28 Abuse Prevention and Mitigation
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.jprs||Japan Registry Services Co., Ltd.||jprs.co.jp||View|
28.1. Abusive Prevention & Mitigation
In 2010, .jp was recognized as one of the worldʹs safest country code top-level domains (ccTLDs) for the second consecutive year, see http:⁄⁄us.mcafee.com⁄en-us⁄local⁄docs⁄MTMW_Report.pdf
JPRS intends to duplicate these very same qualities within the .jprs namespace.
As described in the answers for #18 (Mission⁄purpose), .jprs will restrict the registration and the use of the domain names to JPRS and its partners. JPRS will evaluate and qualify the second level domain names prior to registering any additional domain names to .jprs, and through this proprietary process, JPRS projects no more than about 1,000 domain name registrations for .jprs.
28.2. Single Point of Contact for Abusive Activities
As the .jprs Registry, JPRS will establish and publish the following notification on our own .jprs website:
For any abusive or illegal activities occurring within the .jprs namespace, please report or contact JPRS as follows:
Mailing address: (TBD)
JPRS will do our utmost to respond to all inquiries within 72 hours. However, if for any reason we are unable to respond within 72 hours, then an auto-reply message will be sent acknowledging that JPRS has received the inquiry and that it is currently under investigation.
The above notification will be provided on the JPRS official Web site, in both English and Japanese.
Consistent with the existing operational experience gather in connection with the .jp namespace, JPRS will collaborate cohesively with the Registrar to address and resolve any potential abusive registration.
28.3. Anti-abuse Policy
JPRS is committed to developing and implementing policies that minimize abusive registration activities that affect the legal rights of others. The following is the current proposed draft of the ʺ.jprs Anti-Abuse Policy.ʺ
.jprs Anti-abuse Policy (draft)
JPRS is committed to minimizing abusive registration activities and other illegal activities within the .jprs namespace, by including the following legal terms and conditions into all .jprs domain name registration agreements:
The nature of such abuses creates security and stability issues for the registries, registrars and registrants, as well as for the users of the Internet in general. JPRS defines abusive use of a domain name to include, without limitation, the following illegal or fraudulent actions
- Botnet commands and control:Services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (i.e. DDoS attacks) ;
- Distribution of child pornography;
- Fast flux hosting:Use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of .jprs;
- Pharming:The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning;
- Phishing:The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;
- Spam:The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;
- Willful distribution of malware:The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses; and
- Illegal Access to Other Computers or Networks:Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activities that might be used to attempt on system penetration (e.g. port scan, stealth scan, or other information gathering activity) are included.
JPRS will reserve the right to deny, cancel or transfer any registration or transaction, or place any domain name (s) on registry lock, hold or similar status as it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of JPRS, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement; (5) to correct mistakes made by JPRS or any Registrar in connection with a domain name registration; or (6) due to abusive uses, as defined above, undertaken with respect to .jprs domain names. JPRS also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.
All reports of abuse should be sent to firstname.lastname@example.org (TBD).
28.4. Removal of Orphan Glue Records
.jprs has carefully read the guidance provided by ICANNʹs Security and Stability Advisory Committee (SSAC) in SAC 048 (SSAC Comment on Orphan Glue Records in the Draft Applicant Guidebook), and will agree with the following statement:
Orphaned glue can be used for abusive purposes; however, the dominant use of orphaned glue supports the correct and ordinary operation of the DNS.
Therefore, when a registration of a parent domain name is deleted due to expiration, or any other reasons for that matter, the glue record of such parent domain name shall be also deleted. This practice is consistent with the third registry policy listed in Section 4.3 of the SAC 048. In addition, the glue records not allocated to .jprs shall not be used in any .jprs zone files.
In addition to the restricted nature of the .jprs TLD, as identified in the answer for #18 (Mission⁄purpose), and working closely with each of the domain name registrants, JPRS believes that our implementation of the third registry policy listed in Section 4.3 of the SAC 048 will be the most prudent course of action to mitigate any potential abusive activity within the .jprs namespace.
28.5. Enforcing Whois Accuracy
As described in the answer for #18 (Mission⁄purpose), the registration and the use of .jprs domain names will be limited to JPRS and its partners. Therefore, no domain names will be allocated within the .jprs name space unless JPRS identifies the requesting party as one of our JPRS partners.
We also ensure that .jprs will promptly update any changes in the .jprs Whois information, and that we will revalidate the Whois information on a periodic basis.
28.6. Policies and Procedures Regarding Malicious or Abusive Behavior, Capture Metrics, and Establish Service Level Requirements for Resolution, Including Service Levels for Responding to Law Enforcement Requests
As described in the answer for #28.3 (Anti-abuse Policy), JPRS will establish the ʺAnti-Abuse Policyʺ including the definition of abusive uses.
As described in the answer for #18 (Mission⁄purpose), we intend to provide the second level domain of .jprs for our JPRS partners, specific associated communities and other strategic partners, and JPRS will be the sole registrant of .jprs.
JPRS will take the appropriate measures if JPRS receives the investigative documents relevant to domain names registered in .jprs, from any UDRP Providers, URS Providers, and other law enforcements.
28.7. Adequate Controls to Ensure Proper Access to Domain Functions
As described in the answer for #18 (Mission⁄purpose), JPRS will be the sole registrant of .jprs and we intend to provide the second level domain of .jprs for our JPRS partners, specific associated communities and other strategic partners.
JPRS will assign a person in charge for administrating the .jprs domain name registrations (i.e., registration, renewal, modification of registration information, deletion, etc.)
The administrator described above will comply with the JPRSʹs company rules, and will be required to obtain an authorization from the supervisor (or a proper manager in charge), for any administrative actions to be taken against .jprs domain names.
The supervisor will manage IDs and Passwords, and if the administrator or supervisor is transferred to another business section then the Passwords will be replaced with new ones.
28.8. Trademark Protection Mechanism
.jprs will offer a tapestry of original Rights Protection Mechanisms (RPMs), which was envisioned by ICANNʹs Trademark Implementation Recommendation Team (IRT). The mechanisms include, but not limited to, Closed Registry ⁄ Pre-Verification, Trademark Claims Services, Sunrise Services, Uniform Domain Name Dispute-Resolution Policy (UDRP), Uniform Rapid Suspension System (URS), and Trademark Post Delegation Dispute Resolution Procedure (Trademark PDDRP), and they will minimize the possibility of any abusive registrations within the .jprs. Each of these proposed RPMs are elaborated in more detail in the answer for #29 (Rights protection mechanisms).
28.9. Technical and Operational Resources
28.9.1. Contribution for Abuse Prevention& Mitigation
In 2010, .jp was recognized as one of the worldʹs safest country code top-level domains (ccTLDs) for the second consecutive year, see http:⁄⁄us.mcafee.com⁄en-us⁄local⁄docs⁄MTMW_Report.pdf. JPRS believe this ranking is in large part attributed to the attention in detail that it has devoted toward preventing and mitigating abuse within the .jp namespace, as well as its cooperative activities with JPCERT⁄CC and other security-related organizations at home and abroad.
The Registry Operator for .jprs has a proven record of managing over 1.25 million registrations, and has structured a collaborative framework with security industry organizations that have made many efforts and accomplishments to prevent and mitigate abusive activities, including countermeasures for phishing.
Through discussion in a JP domain name advisory committee, JPRS received an advisory regarding ʺhow JPRS, as the JP Registry, should act against phishingʺ which is as follows;
(1) JPRS should attempt to provide information calling for attention to Internet users to cooperate with the relevant corporations if JPRS receives warning about any phishing activities;
(2) Based on nature of role of Registry, JPRS should not delete the domain name which is used as phishing in its sole discretion. However, JPRS should ask relative registrar to let registrant stop phishing activity.
Based on advisory above, If JPRS receives warning about any phishing activities, JPRS ask JPCERT⁄CC to give us information about suspiciousness of phishing, and act to do as (2) above.
28.10. Resource Planning
.jprs plans to implement necessary countermeasures to prevent and mitigate abusive activities for .jprs. Nevertheless, the second level domain names of .jprs will be provided for our JPRS partners, specific associated communities and other strategic partners, and JPRS itself will be the sole registrant. Moreover, as stated in the answer for #18 (Mission⁄purpose), our projection of the registration volume for the foreseeable future is about 1,000 at maximum, and therefore we suspect that the actual corresponding actions for those countermeasures required shall be limited.
JPRS will allocate one dedicated employee with substantial experiences in the .jp operations, for the customer support staff. The customer support staff will enforce the countermeasures to prevent and mitigate abusive activities. Furthermore, the same staff member will support the inquiries from the .jprs users and from the Registrar. More detailed financial information about the allocated staff member is provided in the answer for #47.1.2 (Customer Support Labor).
Similar gTLD applications: (0)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|