28 Abuse Prevention and Mitigation
Prototypical answer:
gTLD | Full Legal Name | E-mail suffix | Detail | .LAT | ECOM-LAC Federaciòn de Latinoamèrica y el Caribe para Internet y el Comercio Electrònico | cabase.org.ar | View |
ABUSE PREVENTION AND MITIGATION
NIC Mexico will provide the back-end registry services for the .LAT TLD. The services offered include the technical operation of the Registry and customer support including billing and collection. NIC Mexico will also be in charge of handling trademark and abuse related processes like UDRPs and any report received by the abuse contact. NIC Mexico is the current registry operator for the .MX ccTLD and has been not only a leading ccTLD in the region, but also a worldwide leader in policy and technology development.
NIC Mexico currently has in place practices to mitigate and prevent some forms of abuse. For example, special charges for deletion of domain names during Add Grace Period to discourage excessive domain tasting and full support of the UDRP to deal with Intellectual Property Infringements and Cybersquatting. For .LAT Registry NIC México will implement measures according to the open nature of the new TLD following ICANN advisory and industry’s best practices.
REGISTRATION AND USE ABUSE
As a Registry Operator, .LAT Registry will implement the Consensus Policies adopted by ICANN as established in the Registry Agreement. Additionally, .LAT Registry will implement the Uniform Rapid Suspension system, as proposed in the Applicant Guidebook to fight the most flagrant cases of cybersquatting or other forms of registration abuse, related to the use of trademarks.
Registration Abuse Policies Working Group (RAPWG), worked on a very ample report on the matter. Their findings and further recommendations were analyzed and applied where we found suitable and compatible with .LAT registry to complement current practices.
The following registration abuse practices were identified by the RAPWG, and will be addressed by .LAT Registry.
CYBERSQUATTING
Cybersquatting is recognized as the most notable form of registration abuse in the ICANN community; and the UDRP was originally created to address this abuse. This form of abuse is present in almost every TLD, and .LAT Registry will implement industry’s best practices to prevent it and mitigate it.
.LAT Registry will support UDRP as defined by ICANN Consensus Policies to fight Cybersquatting. Although it has had some areas of improvement pointed out; UDRP has proved to be affective against cybersquatting. Notwithstanding that it has been subject of abuse itself with Reverse Domain Name Hijacking cases, UDRP continues to be the first line of defense to discourage and fight Cybersquatting.
Other recurring registration practices, like Gripe Sites and Offensive Domain Names that use a brand owner’s trademark have been found by the RAPWG as a form of Cybersquatting that can be adequately addressed via UDRP.
.LAT Registry will implement a Sunrise period for trademark owners. This period will be conducted in full support of the procedures and requirements defined as part of the Trademark Clearing House implementation. Following the General Availability launch and extending for 60 days there will an IP Claims Service to provide notice to domain registrants of existing trademark rights, as well as notice to rights holders of relevant names being registered. Furthermore, a special feature of this service will allow
DOMAIN TASTING⁄KITING, FRONT-RUNNING
.LAT Registry will implement Add Grace Period (AGP) Limits Policy to prevent and mitigate domain tasting. Domain tasting and kiting were once a common practice, abusing the AGP originally meant for mistaken registrations. Front Running is also another form of registration abuse that has been largely affected by the AGP Limits policy for the benefit of registrants.
USE ABUSES
Althoug LAT Registry will require that domain names be used only for legitimate activities or purposes carried out in good faith, .LAT registry recognizes that it will not prevent use abuses on the domain names. One of the the most noticeable example of domain name use abuse is phishing:
PHISHING
For the last years, phishing has been a common practice to deceive internet users to reveal sensitive information by taking them to fake websites that resemble trusted sites they are familiarized with. The great majority of domains used for phishing are compromised or hacked by phishers, and the registrants are not responsible for the phishing therefore, prevention and mitigation actions must be handled carefully, prioritizing protection of the public without putting aside protection to the registrants. .LAT will work closely with the registrars to make sure innocent registrants are protected.
However, .LAT should not be part of the decision about what is and what is not a phishing website; with this in mind, .LAT registry will promote the creation of a Regional Anti-Domain Abuse Center (RADAC) that could evaluate phishing complaints, or about any form of use abuse, and determine if a site should be taken down in coordination with relevant law enforcement agencies.
This would enhance the capabilities in the region to attend the problems related to phishing and other domain use related abuses. In addition, it might drive experience to other TLDs in the region that do not have access to this kind of mechanisms and also catch the attention of other relevant actors in the latin community that could participate.
OTHER FORMS OF USE ABUSE
.LAT Registry will fully cooperate with ICANN and relevant law enforcement agencies to prevent and mitigate other forms of abuse like SPAM, Fast Flux Hosting, Distribution of malware and Distribution of Child Pornography
ABUSE PREVENTION AND MITIGATION IN .LAT REGISTRY
.LAT Registry is committed to operate the .LAT TLD maintaining at all times the security and stability of the internet, providing a reliable service and preventing and mitigating all forms of abuse. To achieve this .LAT Registry will implement ICANN Consensus Policies and will take all actions needed to comply with the Registry Agreement and its Specifications.
.LAT registry will take the following measures to prevent and mitigate domain name abuse
SINGLE ABUSE POINT OF CONTACT
As specified in the registry agreement .LAT Registry will provide to ICANN and publish on its website the information regarding its Single Abuse point of Contact. Information will include valid email and mailing address as well as a primary contact for handling inquires related to malicious conduct in the TLD, and will provide ICANN with prompt notice of any changes to such contact details.
The handling of abuse inquires will be in charge of the commercial operations team. The team has long experience working with UDRPs and will be readily available to collaborate with ICANN and relevant authorities in order to pursue abusive practices that result in criminal activities. Top priority will be given to abuse inquires, and a timely response will be provided to complaints concerning names registered in the TLD. Commercial operations team currently has the required tools to implement determinations from both UDRP and URS examination panels.
.LAT Registry will collaborate with ICANN to define mechanisms to respond to relevant authorities’ inquires in clear cases of abuse like phishing.
Procedure to respond to Abuse inquires and complaints.
Once the point of contact receives the abuse notice, it will pass it to the operations team to verify if the reported incident or situation corresponds to a form of abuse that is within .LAT Registry scope. If the team determines that effectively it is an abuse case within the .LAT TLD, a service executive will contact the affected or reporting party to provide further information of the actions that can be taken. .LAT registry anticipates that such actions will fall within one of the following options:
1. File a UDRP
2. File a URS
3. Contact a government agency, law-enforcement body or response center (RADAC) to analyze and prosecute the abusive activities.
.LAT Registry will invoke the Expedited Registry Security Request (ERSR) in case of a present or imminent security incident to the TLD and⁄or the DNS to request ICANN a contractual waiver to take immediate action to prevent or address the incident.
.LAT Registry will collaborate with industry partners sharing information regarding malicious or abuse behavior in cases of purely technical nature coordinated by ICANN, IETF, or some other instance appointed by ICANN.
In the case of requests to perform certain actions on a domain name received form law enforcement agencies, special care should be taken on whether the law enforcement agency has the required authority to request such actions. ICANN will be consulted to clear any discrepancy before answering any request. Whatever the case is, .LAT Registry will collaborate and share relevant information with relevant authorities appointed by ICANN
HANDLING OF ORPHAN GLUE RECORDS
Although glue records are actually necessary for the DNS function, sometimes, domain names are deleted and removed from the registry database, but the glue records are left in the zone file. Those records are known as orphan glue records, and pose a security threat to the DNS. Due to the security threat that orphan glue records represent to DNS .LAT registry will implement control mechanisms so that no orphan glue records are left in the zone file.
GLUE RECORDS POLICY
Glue records will be allowed only for host objects that are internal to the .LAT TLD, with this, only host objects of the form dns.example.lat will be allowed to have glue records. Furthermore, only the registrar of record of domain name example.lat will be allowed to create host objects under that domain name and provide glue records. Other registrars will only be able to associate their domain names with the host objects for delegation purposes. Glue records will not be allowed in the registry database for host objects external to the .LAT TLD.
To delete a host object, the registrar must first remove all links of the host with other domain names; howeverif a registrar sends a delete command for a domain name that has subordinate hosts with glue records, the SRS will delete the domain name and also all subordinate host objects. All information regarding that domain name, including glue records will be removed from the zone file. All links from the deleted host objects and other domain names will be removed, so some of them can end up being removed from the zone file. It is responsibility of the registrar to make sure that domain names and hosts objects are only deleted when they are no longer in use.
WILDCARDING
.LAT Registry will not implement or allow any wildcarding scheme on the .LAT DNS. The abuse contact will be available to receive complaints about any wildcarding-like behavior on any domain name. .LAT Registry will work with the registrar of record to analyze and resolve any situation. All domain names indicated by ICANN in the registry agreement will be reserved.
WHOIS ACCURACY
LAT Registry will implement Whois Data Reminder Consensus Policy to validate that contacts linked to domain names are reachable and aware of their responsibilities. Data Reminders will be sent to domain contacts at least once a year and will be asked to verify and confirm that the information is still valid, or to contact the registrar of record to make corrections as appropriate. Additionally .LAT Registry will send notifications to the registrants of domain names upon update of domain data.
ADDITIONAL PROTECTIONS FOR DOMAIN ABUSE
DOMAIN LOCKING SERVICE
.LAT Registry will offer an advanced security service that will prevent a domain name from being modified online, by means of the SRS interfaces, web and EPP.
This service will be oriented to allow registrars of the .LAT TLD offer to registrants an increased security level for protection of their valuable domain names that are essential assets for business operations and brand protection. Domain Lock will add an extra layer of verification and control on operations affecting “locked” domains. Registrars will use it in combination with their own security measures to help registrars mitigate the risk of hijacking as well as unintended domain deletions, transfers and any other undesired update.
NOTIFICATIONS OF DOMAIN ACTIVITIES BY THE .LAT REGISTRY
.LAT Registry will offer an opt-in feature to send notices to the registrant and administrative contacts of record of a domain name when the domain has been updated, transferred, or deleted, in order to detect and contain any abuse or unsolicited actions that could reveal abuses on the domain name. In case of the registrant was unaware of the modification, .LAT Registry will contact the registrar of record to determine if the update involved some form of abuse.
Similar gTLD applications: (0)
gTLD | Full Legal Name | E-mail suffix | z | Detail |