28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.SHOPGMO Registry, Inc.gmoregistry.comView

In order to safeguard the security and stability of .SHOP TLD, as well as the Internet at large, GMO Registry, Inc. (the Applicant) takes abuse very seriously and employs proactive measures to mitigate abusive activities.

In general, the Applicant’s abuse mitigation strategies fall into the following broad areas:
- developing and publishing a set of registration policies and enforcement mechanisms;
- developing and publishing a set of comprehensive abuse policies including clear definitions of abusive activities;
- establishing and publishing a single abuse Point of Contact to address and resolve abuse complaints at registry startup and on an ongoing basis;
- developing procedures for handling abuse complaints, including takedown requests, in a timely manner; and
- publishing Website Best Practices Information Page to introduce website best practices and prohibited activities under the TLD

In order to mitigate abusive activities and maintain a secure namespace, the Applicant intends to put in place the following .SHOP registration policies:

.SHOP domain name registration will be made available to:
- A business entity or organization that deploys commercial activities in an online or offline environment or provides information in relation thereto over the internet; or

.SHOP domain name registrations will also be made available to business entities or organizations that currently do not deploy commercial activities, but that have expressed intention to engage in these activities within one year following the registration of a .SHOP domain name.

All .SHOP domain name registrants will be required to prove that the business entities or organizations are legally established by providing the following information at the time of domain name registration:
- Country name where the business entity or organization is established
- Business entity or organization identification number type (Business ID, Tax ID, VAT, etc.)
- Business entity or organization identification number

Registrants will be entitled to register domain names that are identical or similar to their current or future trademark, business name, trade name, business identifier, company name, names under which they are commonly known, slogans, acronyms, etc., including combinations thereof, in the .SHOP gTLD.

The purpose of the domain name usage will be restricted as follows:
- Registered .SHOP domain names must be used for commercial activities in an online or offline environment or to provide information in relation thereto over the internet; or
- Registered .SHOP domain names must be intended to be used for commercial activities in an online or offline environment or to provide information in relation thereto over the internet.

Registration of a .SHOP domain name solely for the purpose of selling, exchanging, trading, leasing the domain name shall be deemed as inappropriate use or intent.
Please refer to Question 18 for more details in Usage Restrictions.

The Applicant will conduct random checks to determine compliance with registrant eligibility, name selection, and usage restrictions (hereafter “eligibility requirements”) using sampling methodologies. In case the registry determines a sampled domain is in violation of the eligibility requirements, the domain name may be deleted or placed on lock, hold, or similar status.

The Applicant defines abuse as any activity that may harm the stability and security of the DNS and Internet, including, but not limited to:

- Illegal or fraudulent activities;
- Phishing;
- Pharming;
- Using or distributing malicious software (malware);
- Sending unsolicited bulk messages (spam);
- Posting, trading, or exchanging information that harms minors;
- Posting, trading, or exchanging child pornography;
- Posting information that encourages illegal acts, crimes, murders, or suicides; and
- Posting information that is offensive to public order or morals

The Applicant reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name on lock, hold or similar status, at its sole discretion, to enforce the policy.

In order to comply with the Specification 6.4.1 of New gTLD Agreement, the Application will provide to ICANN its Abuse contact details. The information will include a valid email and mailing address and a primary contact, and the Applicant will promptly provide to ICANN a notice of any changes to the contact.

Also, the Applicant will also publish its abuse public contact information on its web site when it publicly releases the .SHOP domain name registration policies. The abuse public contact will be responsible for handling complaints concerning abusive activities relating to domains registered under the .SHOP TLD that violate the Abusive Use Policy and require expedited attention. The abuse public contact will be available 24 hours a day, 7 days a week. A person who wishes to contact the abuse public contact will be required to submit the Abuse Complaint Form via email or via the online Abuse Complaint Form on the Registry web site.

In order to gather pertinent information about a reported incident, facilitate accurate investigation, and avoid false alarms positives, the Applicant will provide an Abuse Complaint form on the registry website. The Abuse complaint form is required at the time a person contacts the abuse public contact and can be submitted online or by email in the format specified on the registry website.

- Complaint is submitted using the abuse complaint form via email or the registry web site;
- Upon receiving a complaint, the registry’s operational and registrar support team will
assign a ticket number
review complaint form
- request additional information if complaint form is deemed insufficient to carry out effective investigation
investigate the complaint to verify accuracy and to record proof of abuse
based on the nature of the abuse, assign level of severity: normal or emergency
- Emergency: the registry will suspend the domain name in question and close the complaint ticket. At the same time, it will open a ticket to inform the sponsoring registrar of the suspension along with the reason.
- Normal: open a ticket to inform the sponsoring registrar to take corrective actions. The registrar must inform the registry of actions taken. If the registrar does not take any action (that includes no response from the registrar) within a reasonable timeframe, the registry will suspend the domain name in question and close the complaint ticket.
If the domain name was suspended by the registry, and the situation is remedied by the registrant, the registrar will contact the registry via the ticket number. The registry operational and registrar support team will verify that the issue has indeed been remedied and re-enable the domain name, closing the ticket.
All actions by the operational and registrar support team will be logged

The Applicant understands that the Registration Abuse Policies Working Group has been working on developing best practices for registries and registrars addressing the fraudulent use of domain names. The Applicant will closely follow the working group discussions and documents, with a view of adopting the best practices to enhance abuse mitigation capabilities.

In addition, the Applicant will participate in security forums to keep track of the latest developments in abuse mitigation best practices and refine its abuse policies and procedures from time to time.

In order to ensure a high quality .SHOP namespace, the Applicant believes that it is important to mitigate abusive activities on websites.

In addition to the mitigation mechanism described above, the Applicant will publish an information page on its website. The information page will include a list of prohibited activities under the TLD as well as best practices for web contents. The Applicant believes that the information page will help registrants understand the purpose of the TLD, clearly publicize usage restrictions of the TLD, and help mitigate abusive activities.

The Applicant’s view on orphan glue records is consistent with the Security and Stability Advisory Committee Comment on Orphan Glue Records 〈http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf〉. The Applicant supports the use of orphan glue records for legitimate purposes. Upon receiving a complaint relating to an orphaned glue record used in connection with malicious activities, the Applicant will verify and take corrective actions in accordance with its takedown procedures.

The implementation and operation of this aspect of registry operations involve the following roles:
Technical Manager
Network Engineer
Applications Engineer
Database Administrator
System Architect
Security Officer
Technical Support
Registry Administrators
Trademark Protection Officer
QA and Process Manager

Please refer to Question 31 for the overall FTE equivalent resources available to GMO Registry during the initial implementation and ongoing operations of the registry, of which abuse handlings a subset. Please note some of these roles will be included in outsourced functions.

Initial implementation of this aspect of registry operations refers to:
development of detailed procedures on the policies and procedures set forth above
configuration of the customer support ticketing system for efficient handling of abuse complaints
training of the operational staff

During this phase, all roles listed above are involved in the planning and implementation of their respective systems in support of this component.

Ongoing Maintenance
The ongoing maintenance of abuse mitigation involves:
proactive monitoring of the SRS, Whois and DNS services to detect and curb abuse
acting as the primary abuse point of contact to coordinate the handling of complaints received and escalating to relevant vendors as necessary
monitoring of security mailing lists for takedown requests arising from security researchers and emergency response teams
participating in relevant ICANN communities to engage in knowledge sharing, implementing best practices that may emerge

The follow roles are involved in this phase of the operations:
Technical Manager
Technical Support
Security Officer
Registry Administrator
Trademark Protection Officer
QA and Process Manager
Please note some of these roles will be included in outsourced functions.

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.SHOPGMO Registry, Inc.gmoregistry.com-3.44Compare