28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.公益China Organizational Name Administration Centerconac.cnView

28. Abuse Prevention and Mitigation

The “.公益” TLD has a very low risk of abuse given its strict registration policy and Pre-registration Qualification Procedure (PQP) and the non-commercial nature of the eligible registrants which are global public interest organizations that provide services in Chinese language. CONAC enforces a zero tolerance policy against domain abuse in the “.公益” TLD, and implement anti-abuse policies at three distinct levels.

1. CONAC has two types of measures to prevent and handle domain abuses. Measures to prevent abuses include PQP, Continuous Compliance Mechanism (CCM), raising WHOIS accuracy, controlling WHOIS access authority and processing orphan glue records, these processes are described in this section. Measures to handle abuses include normal and rapid handling process with specific work flows and time limits.

2. CONAC has classified all kinds of abusive behaviors with clear definitions and specific processing measures, (see Section 28.5.2) which ensures effective solutions to abuse problems.

3. CONAC has set up an Anti-Abuse Working Group (AAWG) to deal with abuse complaints and solve abuse problems. CONAC also maintains close interactions with partners including ICANN, Anti-Phishing Alliance of China (APAC), China Internet Network Information Center (CNNIC) and China National Computer Emergency Response Team CNCERT, and shares information with the anti-abuse communities.

Additionally, CONAC requires registrars and registrants not to conduct any abuse through its RRA (to be supplied from time to time by registrar, but the terms of prohibiting abuse of registrant must be included) and the Registration Agreement with terms of abuse prohibition and specifications included. The agreements also stipulate that CONAC conducts a monthly random compliance check to prevent and mitigate abuses.

28.1 Implementation Plans (Establishment of a Single Point of Contact)
CONAC will post the telephone number, postal address and e-mail address for receiving abuse complaints (about all “.公益” domain names, all registrars and resellers) as well as primary contact person on CONAC’s official website (http:⁄⁄www.conac.cn) and inform ICANN about the above contact information. CONAC also requires all registrars to post such information on their websites. CONAC will keep ICANN and all relevant registrars updated if any of the information changes.

Contact person for abuse complaints: Ms. Lili Wang, Manager of Abuse Mitigation
Telephone Number: +86-10-5202 8203
Postal Address: Jia 31, Guangximen Beili, Xibahe, Chaoyang District, Beijing 100028, China
E-mail: complain@conac.cn

The telephone and the email box will operate 7x24x365 to receive complaints regarding abusive domain names registered in “.公益” TLD. Besides a description of the abused domain name, the abusive behavior and the consequence, every complainant is required to provide their personal contact information including telephone⁄fax number, email address so they can be promptly notified of the outcomes of the complaint. CONAC will confirm with the complainant the receipt of a complaint with in one (1) business day, and AAWG will then inform the complainant whether the complaint is accepted within five (5) business days. The complaints require immediate attention due to their seriousness will be prompt forwarded to the CONAC Anti-Abuse Working Group via a rapid process.

CONAC handles the received complaints. Any confirmed abusive behavior may result in the takedown and suspension of relevant domain name(s) under certain circumstances. Any registrar involved in abusive behavior will be punished by CONAC in accordance with the RRA, including termination of RRA. In accordance with relevant regulations and procedures, CONAC will notify the complainant of the final decision of the dispute resolution.

28.2 Policies to Handle Abuse Complaints
CONAC has a strong commitment to preventing all kinds of abuses. The abuse prohibition terms have been included in the RRA (the draft will be posted on CONAC’s website, which is http:⁄⁄www.conac.cn, before ICANN pre-delegation check phase),, regulating that registrars shall not conduct abusive behavior. If a registrar breaches this provision, CONAC will take action and may cease its registration services of “.公益” domain names and terminate the RRA. CONAC requires the registrars to incorporate abuse prohibition terms in the Registration Agreement and all registrants must sign a letter of commitment before registering a “.公益” domain name.


28.2.1 The Complaint Handling Institution and Its Responsibility
CONAC has set up an Anti-Abuse Working Group (AAWG). The working group is composed of 2 CONAC staff and 3 invited experts who are versed in the fields of computer network security, cryptography, intellectual property and community management. All working group members have deep understanding of the Internet and related laws, and have strong professional ethics and are able to independently and neutrally judge the abuse complaint. The working group holds meetings regularly, or Ad-Hoc Meetings if necessary.

The main tasks of the working group include:

1. To accept and handle abuse complaints;
2. To track the latest anti-abuse research outcomes and research on anti-abuse issues in the global domain name communities;
3. To identify and define abuse types that are related to “.公益” domain names;
4. To analyze abusive behavior and develop anti-abuse policies;
5. To establish a coordination and linkage mechanism for anti-abuse community with ICANN, China Internet Network Information Center (CNNIC) and National Computer network Emergency Response technical Team (CNCERT).

28.2.2 Process for Handling Abuse Complaints
CONAC foresees being alerted to suspected abuses through three channels: the first is by receiving complaints from affected stakeholders, the second is by alarms given by the monitoring system deployed according to the characteristics of abuses, and the third is by the information reflected by anti-abuse communities. All suspected abuses will be submitted to the Anti-Abuse Working Group for evaluation and appropriate action.

CONAC Anti-Abuse Working Group will stay well informed of ICANN’s polices concerning abuse and correspondingly determine methods of identifying abuses. CONAC will identify various abuses of domain name registration and domain name use in accordance with abuse characteristics defined by the Registration Abuse Policies Working Group (RAPWG). Please refer to 28.5.2 for details.

An abuse complaint may be solved by the complainant and the respondents (collectively referred to as the parties) through consultations, be submitted to the Anti-Abuse working group established by CONAC for settlement, or be submitted as a legal action to a competent people’s court in China.

If any party disagrees with the decision concerning on the abuse complaint by the CONAC’s Anti-Abuse Working Group, it is entitled to lodge a lawsuit to a competent people’s court in China within 15 days as of the date of the AAWG’s decision. CONAC shall execute the verdict given by the court.

Pursuant to related ICANN policies and related Chinese laws, CONAC has developed a set of anti-abuse complaint resolution processes (see Figure 1 of Q28_attachment). The process for handling the complaints has seven steps, which are described in detail below:

Step 1: Complaint
The complainant files a complaint with CONAC’s Anti-Abuse Working Group. The complainant shall provide complaint materials in written form setting out the reasons for the complaint and the impact on legitimate rights as a result of an abuse. CONAC does not impose restrictions on the number of complainant, respondent and domain names complained against.


Step 2: Complaint Acceptance
The Anti-Abuse Working Group decides whether to accept the complaint within five (5) business days after receiving the complaint: if the AAWG believes that the case does not constitute an abuse, it will not accept the complaint; if the complaint is within the scope of the UDRP, the AAWG will inform the complainant to ask for help from UDRP service providers; in case the complaint is accepted by the AAWG, the domain name will be locked (pending the AAWG’s decision). The domain name remains resolvable but is untransferable, and all of the domain name information is unchangeable. The complainant shall provide a written complaint application and evidence materials. The complaint application shall include the following:

1) Name, email and other contact information of the complainant and its agent (if any);
2) Name, email and other contact information of the respondent (if any);
3) Domain name relevant to the abuse complaint and its registrar;
4) Name, logo, trademark or other legal rights (if any) of the domain name with abuse complaint;
5) Request and reasons for the abuse complaint;
6) Related evidence proving the abuse of domain name by the respondent.

Step 3: Rapid Handling
In case the AAWG finds that the abuse has clear facts and irrefutable evidence and cause serious consequences, it will activate the rapid handling process, see Section 28.5.3. In case the complaint fails to meet the conditions for the rapid handling process, then proceed to Step 4.

Step 4: Investigation and Evidence Collection
The Anti-Abuse Working Group will investigate and collect evidence regarding the abuse complaint by leveraging its Internet technologies and knowledge on related laws, including working with the registrars to obtain and keep related evidence so as to determine the existence of the abuse. The AAWG will request that the respondent provide related technical evidence and materials to refute the allegation of abuse. When necessary, the AAWG will coordinate with the domain name holder and anti-abuse joint action community to investigate the related evidence of the abuse, and confirm whether other domain names of the registrant are abused. In case the AAWG believes that the abuse involves a criminal offense, it will notify the proper authorities to investigate and collect evidence in relation to the offense.

Step 5: Decision
CONAC Anti-Abuse Working Group shall render its decision in relation to the abuse complaint within 15 business days after it has accepted the abuse complaint. The decision will be taken in accordance with ICANN’s related policies, the evidence and materials provided by the complainant, respondent, domain name holder and anti-abuse community as well as China’s other laws and regulations concerned. The decision should set out whether the abuse is confirmed and the type(s) of abuse, the responsible person and handler of the abuse, as well as the severity level and handling level (normal handling or rapid handling) of the abuse. An abuse involving a suspected crime will be referred to the judicial authority concerned.

Step 6: Notice to Related Stakeholders
CONAC Anti-Abuse Working Group will notify the complainant, respondent, domain name holder, registrar and anti-abuse joint action community about the decision on the abuse complaint within three (3) business days after the decision was taken. For phishing, the working group will also contact the holder of the counterfeited domain name.

Step 7: Execution of the Decision of the Anti-Abuse Working Group or the Verdict of the Court
When the complainant and the respondent agree with the decision of the Anti-Abuse Working Group, CONAC (or⁄and the domain name holder, registrar or other stakeholders) will execute the decision. The domain name with judged abuse will be taken down.

When the complainant or the respondent disagrees with the decision given by CONAC Anti-Abuse Working Group, it may lodge a lawsuit to a competent people’s court within China within 15 calendar days after the decision was delivered. CONAC will finally execute the verdict of the court.

When the abuse badly influences the key functions and operation of the system, CONAC will quickly activate back-up system, and inform ICANN and report to the Ministry of Industry and Information Technology of China.

In case the registrar or its reseller gets involved in the abuse, such as Fake Renewal Notices and Cross-TLD Registration Scam, the registrar or its distributor is requested to pay liquidated damages or other measures are adopted to facilitate rectification.

28.3 Measures for Removal of Orphan Glue Records
The policy for registration restrictions on name servers of delegated subzones is implemented through PQP. CONAC and the registrars will execute verification on registration information of each registrant through PQP to ensure compliance with CONAC’s registration policies.

When provided with evidence in written form that the glue record is present in connection with malicious conduct, CONAC will promptly remove the orphan glue record from the DNS system. To facilitate effective removals, CONAC will establish an orphan domain name table in the database, which lists orphan domain names and their generating time. A glue record with be removed after a grace period of thirty (30) calendar days.

28.3.1 Management of Orphan Glue Records after Deletion of Domain Names
CONAC will use the following domain name deletion processes.

Phase 1: To delete all NS records and A records of the domain name and note down current time point as “curTime”.

Phase 2: Traverse the “.公益” TLD zone to find any NS records pointing to the same name servers as the RNAME of the A records to be deleted. If no such NS record is found, proceed with the deletion of the A records. Otherwise, the A records remain in the zone to ensure the resolution of the domains associated with them. The sub domain name and the curTime shall be placed into the Orphan domain name table. Meanwhile, CONAC will send emails to contact persons of the domains affected by the upcoming deletion of A records, notifying them that their domain names are about to be removed and need to be re-directed.

CONAC will move on to the next sub domain name after the procedure mentioned above is completed.

Phase 3: To send out a warning message if any orphan glue record is found, calling it to the attention of the system administrator.

28.3.2 Periodical Scan and Removal of Orphan Glue Records in the System
CONAC executes a daily routine scan of orphan domain name table, starting at 16:00 UTC

Phase 1: Note down the current system time as “curTime”;

Phase 2: For each record in the Orphans form (note as “recordA”), compare the elements in its Orphan column (note as “sOrphan”) and time column (note as “tTime”). If curTime tTime 〉= 30 days, or no sOrphan domain name stands as the RDATA of NS record, then delete record A and corresponding A record of the Orphan. Meanwhile a warning message will be sent to the system administrator, and then the process moves on to the next record in the Orphans form.

The SRS will check whether the intended RDATA of a NS record is listed in the Orphans form for any NS change attempt. If so, a warning message will be triggered, and the change is denied.

28.4 Measures to Promote WHOIS Accuracy
CONAC and the registrars are responsible for raising the WHOIS accuracy.

Generally, CONAC requires the registrar to publish the complete registration information in the WHOIS, this will ensure the accuracy of WHOIS records. For specific information that is requested not be disclosed by the registrants, the registrar information will be presented as a Proxy instead. Upon CONAC’s request for complete information concerning any registrant, the registrar must fulfill the request. As previously described, CONAC will include the relevant terms to the RRA and Registration Agreement with the purpose of protecting WHOIS information from being abused.

28.4.1 Measures to Verify the Accuracy and Integrity of Registrant Information
In addition to the PQP Verification Process mentioned in Section 28.5.1,CONAC will require that the following terms are included in the Registration Agreement signed between registrars and registrants: all information provided by the registrant must be real, accurate and complete. The necessary information provided by the registrant organization includes: name and certificate of legal establishment, registrant contact, administrative contact and technical contact. The registrant must sign a letter of commitment to promise not to conduct any abusive behavior before applying for registering a “.公益” domain name. If any of the registration information is inaccessible, CONAC will require the registrar to verify such information. If the inaccessibility remains unchanged for over 3 months, CONAC will suspend the domain name.

In terms of domain name transfers, all application material shall be initially reviewed by the registrar and then be submitted to CONAC for further reviews.

28.4.2 Regularly Monitor Registration Data to Ensure Its Accuracy and Completeness
The monitoring system deployed by CONAC performs a monthly scan of entire WHOIS database for the accuracy and completeness of registration data.

The specific methods are as follows: the first method is an analysis of data completeness. CONAC checks some WHOIS data at random semimonthly and adopts corresponding algorithms to selects matching data in accordance with various patterns of previously incomplete data. The second method is an analysis of data accuracy. CONAC establishes interfaces with the authoritative databases owned by the registration authorities of public interest organizations to make comparisons between agency information in CONAC’s domain name database and that in the authoritative databases. This will enable discovery of inaccurate data or no corresponding data in the authoritative databases. The third method is random sampling analysis. The data not drawn as sample data in the past three years is sampled and the proportion of random sampling will be determined in accordance with the domain name registrations of CONAC.

In addition to summarizing the data obtained through the aforementioned three channels and by accepting complaints, as well as using the data provided by the anti-abuse community, CONAC customer service staff will have a baseline for checking and verifying data accuracy for domain name holder and contact person by phone or email. When there is any incomplete or inaccurate data, CONAC will establish an internal tracking standing book of incomplete information. At the same time, CONAC will urge the registrar to request the domain name holders to provide the missing information, and will request that the registrar verify the information provided. In case the registrar fails to provide the necessary information in time, the system will give a notice to the registrar and determine the necessary action in accordance with situation.

28.4.3 Measures to Promote WHOIS Accuracy by the Registrars
CONAC requires registrars who wish to provide “.公益” domain name registration services to sign the Registry-Registrar Agreement containing following terms:

1. Being accredited by ICANN;

2. Never participating in, encouraging and acquiescing in domain name abuses;

3. Promising not to conduct any abusive behavior, having in place concrete mechanisms to prevent registrants from conducting domain name abuses in accordance with relevant policies set by ICANN and CONAC;

4. notifying domain name applicants of domain name abuse prohibition policies; reporting to CONAC any domain name abuse complains in a timely manner; performing rapid handling process for abusive domain names in response to CONAC’s requirement; posting CONAC’s complaint contact information including email address, physical address, contact person and telephone number conspicuously on their websites, business forms and in their place of business; verifying the accuracy and integrity of registration information.

Any registrar conducting abusive behavior will be notified of the problem and appropriate action will be taken by CONAC. Any registrar who conducts one (1) intentional or three (3) negligent abuses will face to termination of the RRA and the registrar shall be subject to legal liabilities.

CONAC will require all the registrars to attend an annual training program to share experience in mitigating malicious behaviors, and enhance their technical capability to combat malware and abuse, cyber squatting etc. (conference call, face to face meeting, webinar). CONAC will continually evaluate the registrars’ performance in WHOIS accuracy and integrity in accordance with WHOIS monitoring data. Those registrars who score low in the WHOIS performance evaluation will be required to make specific plans for improvement. CONAC will also check the implementation of the plans afterwards.

28.5 The Definition of Abusive Behavior and Policies for Resolution and Prevention
General policies and work procedures for dealing with abuse complaints have been described in Section 28.2. This section focuses on abuse prevention and mitigation policies, definitions and resolutions of abuses, rapid takedown and suspension procedures, sharing information with anti-abuse communities and measures to prevent WHOIS abuse.

28.5.1 Implementing PQP and CCM to Prevent and Mitigate Potential Abuses
1. Pre-registration Qualification Procedure (PQP)
1) Pre-verification by Registrars
The PQP requires the registrars to pre-verify the eligibility of each registrant via registrant information and certificates provided. The PQP is designed to verify the following items:

That the registrant information is complete, true and accurate, and the Application Form has an official stamp of the registrant; that the registrant is legally established; that the contact information is true; that the applicant represents the organization whose name matches the applied-for domain name; and that the applied for domain name complies with CONAC’s registration policies. The applied-for domain name can pass the registrar’s pre-verification only when all the above information meets CONAC’s requirement, otherwise, the registrar shall reject the application with reasons for the rejection given and “.公益” domain name registration policy attached. Any registrar that violates the above term will be liable for breach of the agreement.

2) Re-verification by CONAC
CONAC re-verifies the registration information submitted by the registrars with the same criteria as the pre-verification. A domain name can go live after passing registrar’s pre-verification and CONAC’s re-verification.

In terms of domain name transfers, all application material shall be initially reviewed by the registrar and then be submitted to CONAC for further reviews. Domain names that pass CONAC’s further review can be transferred.

CONAC implements a Staff Performance Appraisal Systems for rewarding and disciplining staff in the re-verification positions to ensure good quality in the procedure. See Figure2 of Q28_attachment for the registration procedure.

2. Continuous Compliance Mechanism (CCM)
After the domain name registration becomes effective, the registrar shall conduct a continuous review on the qualification of domain name registrant and the usage of the domain name in accordance with CONAC’s measures for domain name review: 1) regularly request the domain name holder to provide relevant written materials, such as registration certificates; 2) request the domain name holder to provide relevant written materials when the domain name holder presents a request to change the information in relation to the domain name. The registrar shall check that the registrant is the qualified holder of the domain name, and that the information is authentic and complete. When the check is successfully completed, the domain name may pass the CCM.

Follow-up handling measures include: 1) the domain name which has passed CCM will be continuously used; 2) in case of inconformity between the domain name holder and the registration information, the registrar shall request that the domain name holder submit valid documentary evidence within five (5) business days, otherwise the domain name will be suspended; 3) when the domain name holder requests to change domain name information, the same procedures of the PQP are applicable to the new information provided by the domain name holder so as to ensure that the changed domain name accords with CONAC’s registration policies.

Since the gTLD that CONAC applies for is not for commercial use, and because the PQP, CCM and other rights protection mechanism (such as sunrise services, trademark claim services, etc.) are effectively implemented, CONAC is capable of preventing and mitigating abuses including Cyber squatting, Front‐running, Gripe sites, deceptive and⁄or offensive domain names, Name spinning, Pay‐per‐click, Traffic diversion, False affiliation and Domain kiting tasting to the greatest extent.

28.5.2 The Definition of and Resolutions of Abuses
According to the definition given by Registration Abuse Policies Working Group (RAPWG), the abusive behavior refers to “An action that causes actual and substantial harm, or is a material predicate of such harm, and is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed.”
The main types of registration abuses include Cyber squatting, Front-Running, Gripe Sites, Deceptive and⁄or Offensive Domain Names, Fake Renewal Notices, Cross-TLD Registration Scam, Name Spinning, Pay-per-Click, Traffic Diversion, False Affiliation, Domain Kiting⁄Tasting, fast‐flux, spamming, malware distribution, online child pornography phishing, botnet command and‐control and trademark abuse. The definitions and solutions of the abuses are described in details below.

Given that the “.公益” TLD is available to registrants from global public interest organizations that provide services in Chinese language, it is highly unlikely that any of the types of abuses identified above will occur.

1. Cyber squatting
Provisions 4(a) and 4(b) of the UDRP are a sound definition of cyber squatting.

Theoretically, cyber squatting is avoidable, since only eligible organizations can register their corresponding domain names with the strict implementation of PQP. CONAC relies on the UDRP as reviewed from time to time, as the long-standing mechanism for addressing cyber squatting.

2. Front-running
Front-running is when a party obtains some form of insider information regarding an Internet user’s preference for registering a domain name and uses this opportunity to preemptively register that domain name. In this scenario, ʺinsider informationʺ is information gathered from the monitoring of one or more attempts by an Internet user to check the availability of a domain name.

As stated above, CONAC implements strict Preregistration Qualification Procedures (PQP), all “.公益” domain names must pass PQP, no “.公益” domain name can be reserved by any registrars.

CONAC also takes the following measures to prevent or mitigate such practices:

1) CONAC seeks to promote the registrarsʹ efforts to better educate registrants about the existence of after-markets and how these affect registrants.

2) CONAC encourages registrars to eliminate the use of industry jargon wherever possible when presenting information to consumers and non-technical Internet users.

3) CONAC encourages registrars to consider ways to eliminate Internet usersʹ misconception that domain name back ordering services offer a guarantee that they will register the name when the current registration expires and is not renewed.

4) CONAC believes it is necessary to increase the awareness among the prospective domain name registrants about registration abuse. Prospective registrants should recognize that (a) querying the availability of a domain name demonstrates an interest or ascribes a value on that name and (b) if interest in and competition for domain names is intense, and these factors increases the probability that multiple parties will show interest in the same name. Thus, prospective registrants may wish to prepare in advance and to register a domain name at the time when they query the availability of a domain name of interest. Registrants should maintain records of domain name availability checks and registration attempts.

5) Registrars are required by CONAC to provide clear notice to Internet users regarding how they treat information submitted during an availability check.

3. Gripe Sites; Deceptive, and⁄or Offensive Domain Names
Examples of such abuse includes:

1) Pornographic⁄Offensive Sites: Websites that contain adult or pornographic content and use a brand holder’s trademark in the domain name (e.g. brandporn.com).

2) Offensive strings: Registration of stand-alone offensive words within a domain name (with or without brand names).

3) Registration of deceptive domain names: Registration of domain names that direct unsuspecting consumers to obscenity or direct minors to harmful content—sometimes referred to as a form of “mousetrapping.”

4) Gripe⁄Complaint Sites a.k.a. “Sucks Sites”: Websites that complain about a company’s or entity’s products or services and use a company’s trademark in the domain name (e.g. companysucks.com). Note: since these sites may be considered an expression of “freedom of speech” in some countries, the AAWG will make decisions in accordance with situation.

The PQP and regular naming conventions that implemented by CONAC concurrently regulate registrants’ eligibilities and their applied for domain names. In addition, there are community usage requirements in place. Therefore, abuses associated with Gripe Sites; Deceptive, and⁄or Offensive Domain Names can be avoided.

4. Fake Renewal Notices
Fake renewal notices are misleading correspondence sent to registrants from an individual or organization claiming to be or to represent the current registrar.

Such abuses are an issue of trade practices and are, more often than not, handled by law enforcement and court cases, governments and consumer protection agencies. CONAC provides aid for such lawsuits whenever necessary in a bid to protect registrantsʹ rights. If the perpetrator is a registrar, CONAC’s policy applies through the RAA (Registrar-Accreditation Agreement). If the perpetrator is not a registrar, CONAC’s role lies in its efforts to defend against domain name hijacking or WHOIS abuse.

Additionally, CONAC takes the following measures to avoid Fake renewal notices:
1) To require the registrars to send domain name expiration notifications to registrants thirty (30) days and sixty (60) days in advance.
2) To list all domain names that will expire in sixth (60) days on CONAC’s website;
3) To provide information in the WHOIS, including domain name expiring date.

5. Cross-TLD Registration Scam
“Cross-TLD Registration Scam” is a deceptive sales practice where an existing registrant is sent a notice that another party is interested in or is attempting to register the registrant’s domain string in another TLD. The registrant is therefore pushed to make additional registrations via the party who sent the notice often a reseller who would profit from the additional registrations, and is offering the new domain at a higher-than-average market price.

This deceptive practice could or should be dealt with via legal, regulatory, or consumer protection mechanisms offered by governments. Nevertheless, CONAC safeguards its WHOIS service from being involved in such abuse by noting the use of a list of registrants for the purposes of spamming could be a violation of WHOIS policies. CONAC regulates the registrars by entering RRAs, in which the terms of abuse prohibition are stipulated. Any cross-TLD registration scam detected will result in termination of the RRA with CONAC.

6. Name Spinning
This is the practice of using automated tools to create permutations of a given domain name string. Registrars often use such tools to suggest alternate strings to potential registrants when the string that the person queries is not available for registration.

Automatic bulk registration of domain names is not supported by the PQP, which means that the name spinning can be avoided.

7. Pay-per-Click
Pay per click (PPC) is an Internet advertising model used on Websites, in which the advertiser pays the host only when their ad is clicked. The concern raised is the use of a trademark in a domain name to draw traffic to a site containing paid placement advertising.

Pay-per-click advertising is not in and of itself a registration abuse, and bad-faith use of trademarks in domain names is a Cyber squatting issue that can be addressed under the UDRP. Theoretically, the Pay-per-Click is avoidable for non-commercial TLDs. With PQP and strict registration policies in place, only eligible organizations can register “.公益” domain names. Furthermore, “.公益” domain names are not for profit, theoretically, such abuse can be eliminated in “.公益” TLD .

8. Traffic Diversion
Use of brand names in HTML visible text, hidden text, meta tags, or Web page title to manipulate search engine rankings and divert traffic.

This is a Website use issue with no inherent relation to a domain name or registration process.
If CONAC receives complaints through telephone calls and e-mails, it will submit the case to the Anti-Abuse Working Group for resolution.

9. False Affiliation
Website that is falsely purporting to be an affiliate of a brand owner.

This is a Website use issue with no inherent relation to a domain name or registration process.
If CONAC receives complaints through telephone calls and e-mails, it will submit the case to the Anti-Abuse Working Group for resolution.

10. Domain Kiting Tasting
Registrants may abuse the Add Grace Period (AGP) through continual registration, deletion, and re-registration of the same names in order to avoid paying the registration fees. This practice is referred to as “domain kiting.” Domain tasting is a different practice, in which a registrant measures the monetization potential of a domain during the Add Grace Period, and deletes it in AGP if the domain is not worth keeping.

As there is no clear evidence of this activity and the PQP makes it highly unlikely to occur, CONAC will continually monitor the issue and consider next steps if conditions warrant.

11. Phishing
Phishing is when a Website fraudulently presenting itself as a trusted site (often a bank) in order to deceive Internet users into divulging sensitive information (e.g. online banking credentials, email passwords). The goal of phishing is usually the theft of funds or other valuable assets.

CONAC’s observations and analysis show that phishing is generally a domain name use issue. Those cases that involve misleading use of brand names in the domain string may be treated as cases of cyber squatting.

CONAC identifies the fact that the great majority of domains used for phishing are compromised or hacked by phishers, and the registrants are not responsible for the phishing. Such domains are neither registered for bad purposes nor associated with the inherent registration issue, and therefore call for careful mitigation efforts by CONAC.

If CONAC receives complaints through telephone calls and e-mails, it will submit the case to the Anti-Abuse Working Group for resolution. For emergency phishing cases, CONAC will enforce measures like rapid suspension of the domain name.

12. Spam
Spam is generally defined as bulk unsolicited e-mail. Spam may be sent from domains, and be used to advertise Websites.

CONAC’s observations and analysis show that spam is generally a domain name use issue. Those cases that involve misleading use of brand names in the domain string may be treated as cases of cyber squatting.

13. Malware Botnet Command-and-Control
Malware authors sometimes use domain names as a way to control and update botnets. Botnets are composed of thousands to millions of infected computers under the common control of a criminal. Botnets can be used to perpetrate many kinds of malicious activity, including distributed denial-of-service attacks (DDoS), spam, and fast-flux hosting of phishing sites.

Relevant malware (including that associated with Srizbi, Torpig, and Conficker) on these infected machines attempts to contact domains included on some sort of pre-determined list or generated via an algorithm. If the botnetʹs master has deposited instructions at one of these valid domains, the botnet nodes will download those instructions and carry out the specified malicious activity, or update themselves with improved code.

The Anti-Abuse Working Group will work on the relevant complaints, and will interact with CNCERT, share information and handle the abuse promptly, and delete the domain name if the abuse is confirmed.

14. Fast-flux
Fast flux refers to rapid and repeated changes to an Internet host (A) and⁄or name server (NS) resource record in a DNS zone, which have the effect of rapidly changing the location (IP address) to which the domain name of an A or NS resolves. Although some legitimate uses for this technique are known, it has within the past few years become a favorite tool of phishers and other cybercriminals who use it to evade detection by anticrime, antimalware and anti-phishing investigators.

CONAC will monitor and control fast-flux domain names, maintain effective interactions with CNCERT and other Internet security organizations, share abuse information and will submit shared information to the Anti-Abuse Working Group for resolution in a timely manner.

15. Online child pornography
Online child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child and spread on the Internet.

If CONAC receives complaints through telephone calls and e-mails, it will submit the case to the Anti-Abuse Working Group for resolution.

16. Pharming
Pharming is an Internet scam that involves misdirecting a user to a fraudulent Website or proxy server by exploiting weaknesses in DNS server software and hijacking transactions, or by changing certain files in the client software on a victimʹs computer. Pharming is technically sneakier than phishing because it can be done without any active mistake on the part of the victim.

So first of all, CONAC will play an active role in education and awareness raising, and ensure that all parties including registrants and registrars are aware of the pharming risks and the mitigation measures. As pharming threats, especially those initiated from the DNS cache poison, can be largely alleviated by the deployment of DNSSEC, CONAC will promote the adoption of DNSSEC in the “.公益” sub domains. Additionally, CONAC will advocate and establish an emergency procedure to flush the spoofed domain or poisoned DNS cache and recover from the pharming attacks in cooperation with the Internet community upon the receipt of complaints of pharming attacks. If CONAC receives complaints through telephone calls and e-mails, it will submit the case to the Anti-Abuse Working Group for resolution. The domain names with abuse confirmed will be deleted.

17. Trademark Abuse

The trademark abuse is that registrants’ domain name is identical or confusingly similar to a trademark or service mark in which the trademark holder has rights; and the registrant has no rights or legitimate interests in respect of the domain name; and the domain name has been registered and is being used in bad faith.
CONAC provides the sunrise services and trademark claim services, and abides by the Uniform Domain Name Dispute Resolution Policy (UDRP), Uniform Rapid Suspension (URS) and Trademark Post-Delegation Dispute Resolution Procedure(PDDRP). CONAC will protect the legitimate rights and interests of the trademark owner, and will assign dedicated personnel to execute the decision made in accordance with UDRP, URS and PDDRP.
Further details are provided in the response to Question 29.

28.5.3 Handling Level
CONAC Anti-Abuse Working Group assesses the severity level of the abuse and determines the corresponding level and process in accordance with the acquisition way of, people affected by and actual loss and damage brought about by the abuse. At the same time, acceptance time limit and handling time are specified and a rapid handing process is set in CONAC’s abuse complaint processes. In case the AAWG finds that the abuse has clear facts and irrefutable evidence and cause serious consequences, especially the abuse identified by URS and Anti-Phishing Alliance of China (APAC) or a complaint concerning criminal acts, the AAWG will activate the rapid handling process and will suspend the domain name within 48 hours (See Section 28.5.4 for details). When the working group receives a request from a judicial authority or law enforcement, it will launch a rapid handling process and rapidly suspend the domain name concerned within 48 hours. Any abuse involving crime will be reported to judicial authority in a timely manner.

CONAC will notify the stakeholders, including complainant, respondent, domain name holder, registrar and anti-abuse joint action community about the decision within three (3) business days after the suspension.

The domain name holder may lodge a complaint in three (3) business days after receiving the notice. CONAC will make a decision on the complaint within 15 business days. If the evidence provided by the domain name holder is sufficient enough, the domain name holder may succeed in the claim with the domain name restored in 48 hours by CONAC; if the domain name holder does not respond to the claim or fails to prove the claim, CONAC will take down the domain name in 48 hours after the claim expiring date or the failure date (See Section 28.5.4 for details)

28.5.4 Rapid Suspension ⁄Takedown of Certain Domain Names
CONAC offers the functions of “Suspend” and “Takedown” in the SRS to suspend and takedown certain domain names.

The “Suspend” function enables CONAC to suspend a domain name by setting the EPP status to “serverHold”. Then the domain name cannot be resolved and transferred, until CONAC activates “Restore” in the SRS. CONAC will notify the registrar to synchronize the changes. If the domain name exists in the resolution system, the system will notify certain interfaces to delete the domain name from primary DNS of the resolution system, and the primary DNS will immediately notify corresponding secondary DNS sites.

If CONAC receives an effective judgment or notification from law enforcement entities, stating the requirement of takedown of a domain name, CONAC will skip the “suspension” and directly delete the domain name by activating “Takedown” function in the SRS. Then the system will delete the domain name from the primary DNS. The primary DNS will immediately notify corresponding secondary DNS sites to proceed with the updates. The “.公益” TLD can be completely updated in 24 hours.

28.5.5 Share Information with Domain Name Anti-Abuse Communities
CONAC will adopt common information sharing means with the domain name anti-abuse community to blacklist domain name registrants with three or more malicious abuses and share its blacklist with the domain name anti-abuse community.

1. Interactive mechanisms with ICANN
CONAC defines and adjusts from time to time its abuses and anti-abuse policies applicable to the “.公益” TLD in accordance with the definitions and related polices concerning abuse types published by the authoritative organs of ICANN as well as the actual conditions of “.公益” TLD, such as the Memorandum on Definitions and Interpretations of Abuse designated by ICANN Anti-Abuse Working Group, related guiding documents on abuse promulgated by the Security and Stability Advisory Committee, the documents of the anti-phishing working group as well as the documents concerning anti-abuse measures of Registry Internet Safety Group (RISG) and Computer Incident Response Community (FIRST⁄CERTs).
In addition, pursuant to the Expedited Registry Security Request Process (ERSR) formulated by ICANN, CONAC shall report to ICANN any of following sudden events:
1) Malicious activity involving the DNS of a scale and severity that threatens systematically the security, stability and resiliency of a TLD or the DNS.
2) Unauthorized disclosure, alteration, insertion or destruction of registry data, or the unauthorized access to or disclosure of information or resources on the Internet by systems operating in accordance with all applicable standards.
3) An incident with the potential to cause a temporary or long-term failure of one or more of the critical functions of a gTLD registry as defined in ICANN’s gTLD Registry Continuity Plan. When an incident occurs, CONAC will fill in an ERSR form designated by ICANN and submit the form to ICANN. CONAC will describe the detailed information of the incident, measures adopted and time needed to solve the incident. The ERSR form will be automatically reported to the Security Response Advisory Group of ICANN. CONAC have specially-assigned persons to communicate with the Security Response Advisory Group and coordinate with ICANN staff to complete the investigation, record and solve the sudden event.

2. Joint Action Mechanism with CNNIC’s Anti-Abuse Team
China Internet Network Information Center (CNNIC) is an administration and service organ established with the permission of national competent authorities to function as the national Internet network information center and administer ccTLD “.cn”, IDN ccTLD “.中国” and “.中國”.

CONAC requires registrar to adopt pre-verification of PQP, generally there is no cyber-squatting under “.公益” TLD. However, in order to effectively guarantee the interests of public interest organizations, CONAC will cooperate with CNNIC and request CNNIC to keep a close watch on suspected public interest organizations’ domain names registered under “.cn” and “.中国”. The interaction mechanism between CONAC and CNNIC focuses on two aspects: 1) anti-cyber-squatting. CNNIC keeps a close watch on cyber-squatting of public interest organization names under “.cn” and “.中国” but not under “. 公益.cn”. CNNIC will provide timely notification to CONAC when a cyber-squatting is found, and CONAC will cooperate with CNNIC to review the qualification of the applicant. 2) Anti-phishing. Although some measures are adopted to prevent cyber-squatting, it is still inevitable that some registrants use the words similar with the names of public interest organizations to register “.cn” and “.中国” domain names. For phishing websites using such domain names, CNNIC’s Anti-Abuse Working Group will notify CONAC immediately after it receives complaints so as to conduct a joint anti-phishing investigation.

3. Joint Action Mechanism with CNCERT
Directly led by the Internet Emergency Response Coordination Office under the Ministry of Information Industry, China National Computer Emergency Response Team⁄Coordination Center (CNCERT⁄CC) coordinates China’s Computer Emergency Response Teams (CERTs) to jointly handle security emergencies on the national public Internet, provides computer network safety monitoring, early warning, emergency response, prevention and other security services and technical supports for national public Internet, main national network information application systems and key departments, timely collects, verifies, summarizes and publishes authoritative information concerning Internet security, and organizes domestic computer network emergency response institutions to conduct international cooperation and exchanges. At the same time, CNCERT⁄CC also serves as a bridge for exchanges and contacts with international CERT organizations. CNCERT is a full member of the Forum of Incident Response and Security Teams (FIRST), an authoritative international organization. CNCERT⁄CC participates in the establishment of the Asia-Pacific Computer Incident Response Team (APCERT) and is a member of APCERT Steering Committee. CNCERT⁄CC has conditions to timely have exchanges and cooperation with foreign emergency response teams and other related organizations, and serves as a window to the outside world for China to handle network security incidents.

The interaction between CONAC and CNCERT mainly covers the following aspects: 1) CONAC regularly tracks the system bugs, early virus warnings and MALWARE reports concerning DNS system that are released by CNCERT. For example, CONAC Anti-Abuse Working Group timely patches the bugs discovered concerning open source software BIND, and turns to CNCERT for assistance when necessary. The Anti-Abuse Working Group leverages CNCERT’s role as a bridge for exchanges with international CERT organizations to timely track the evolution of virus varieties concerning DNS and observe the participation of “.公益” domain names in virus transmission. 2) CONAC employs CNCERT experts to evaluate system construction and independently developed software, takes part in security evaluation, and employs experts to give assistance in developing service level SLA and solve technical problems concerning security. 3) CONAC will review these reports to improve its abuse policies (CNCERT publishes weekly reports on network security information) CNCERT keeps close contacts with international security expert organizations and thus boasts a strong knowledge base. CONAC leverages the knowledge base to alter abuse handling processes. 4) CONAC assists CNCERT to conduct survey on sudden network events, collect statistics on and monitor spread trends of Botnet and malware on China’s Internet.

28.5.6 Prevent Abuse on WHOIS Functions
CONAC conducts monitoring over the WHOIS system to prevent abuses. CONAC does not allow a single user to send frequent queries to the WHOIS system (such as using data mining software to access the WHOIS system) and prohibits searching the WHOIS with wildcard. The system may restrict accesses from certain IP address in a short period of time by configuration when any negative effect of certain operation to the system is detected.

28.6 Adequate Controls to Ensure the Proper Access of Domain Names
Registrars undertake the following controls via requirements in the Registry-Registrar Agreement (RAA).

28.6.1 Multi-factor Authentication
CONAC secures user accounts by multi-factor authentication. User account access is secured through password, token and one-time password, or the combination of at least two of them. A strong password must contain at least 10 digits with letters, numbers and special characters. Tokens are generated randomly in the USB-Keys distributed offline. One-time password is generated pseudo-randomly by synchronized password cards held by CONAC and the registrant.

The user can change, transfer and delete domain names only after log on to the system. Additionally, CONAC as a registrar system provider may offer universal edition of registrar service software to the registrars that have no registrar systems ready for operation to assist them in deploying multi-factor authentication. (see responses to Question 23) The multi-factor authentication is also adopted in the universal edition of the registrar service software.

28.6.2 Contact to Request and⁄or Approve Update, Transfer and Delete Requests
CONAC requires registrars to implement a process, in which all update, transfer and delete requests shall be firstly confirmed by at least two points of contact, including registrant, administrative contact and technical contact, before proceeding with relevant requests.

28.6.3 Notification of Contact
CONAC requires registrars to notify the registrant, administrative contact and technical contact when a domain name is successful updated, transferred and deleted.

28.7 Resourcing Plan
CONAC will allocate 10 people in the positions of marketing, customer support and technical support, 3 invited experts are included. These resources are sufficient for the initial implementation and ongoing maintenance.

3 Customer Support Staff Role D: responsible for accepting complaints from the website, email box and telephone calls, submitting cases to the Anti-Abuse Working Group, replying customers with results, and supervising the implementation of measures taken by CONAC and the registrars on raising the WHOIS accuracy.

2 Registration managers Role B: responsible for registry re-verification and CCM

The Anti-Abuse Working Group is consisted of 2 CONAC staff and 3 invited experts.

1 Legal Staff Role A: responsible for tracking abuse situation, researching on and develop anti-abuse policies, participating in abuse resolution procedures and decision making process;

1 Security Engineer Role B: responsible for technically monitoring the abuse situation, dealing with the abuses in accordance with decisions from the Anti-Abuse Working Group;

3 Invited Experts: responsible for handling abuse complaints.

The single point of contact mentioned in Section 28.1 is available on CONAC’s website. The relevant operations of suspension and takedown are developed in the SRS. See responses in Question 24 (SRS) for relevant resource allocations.

All the aforementioned staff are currently in place. Detailed skillset requirements on the staff can be found in section 31.3.3 in the response to Question 31.

CONAC will give adequate considerations to the changes of business scale and allocate more human resources if necessary.

Costs of resources allocation are detailed in costs and capital expenditure of Question 47a and 47b.

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.政务China Organizational Name Administration Centerconac.cn-4.55Compare