on a 24x7 basis and work towards closure of the issue as each case requires.

The registry operatorʹs designated abuse handlers will evaluate complaints and will decide, on a case by case basis, whether a particular issue is of concern, and decide what action, if any, is appropriate.

Assessing abuse reports requires a high level of expertise in such matters. The goals of the registry operator are accuracy, consistent record keeping and zero false-positives.

For the most part, there are two types of domain abuse that must be addressed:
1. Malicious Registrations. These domains are registered for the purpose of abuse and are targets for suspension since they have no legitimate use.
2. Compromised domains. These domains have been hacked or otherwise compromised and the registrant is not responsible for the malicious activity. The goal in such case is to get word to the registrant that there is a problem that needs attention with the expectation that the registrant will address the problem in a timely manner.

The standard procedure will be to forward a credible alleged case of malicious domain name use, along with any supporting evidence, to the domainʹs sponsoring registrar with a request to investigate the case and act appropriately.

The registrar is the party with a direct relationship with the registrant and has information about the domain that is not available to the registry operator. This may include payment records, additional identifying information such as IP address and possibly past sales history. Much of this information is not shared with the registry operators due to privacy laws and liability concerns. The registrar will determine whether the alleged abuse violates either the registry Anti-Abuse policy or the registrarʹs own terms of service.

Registrars will be expected to include language in their own terms of service to reference both the registryʹs and ICANNʹs policies and to include language that will permit the suspension or cancellation of a domain name.

Should a registrar not take action within 48hrs, the registry operator may decide to take action itself. The registry operator reserves the right to act directly and immediately if the potential harm to Internet users seems significant or imminent, with or without notice to the sponsoring registrar.

The registry operator reserves the right to call upon relevant law enforcement bodies as needed and will comply with valid court orders or seizure warrants from courts or law enforcement agencies of relevant jurisdiction.

Removal of orphan glue records

A glue record is a artefact of the DNS system and are necessary to guide iterative resolves to delegated nameservers. A record becomes an orphan when its parent nameserver record is removed without also removing the glue records.

An orphan glue record may be created when a domain is placed on EPP ServerHold or ClientHold. In this case the orphan must remain in place should other innocent sites also be using the affected domain as a nameserver.

In the case where there are no longer other domains using the orphan, it should be removed.

In keeping with ICANN SSAC recommendations, the following procedures will be followed with respect to orphan glue records.

When a request to a delete a domain is received from a registrar, the registry first checks for the existence of glue records. If no glue records exist, the request to delete the domain will be accepted. If glue records exist, the registry will check to see if other domains in the registry are using the glue records. If no other domains are using the glue records, the glue records will be removed and the request to the delete the domain will be accepted. If other domains are using the glue records then the request to delete the domain will fail until no other domains are using the glue records.

The registry operator will accept and evaluate complaints about the malicious use of orphan glue records. These requests must be made in writing and submitted via the registry operators abuse point of contact.

Promoting WHOIS Accuracy

The primary conduit for the promotion of WHOIS accuracy will be the registrar-registry agreement.

The registry operator will be requiring base level of WHOIS verification on every domain registries. This will include fully populated data and basic syntactical checking of the data.

Abuse Prevention and Mitigation Resourcing

Costs and procurement of the resources described here are detailed in response to Question 47.

28.2.1. Human Resources

See EXHIBIT: 28-Chart-Resourcing.png
The resourcing plan specific to this response follows the principles, guidelines and information set forth in our response to Question 23.
The accompanying chart shows the human resources allocated to the functions depicted in this response.
FAITID maintains retainer relationships with two attorneys having extensive experience in internet matters, who will be responsible for reviewing and authorizing response to any abuse incident, report, or law enforcement or court action requiring legal review such as jurisdictional analysis. At any time, at least one of these attorneys shall be ʺon callʺ to immediately address such incidents as circumstances warrant.

gTLDFull Legal NameE-mail suffixDetail
.locusLocus Analytics LLCtyemill.comView
Q28 – Abuse Prevention and Mitigation

The registry operator will take the appropriate technical and operational steps required to limit domain abuse, promote WHOIS accuracy and to remedy out-dated and inaccurate data.

WHOIS accuracy will be enforced via the Registrar-Registry agreement and will include requiring the completeness of WHOIS information. Technical measures to deter WHOIS abuse will include implementing measures to deter WHOIS abuse, including rate-limiting, data syntax validation, and enforcing requirements via the Registrar-Registry agreement.

The Anti-Abuse policy will be posted on the Registry website and will include clear definitions on abuse and provide a point-of-contact for reporting suspected abuse. Repeat violations of the abuse policy will be dealt with on a case-by-case basis and the registry operator reserves the right to levy sanctions.

Procedures will be published and maintained for the removal of orphan glue records for names removed from the zone.


Anti-Abuse Policy

The Anti-Abuse policy will be effective upon launch of the TLD. Malicious use of domain names will not be tolerated. The registry operator definition of abusive use of a domain includes, but is not limited to:

• Child endangerment: The use of domains that promote the exposure of children to psychological, emotional or physical abuse.
• Botnet command and control: Services originating from a domain name that are used to control a collection of compromised computers or which is used to direct a distributed denial-of-service attack;
• Phishing: The use of counterfeit web pages that are designed to miss-represent and fraudulently obtain sensitive data such as usernames, passwords or financial data;
• Pharming: The redirecting of unsuspecting users to fraudulent sites or services, typically through DNS hijacking or cache poisoning;
• Spam: the use of electronic messaging to send unsolicited bulk messages. This includes, but is not limited to, email, instant messaging, mobile messaging and social network sites.

Pursuant to the Registry-Registrar Agreement, registry operator reserves the right at its sole discretion to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement and this Anti-Abuse Policy, or (5) to correct mistakes made by registry operator or any registrar in connection with a domain name registration. Registry operator also reserves the right to place a domain name in registry lock, hold, or similar status during resolution of a dispute.

Abuse point of contact and procedures for handling abuse complaints

The registry operator will establish an abuse point of contact. This contact will be a role-based e-mail address in the form abuse@registry.TLD, where TLD is the TLD for this application. For tracking purposes the registry operator will have a ticketing system with which all complaints will be tracked internally. The use of a ticketing system permits multiple staff members to monitor abuse reports on a 24x7 basis and work towards closure of the issue as each case requires.

The registry operator’s designated abuse handlers will evaluate complaints and will decide, on a case by case basis, whether a particular issue is of concern, and decide what action, if any, is appropriate.

Assessing abuse reports requires a high level of expertise in such matters. The goals of the registry operator are accuracy, consistent record keeping and zero false-positives.

For the most part, there are two types of domain abuse that must be addressed:
1. Malicious Registrations. These domains are registered for the purpose of abuse and are targets for suspension since they have no legitimate use.
2. Compromised domains. These domains have been hacked or otherwise compromised and the registrant is not responsible for the malicious activity. The goal in such case is to get word to the registrant that there is a problem that needs immediate attention with the expectation that the registrant will address the problem in a timely manner.

The standard procedure will be to forward a credible alleged case of malicious domain name use, along with any supporting evidence, to the domain’s sponsoring registrar with a request to investigate the case and act appropriately.

The registrar is the party with a direct relationship with the registrant and has information about the domain that is not available to the registry operator. This may include payment records, additional identifying information such as IP address and possibly past sales history. Much of this information is not shared with the registry operators due to privacy laws and liability concerns. The registrar will determine whether the alleged abuse violates either the registry Anti-Abuse policy or the registrar’s own terms of service.

Registrars will be expected to include language in their own terms of service to reference both the registry’s and ICANN’s policies and to include language that will permit the suspension or cancellation of a domain name.

Should a registrar not take action within 48hrs, the registry operator may decide to take action itself. The registry operator reserves the right to act directly and immediately if the potential harm to Internet users seems significant or imminent, with or without notice to the sponsoring registrar.

The registry operator reserves the right to call upon relevant law enforcement bodies as needed and will comply with valid court orders or seizure warrants from courts or law enforcement agencies of relevant jurisdiction.

Removal of orphan glue records

A glue record is an artefact of the DNS system and are necessary to guide iterative resolves to delegated nameservers. A record becomes an orphan when its parent nameserver record is removed without also removing the glue records.

An orphan glue record may be created when a domain is placed on EPP ServerHold or ClientHold. In this case the orphan must remain in place should other innocent sites also be using the affected domain as a nameserver.

In the case where there are no longer other domains using the orphan, it should be removed.

In keeping with ICANN SSAC recommendations, the following procedures will be followed with respect to orphan glue records.

When a request to a delete a domain is received from a registrar, the registry first checks for the existence of glue records. If no glue records exist, the request to delete the domain will be accepted. If glue records exist, the registry will check to see if other domains in the registry are using the glue records. If no other domains are using the glue records, the glue records will be removed and the request to the delete the domain will be accepted. If other domains are using the glue records then the request to delete the domain will fail until no other domains are using the glue records.

The registry operator will accept and evaluate complaints about the malicious use of orphan glue records. These requests must be made in writing and submitted via the registry operators abuse point of contact.

Promoting WHOIS Accuracy

The primary conduit for the promotion of WHOIS accuracy will be the registrar-registry agreement.

The registry operator will be requiring base level of WHOIS verification on every domain registries. This will include fully populated data and basic syntactical checking of the data.

Abuse Prevention and Mitigation Resourcing
See EXHIBIT: ʺ29-Chart-Resourcing.pngʺ for information in the human resources assignment.
The resourcing plan specific to this response follows the principles, guidelines and information set forth in our response to Question 23.
The accompanying chart shows the human resources allocated to the functions depicted in this response.
We have multiple attorneys on staff who have extensive experience in Internet matters and who will be responsible for reviewing and authorizing response to any incident, report, or law enforcement or court action requiring legal review.