28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.WMEWilliam Morris Endeavor Entertainment, LLCwmeentertainment.comView

Except where specified this answer refers to the operations of William Morris Endeavor Entertainment LLC (WME)ʹs outsourced Registry Service Provider, CentralNic.
Top Level Domain registries stand in a unique position within the global DNS infrastructure.

TLD registries collect registrants’ registration data and so often “know” the entity responsible for a particular domain name. TLD registries record associations between domain names, registrars and registrants and therefore are in the core of the control chain for every domain name in the TLD. Registries also directly control the delegation records and therefore have the power to enable or disable a particular domain name in the DNS.

This unique position gives power and calls for responsibility. WME as a future TLD registry recognizes its important role in maintaining law and order and is committed to acting in the best interests of the public. In addition to the below described abuse prevention and mitigation methods it should be noted that .WME is being managed as a single-registrant registry where only the applicant, William Morris Endeavor (WME) can make domain name registrations. Such are further conducted in strict compliance with the established internal process for (low volume) registrations conducted by and for use by WME (see response to question #18).
In the following we provide a description of the principles and procedures we will apply to mitigate abusive conduct in .WME.

28.1. Single Abuse Point of Contact

To streamline the information flow and to facilitate ease of communication with the public, WME will dedicate a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD. The contact information will consist of at least an email address and a telephone number. This point of contact will be prominently published on the registry website by the commencement of the Sunrise period.
WME will ensure that:
• The e-mail account is continuously monitored and all communication securely stored.
• The telephone number is either answered by a live person or diverted to a monitored voicemail account.
• Abuse contact information will be kept current and will be updated should it ever change in a timely manner.
Messages received through the published abuse point of contact will be processed via the same procedure and within the same timeframe as the signals coming from the monitoring systems. Each message, both via email and phone channels, triggers the creation of a support ticket in a dedicated queue and procedures for ticket escalation exist. Messages originating from law enforcement authorities are by default assigned an escalated level. For critical tickets personnel is available 24x7 to react accordingly.
WME and CentralNic commit to responding to all abuse complaints within 24 hours of receipt (on a 24x7 basis). During the time periods when its global offices are open (typically 8am-6pm in London, Los Angeles and Dubai) response times are expected to be substantially faster, at around 2-3 hours.

28.2. Abuse Policy

WME is prepared to deal with situations where registry intervention may be required in order to stop illegal activity, prevent abusive conduct or to enforce the law.
WME will adopt a comprehensive Anti-Abuse Policy that will establish what constitutes acceptable use of the domain and will contain a description of procedures registry that will apply to enforce the Policy.

An enforcement action may be triggered by a variety of events including complaints from the public, registrars or ICANN, decisions of a competent dispute resolution provider, outreach from a governmental agency or findings produced by internal investigation or monitoring processes. While the process or enforcement action also will be facilitated in a request from an authorized dispute resolution provider it is clear that the Anti-Abuse Policy is not a replacement for the UDRP or URS. Any disputes under the UDRP or URS will be managed under the processes associated therein.
If abusive behavior in a TLD is encountered, the reports of such behavior and the evidence available will be analyzed by the Registry. If the Registry, in its sole discretion, concludes that a Domain Name Holder has indeed violated a TLD Policy, the registrant will be given a notice and opportunity to correct the breach.
Typically the enforcements will go through the associated registrar. Registrars have more data available about registrants and so they will typically be in a better position to evaluate abuse complaints. However, if the registrar does not take action within a reasonable time period then the registry will take action directly. The registry will always reserves the right to act (lock or hold the name) directly and immediately without pre-notice to the registrar should the situation be such that the potential harm towards Internet Users is imminent or of a significant magnitude.

In extreme cases where a domain is involved in malicious or illegal activity there are provisions for rapid takedown of the domain name in question.

Repeated violations of the Anti-Abuse Policy will result in active monitoring and WME reserves the right to deny registrations of domains under .WME to repeat offenders.
The following policy is a current version that is being used by existing gTLD registries. WME and CentralNic will from time to time review and revise the policy as it becomes necessary to keep the TLD zone secure.

.WME Anti-Abuse Policy
The following Anti-Abuse Policy will be effective upon .WME launch. Malicious use of domain names will not be tolerated. The nature of such abuses creates security and stability issues for the registry, registrars, and registrants, as well as for users of the Internet in general. The WME definition of abusive use of a domain includes, without limitation, the following:
• Illegal or fraudulent actions;
• Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums;
• Phishing: The use of counterfeit web pages that are designed to trick recipients into divulging sensitive data such as personally identifying information, usernames, passwords, or financial data;
• Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through, but not limited to, DNS hijacking or poisoning;
• Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and Trojan horses.
• Malicious fast-flux hosting: Use of fast-flux techniques with a botnet to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities.
• Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct distributed denial-of-service attacks (DDoS attacks);
• Unauthorized access to information systems: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

The WME Anti-Abuse Policy will be incorporated into the Registry-Registrar agreements and Registrars will be required to pass through the requirements to comply with the policy to the registrants.

WME will take reasonable steps to investigate and respond to any reports of illegal activity in connection with the use of the TLD and will cooperate with the competent governmental agencies in such investigations.

WME will utilize the expert services of its registry services provider CentralNic to implement and enforce the .WME Anti-Abuse Policy. CentralNic has dedicated and scalable resources for this function, described briefly as follows; in addition WME will pursue working with other gTLD operators to facilitate informational sharing of abuse activities, mechanisms and behavior within .WME to ensure coordinated mitigation efforts across TLDs.

CentralNic has long experience in the domain registry business, and is an industry leader with respect to its anti-abuse policies. CentralNic has a dedicated Dispute Resolution Policy in place with WIPO, found at WIPO’s website: http:⁄⁄www.wipo.int⁄amc⁄en⁄domains⁄gtld⁄cnic⁄index.html. CentralNic has trained personnel who handle interaction with WIPO, to ensure that panelists’ decisions are carried out expeditiously as required by the DRP.
CentralNic also enforces a Policy on Phishing and Fraud, found at its dedicated Phishing & Abuse page at the following website: https:⁄⁄www.centralnic.com⁄support⁄abuse.

WME will keep records and statistics regarding abuse and abuse reports, including:
• Number of abuse reports received by the registry’s abuse point of contact;
• Number of cases and domains referred to registrars for resolution;
• Number of cases and domains where the registry took direct action;
• Resolution times;
• Number of domains in the TLD that have been blacklisted by major anti-spam blocklist providers, and;
• Phishing site uptimes in the TLD.

28.3. Orphan Glue
CentralNicʹs registry system includes effective measures to prevent the abuse of orphan glue records.
Firstly, the Shared Registry System will reject any request to create host object that is the child of a non-existent domain name. That is, if EXAMPLE.WME does not exist, then NS0.EXAMPLE.WME cannot be created. If the parent domain name does exist, then only the sponsoring registrar of that domain is permitted to create child host objects.
Glue records become orphan when the its parent name server is removed and the orphan glue is not removed for example in the situation where a domain is placed in a hold status meaning that the domain is removed from the zone and no longer will resolve. However, the child name server, i.e. orphan glue, is left in the zone if any innocent sites are using this name server. This is to avoid interruption to sites not related to the domain in question.
As such the CentralNicʹs registry system first checks if an orphan glue is used by other domains and if so then the orphan glue will not be deleted until no other domains are using the glue record. This is in corresponding with the ICANN SSAC paper SAC048.
However, in the situation where orphan glue is used maliciously it will be removed from the zone file.

28.4. Measures to Maintain Whois Accuracy
WME will operate a “thick” WHOIS system, in which all registrants’ contact information will be stored in a single database maintained by the registry. Accredited registrars will have the ability to change the records in that database through the Shared Registration System. The Registry-Registrar agreement requires registrars to ensure that the WHOIS data is accurate at the time of submission and also requires the information provided on the system to be updated in a timely manner in case of any changes.
Corresponding provisions also exist in the Registrar Accreditation Agreement (RAA), para. 3.7.7.
In addition to the standard measures described above, the WME WHOIS system will feature extra levels of reliability with regards to Whois information.

28.4.1. Extra checks on WHOIS data
WME, through its Registry-Registrar agreements will require registrars to perform the following additional checks on the WHOIS data:
• Verify syntactic correctness of email addresses and phone numbers by validating them against the corresponding standards.
• Verify that the domain holder receives email at the addresses listed in WHOIS as registrant’s email address and administrative contact email address, by requiring them to click a unique web link that is sent to those addresses.

28.4.2. Random audits of WHOIS records by the Registry
WME will periodically (at least once every 12 months) perform a random check of WHOIS records in WME for prima facie evidence of fraudulent or inaccurate WHOIS information. For those suspicious records that may be found, WME will further require registrars to conduct a reasonable investigation and to respond with one of the three possible actions:
• Confirm that the information provided in WHOIS is accurate, or
• Correct the WHOIS information, or
• Delete the domain name(s).

The measures described above exceed the ICANN requirements and are adequate to improve accuracy of WHOIS information while maintaining low implementation cost for registrars and good user experience for registrants.

28.5. Resourcing
WME and CentralNic will provide abuse response on a 24x7 basis. The resourcing to fulfill this function will be provided by a combined team of support and operations personnel. The first response function will be provided by support agents during normal office hours, with this responsibility being passed to the Network Operations Centre (NOC) during 24x7 operations.

As can be seen in the Resourcing Matrix found in Appendix 23.2, CentralNic will maintain a team of full-time developers and engineers which will contribute to the development and maintenance of this aspect of the registry system. These developers and engineers will not work on specific subsystems full-time, but a certain percentage of their time will be dedicated to each area. The total HR resource dedicated to this area is equivalent to 75% of a full-time role.
CentralNic operates a shared registry environment where multiple registry zones (such as CentralNicʹs domains, the .LA ccTLD, this TLD and other gTLDs) share a common infrastructure and resources. Since the TLD will be operated in a similar manner to these other registries, and on the same infrastructure, then the TLD will benefit from an economy of scale with regards to access to CentralNicʹs resources.

CentralNicʹs resourcing model assumes that the ʺdedicatedʺ resourcing required for the TLD (i.e., that required to deal with issues related specifically to the TLD and not to general issues with the system as a whole) will be equal to the proportion of the overall registry system that the TLD will use. After three years of operation, the projection for the TLD states that there will be 2,000 domains in the zone. CentralNic has calculated that, if all its TLD clients are successful in their applications, and all meet their projections after three years, its registry system will be required to support up to 4.5 million domain names. Therefore the TLD will require 0.04% of the total resources available for this area of the registry system.

In the event that registration volumes exceed this figure, CentralNic will proactively increase the size of the Technical Operations, Technical Development and support teams to ensure that the needs of the TLD are fully met. Revenues from the additional registration volumes will fund the salaries of these new hires. Nevertheless, CentralNic is confident that the staffing outlined above is sufficient to meet the needs of the TLD for at least the first 18 months of operation.

28.6. Periodic review of anti-abuse policies
WME acknowledges that new types of abusive behavior emerge in cyber space and is prepared to take steps to counter any new types of abuse. WME will periodically (once every 12 months or more frequently depending on the circumstances) together with CentralNic provide reports regarding the received abuse-related complaints. Such reports will contain categorization of the abusive behavior, actions taken and response time as relevant to the statistics listed above. WME will analyses the reports and will review its anti-abuse policies to continually improve the handling of abuse complaints.

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail