28 Abuse Prevention and Mitigation
|gTLD||Full Legal Name||E-mail suffix||Detail|
28.1 Abuse Prevention and Mitigation
Strong abuse prevention of a new gTLD is an important benefit to the internet community. .music and its registry operator and back-end registry services provider, Neustar, agree that a registry must not only aim for the highest standards of technical and operational competence, but also needs to act as a steward of the space on behalf of the Internet community and ICANN in promoting the public interest. Neustar brings extensive experience establishing and implementing registration policies. This experience will be leveraged to help .music combat abusive and malicious domain activity within the new gTLD space.
One of those public interest functions for a responsible domain name registry includes working towards the eradication of abusive domain name registrations, including, but not limited to, those resulting from:
• Illegal or fraudulent actions
• Distribution of malware
• Fast flux hosting
• Distribution of child pornography
• Online sale or distribution of illegal pharmaceuticals.
• Intellectual Property Violation
• Copyright Violation
More specifically, although traditionally botnets have used Internet Relay Chat (IRC) servers to control registry and the compromised PCs, or bots, for DDoS attacks and the theft of personal information, an increasingly popular technique, known as fast-flux DNS, allows botnets to use a multitude of servers to hide a key host or to create a highly-available control network. This ability to shift the attacker’s infrastructure over a multitude of servers in various countries creates an obstacle for law enforcement and security researchers to mitigate the effects of these botnets. But a point of weakness in this scheme is its dependence on DNS for its translation services. By taking an active role in researching and monitoring these sorts of botnets, .music’s partner, Neustar, has developed the ability to efficiently work with various law enforcement and security communities to begin a new phase of mitigation of these types of threats.
Policies and Procedures to Minimize Abusive Registrations
A Registry must have the policies, resources, personnel, and expertise in place to combat such abusive DNS practices. As .music’s registry provider, Neustar is at the forefront of the prevention of such abusive practices and is one of the few registry operators to have actually developed and implemented an active “domain takedown” policy. We also believe that a strong program is essential given that registrants have a reasonable expectation that they are in control of the data associated with their domains, especially its presence in the DNS zone. Because domain names are sometimes used as a mechanism to enable various illegitimate activities on the Internet often the best preventative measure to thwart these attacks is to remove the names completely from the DNS before they can impart harm, not only to the domain name registrant, but also to millions of unsuspecting Internet users.
Removing the domain name from the zone has the effect of shutting down all activity associated with the domain name, including the use of all websites and e-mail. The use of this technique should not be entered into lightly. .music has an extensive, defined, and documented process for taking the necessary action of removing a domain from the zone when its presence in the zone poses a threat to the security and stability of the infrastructure of the Internet or the registry.
Abuse Point of Contact
As required by the Registry Agreement, .music will establish and publish on its website a single abuse point of contact responsible for addressing inquiries from law enforcement, its community members and the public related to malicious and abusive conduct. .music will also provide such information to ICANN prior to the delegation of any domain names in the TLD. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of malicious conduct complaints, and a telephone number and mailing address for the primary contact. We will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made. In addition, with respect to inquiries from ICANN-Accredited registrars, our registry services provider, Neustar, shall have an additional point of contact, as it does today, handling requests by registrars related to abusive domain name practices.
28.2 Policies Regarding Abuse Complaints
One of the key policies each new gTLD registry will need to have is an Acceptable Use Policy that clearly delineates the types of activities that constitute “abuse” and the repercussions associated with an abusive domain name registration. In addition, the policy will be incorporated into the applicable Registry-Registrar Agreement and reserve the right for the registry to take the appropriate actions based on the type of abuse. This will include locking down the domain name - preventing any changes to the contact and nameserver information associated with the domain name, placing the domain name “on hold” rendering the domain name non-resolvable, transferring to the domain name to another registrar, and⁄or in cases in which the domain name is associated with an existing law enforcement investigation, substituting name servers to collect information about the DNS queries to assist the investigation.
The dotMusic Registry will adopt an Acceptable Use Policy that clearly defines the types of activities that will not be permitted in the TLD and reserves the right of the Applicant to lock, cancel, transfer or otherwise suspend or take down domain names violating the Acceptable Use Policy and allow the Registry where and when appropriate to share information with law enforcement. Each ICANN-Accredited Registrar (even in the case of a sole registrar model) must agree to pass through the Acceptable Use Policy to its Resellers (if applicable) and ultimately to the TLD registrants. Below is the Registry’s initial Acceptable Use Policy that we will use in connection with .music.
the dotMusic Registry Acceptable Use Policy
This Acceptable Use Policy gives the Registry the ability to quickly lock, cancel, transfer or take ownership of any .music domain name, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its registrar partners – and⁄or that may put the safety and security of any registrant or user at risk. The process also allows the Registry to take preventive measures to avoid any such criminal or security threats.
The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, community member complaint, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring by the Registry or its partners. In all cases, the Registry or its designees will alert Registry’s registrar partners about any identified threats, and will work closely with them to bring offending sites into compliance.
The following are some (but not all) activities that will be subject to rapid domain compliance:
• Phishing: the attempt to acquire personally identifiable information by masquerading as a website other than .musicʹs own.
• Pharming: the redirection of Internet users to websites other than those the user intends to visit, usually through unauthorized changes to the Hosts file on a victim’s computer or DNS records in DNS servers.
• Dissemination of Malware: the intentional creation and distribution of ʺmaliciousʺ software designed to infiltrate a computer system without the owner’s consent, including, without limitation, computer viruses, worms, key loggers, and Trojans.
• Fast Flux Hosting: a technique used to shelter Phishing, Pharming and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP address associated with fraudulent websites are changed rapidly so as to make the true location of the sites difficult to find.
• Botnetting: the development and use of a command, agent, motor, service, or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.
• Malicious Hacking: the attempt to gain unauthorized access (or exceed the level of authorized access) to a computer, information system, user account or profile, database, or security system.
• Child Pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.
• Community Abuse Considerations: The dotMusic Registry will create a safe TLD in .music by actively monitoring and and combating copyright infringement, cybersquatting, typo-squatting and any other domain name and registration based abusive practices. They will also actively monitor and combat the harder abuse instances that plague the music industry in the online world. These are defined as copyright infringement that results from P2P sharing, illegal digital distribution, along with any and all types of Intellectual Property infringement involving the DNS.
The Registry reserves the right, in its sole discretion, to take any administrative and operational actions necessary, including the use of computer forensics and information security technological services, among other things, in order to implement the Acceptable Use Policy. In addition, the Registry reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to enfore the requirements of community membership and acceptable use (3) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (4) to avoid any liability, civil or criminal, on the part of Registry as well as its affiliates, subsidiaries, officers, directors, and employees; (5) per the terms of the registration agreement or (6) to correct mistakes made by the Registry or any Registrar in connection with a domain name registration. Registry also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.
Taking Action Against Abusive and⁄or Malicious Activity
The Registry is committed to ensuring that those domain names associated with abuse or Malicious conduct in violation of the Acceptable Use Policy are dealt with in a timely and decisive manner. These include taking action against those domain names that are being used to threaten the stability and security, the community requirements of the TLD, or is part of a real-time investigation by law enforcement.
Once a complaint is received from a trusted source, third-party, or detected by the Registry, the Registry will use commercially reasonable efforts to verify the information in the complaint. If that information can be verified to the best of the ability of the Registry, the sponsoring registrar and the relevant reseller will be notified and be given 12 hours to investigate the activity and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the Registry to keep the name in the zone. If the registrar (reseller) has not taken the requested action after the 12-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry will place the domain on “ServerHold”. Although this action removes the domain name from the TLD zone, the domain name record still appears in the TLD WHOIS database so that the name and entities can be investigated by law enforcement should they desire to get involved.
Coordination with Law Enforcement
With the assistance of Neustar as its back-end registry services provider, .music can meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. The Registry will respond to legitimate law enforcement inquiries within one business day from receiving the request. Such response shall include, at a minimum, an acknowledgement of receipt of the request, Questions or comments concerning the request, and an outline of the next steps to be taken by .Music for rapid resolution of the request.
In the event such request involves any of the activities which can be validated by the Registry and involves the type of activity set forth in the Acceptable Use Policy, the sponsoring registrar and its reseller is then given 12 hours to investigate the activity further and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the registry to keep the name in the zone. If the registrar (reseller) has not taken the requested action after the 12-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry will place the domain on “serverHold”.
Monitoring for Malicious Activity
28.3 Measures for Removal of Orphan Glue Records
As the Security and Stability Advisory Committee of ICANN (SSAC) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the “dominant use of orphaned glue supports the correct and ordinary operation of the DNS.” See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.
While orphan glue often support correct and ordinary operation of the DNS, we understand that such glue records can be used maliciously to point to name servers that host domains used in illegal phishing, bot-nets, malware, and other abusive behaviors. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in DNS. Therefore, when the Registry has written evidence of actual abuse of orphaned glue, the Registry will take action to remove those records from the zone to mitigate such malicious conduct.
Neustar run a daily audit of entries in its DNS systems and compares those with its provisioning system. This serves as an umbrella protection to make sure that items in the DNS zone are valid. Any DNS record that shows up in the DNS zone but not in the provisioning system will be flagged for investigation and removed if necessary. This daily DNS audit serves to not only prevent orphaned hosts but also other records that should not be in the zone.
In addition, if either .music or Neustar become aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.
28.4 Measures to Promote WHOIS Accuracy
The dotMusic Registry acknowledges that ICANN has developed a number of mechanisms over the past decade that are intended to address the issue of inaccurate WHOIS information. Such measures alone have not proven to be sufficient and .music will offer a mechanism whereby third parties can submit complaints directly to the Applicant (as opposed to ICANN or the sponsoring Registrar) about inaccurate or incomplete WHOIS data. Such information shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their registrants. Thirty days after forwarding the complaint to the registrar, .music will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.
In addition, .music shall on its own initiative, no less than twice per year, perform a manual review of a random sampling of .music domain names to test the accuracy of the WHOIS information. Although this will not include verifying the actual information in the WHOIS record, .music will be examining the WHOIS data for prima facie evidence of inaccuracies. In the event that such evidence exists, it shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their registrants. Thirty days after forwarding the complaint to the registrar, the Applicant will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, .music reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.
28.4.1 Authentication of Registrant Information and Monitoring of Registration Data
Authentication of registrant information as complete and accurate at time of registration. Most .music registrations will be sold by “reseller”.music community member associations to their memberships. These resellers will in many cases be able to verify their own memberships at the time of domain sale. To address the case where the reseller lacks the ability to do this in the domain sale process, the .music reseller platform will capture all registrant declaration as to community membership including the identification of their accredited member association. All registrations associated with a given member association will be reported daily to the relevant member association for asynchronous review. Discrepancies in declared community membership will be addressed through the standard abuse practices described in the Acceptable Use Policy.
28.4.3 Policies and Procedures Ensuring Compliance (RRA and RA)
The dotMusic Registry intends to operate as a sole registrar model but will offer exclusive reseller services for music associations to sell domain names to their memberships. This registrar entity and subsequent resellers will be required to enforce measures, establish policies and procedures to ensure compliance, which may include audits, financial incentives, penalties, or other means.
The Registry-Registrar Agreement (RRA) will contain the following terms which will be passed through to the Reseller Agreements where applicable:
1. Confirming that Registrants have a bona fide affiliation with a legitimate Community Member.
2. Requiring that Registrants execute a Registrant Agreement which provides an additional level in securing the protection of creative and intellectual property rights and serves to mitigate copyright infringement, piracy and any other abuse as outlined in the dotMusic Registry policies.
a. The electronic acceptance of the Registrant Agreement would be a pre-requisite to the confirmation of any registration or renewal transaction performed by the Registrar (reseller).
b. Ensuring an electronic audit trail is maintained at the registrar, referencing each and every .music registration to an acceptance date of the Registrant Agreement.
3. Requiring their registrants to certify on an annual basis that they are in compliance with all Accreditation Criteria and other policies and requirements governing domains, including, but not limited to, that the registrant:
a. is not, and will not be involved in any form of copyright infringement, or otherwise facilitate such copyright infringement or provide access to any software, service or application that facilitates copyright infringement, directly or indirectly through the domain;
b. has all the rights necessary to transmit, display, provide access to, reproduce, distribute, publish, link to, perform or otherwise exploit any copyrighted content made available directly or indirectly through the domain;
c. has and will maintain appropriate records sufficient to verify any claimed licenses or authorizations to use or exploit creative content owned by third parties;
d. will only use the domain in connection with activities involving legitimate⁄authorized uses of creative works and not to facilitate infringement; and
e. meets the other Accreditation Criteria and that their operation of the site is legal
4. Acknowledgement that proxy registrations are disallowed, except those proxy registration services that are approved by, and fully comply with ICANN standards and .Music Registry policies.
5. Acknowledgement that the registrar and⁄or reseller will enforce the terms of the Registrant Agreement.
6. Acknowledgement that the registrar and⁄or reseller will endeavor to maintain WHOIS accuracy by:
a. authenticating the registrant information as complete and accurate at time of registration,
b. ensure the registrant is a valid member of good standing in at least of one of Coalition Member Organizations. Means requiring submission of identifying membership information.
c. ensuring completeness and verifying all contact information of principals mentioned in registration data. Means may include utilizing simple web based technology to discern and thus reject inaccurate data (such as mismatch of zip code and State Code), and other means,
d. regular monitoring of registration data for accuracy and completeness, employing authentication methods, and establishing policies and procedures to address domain names with inaccurate or incomplete WHOIS data. Means to do so would include periodic email alerts to the domain name registrant to verify or correct WHOIS information.
7. Acknowledgement of and compliance with .Music Registry’s abuse detection and mitigation procedures, up to and including domain takedown.
8. Acknowledgement of the .Music Registry’s right to take action to ensure compliance with the abuse detection and mitigation policies and procedures of the .Music Registry.
a. Acceptance of .Music’s right to suspend domains found to be in violation of .Music policies.
b. Implement reasonable procedures to identify repeat registrants that attempt to avoid detection as repeat offender registrants, etc.
c. Registrar (resellers) will be required to promptly take down⁄deregister domains that fail to comply with the Accreditation Criteria
and other policies governing domains (including, but not limited to breach of the certification contemplated below), and to refuse to accept registrations from registrants that previously violated such criteria or policies.
d. Annual verification of and electronic acceptance of the RRA.
Last but not least, the .Music Registry will create the Registrant Agreement. The RA would be furnished to all .Music registrar’s resellers as part of the reseller accreditation procedures. The RA would at a minimum require all registrants to:
1. Agree to and abide by the terms of the .Music Registrant Agreement.
2. Adhere to the protection of Creative and Intellectual Property rights such as mitigating copyright infringement and piracy as well as guarding against other abuses such as cyber squatting, typo-squatting or other abusive registration practices defined in the agreement.
3. Annually notifying Registrants of their current agreement to:
a. Avoid of any form of copyright infringement, or otherwise facilitate such copyright infringement or provide access to any software, service or application that facilitates copyright infringement, directly or indirectly through the domain;
b. Possess all necessary rights to transmit, display, provide access to, reproduce, distribute, publish, link to, perform or otherwise exploit any copyrighted content made available directly or indirectly through the domain;
c. Maintain appropriate records to sufficiently verify any claimed licenses or authorizations to use or exploit creative content owned by third parties;
d. Use the domain only in connection with activities involving legitimate⁄authorized uses of creative works and not to facilitate infringement;
e. Meet other Accreditation Criteria as set forth from time to time
f. Implement reasonable monitoring of their site and their domain to police against infringing activity;
g. Implement reasonable enforcement procedures to ensure that any unauthorized content is
removed before being placed on the domain or immediately removed once the registrant becomes aware of such unauthorized content;
h. Proactively ensure unauthorized content is not made available via the domain;
i. Acknowledge the .Music Registry’s right to engage in monitoring and policing activity of the registrant’s domain and site; and
j. Provide evidence of reasonable security and other measures that will be used to protect content made available from the domain.
4. Acknowledgement that if the registrant’s domain use is found to be in violation of the .Music Registrant Agreement, the domain will be subject to suspension and reclaimed by the Registry.
.Music Registry will set itself up as a sole registrar, providing reseller capability to Community Member Associations, who will in turn sell .Music domains to their memberships. This model will provide the following advantages:
• minimize malicious conduct in .music (eg: quicker takedown in case of abusive behavior),
• minimize dot Music Registry’s administrative and technical costs,
• maximize compliance with dotMusic Registry policies, and
• maximize control, as the dotMusic Registry would be the “Registrar of Record” in the WHOIS.
28.5 Resourcing Plans
Responsibility for abuse mitigation rests with a variety of functional groups. The Abuse Monitoring team is primarily responsible for providing analysis and conducting investigations of reports of abuse. The customer service team also plays an important role in assisting with the investigations, responded to customers, and notifying registrars of abusive domains. Finally, the Policy⁄Legal team is responsible for developing the relevant policies and procedures.
The necessary resources will be pulled from the pool of available resources described in detail in the response to Question 31, as well as resources described under the Abuse and Compliance Team. The following resources are available from those teams:
Customer Support – 12 employees
Policy⁄Legal – 2 employees
Abuse and Compliance Monitoring Team – 4 employees
The dotMusic Registry, as noted in our financials, has provisioned for a community compliance and support function. Oncall 24⁄7⁄365, this team supports both the community eligibility verification functions as well as providing a Tier 2 escalation for abuse cases reported through the Tier 1 Neustar Customer Support Teams. We estimate the community and compliance support function will spend no more than 10% of their collective time responding to abuse complaints in view of the estimated registration volumes and for the following reasons:
– Registrants are verified members of an accredited .music community organization or association in order to have an “active” registration and are held to strict community eligibility requirements
– Registrants are well informed that IP protection is a fundamental priority to attain a .music domain. They risk substantial investment loss by risking non-compliance to the participation requirements in .music
– Registrants who lose their .music registrations due to non-compliance can put their related music organization or association memberships at risk
– The .music domain while market-competitive, is not a low cost domain space, which further has a cooling effect on attempted abusive registration
– Regular compliance scanning of the namespace for both community eligibility requirement conformance and abuse detection, as described in Q18 and earlier in Q28 will operate as a deterrent to abusive registration use.
Similar gTLD applications: (0)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|