Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.schoolFegistry, LLCfegistry.comView
Except where specified this answer refers to the operations of the Applicantʹs outsource Registry Service Provider, CentralNic.
Top Level Domain registries stand in a unique position within the global DNS infrastructure.
TLD registries collect registrants’ registration data and so often “know” the entity responsible for a particular domain name. TLD registries record associations between domain names, registrars and registrants and therefore are in the core of the control chain for every domain name in the TLD. Registries also directly control the delegation records and therefore have the power to enable or disable a particular domain name in the DNS.
This unique position gives power and calls for responsibility. Applicant as a future TLD registry recognizes its important role in maintaining law and order and is committed to acting in the best interests of the public.
Hereby we provide a description of the principles and procedures we will apply to mitigate abusive conduct.

28.1. Single Abuse Point of Contact
To streamline the information flow and to facilitate ease of communication with the public, Applicant will dedicate a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD. The contact information will consist of at least an email address and a telephone number. This point of contact will be prominently published on the registry website by the commencement of the Sunrise period.
Applicant will ensure that:
The e-mail account is continuously monitored and all communication securely stored
The telephone number is either answered by a live person or diverted to a monitored voicemail account.
Abuse contact information will be kept current and will be updated should it ever change in a timely manner
Messages received through the published abuse point of contact will be processed via the same procedure and within the same timeframe as the signals coming from the monitoring systems. Each message, both via email and phone channels, triggers the creation of a support ticket in a dedicated queue and procedures for ticket escalation exist. Messages originating from law enforcement authorities are by default assigned an escalated level. For critical tickets personnel is available 24x7 to react accordingly.
Applicant and CentralNic commit to responding to all abuse complaints within 24 hours of receipt (on a 24x7 basis). During the time periods when its global offices are open (typically 8am-6pm in London, Los Angeles and Dubai) response times are expected to be substantially faster, at around 2-3 hours.

28.2. Policy on Handling Complaints Regarding Abuse
Applicant is prepared to deal with situations where registry intervention may be required in order to stop illegal activity, prevent abusive conduct or to enforce the law.
Applicant will adopt a comprehensive Acceptable Use Policy that will establish what constitutes acceptable use of the domain and will contain a description of procedures registry that will apply to enforce the Policy. The initial policy is provided in answer to question 29.
An enforcement action may be triggered by a variety of events including complaints from the public, registrars or ICANN, decisions of a competent dispute resolution provider, outreach from a governmental agency or findings produced by internal investigation or monitoring processes.
Normally if abusive behaviour in a TLD is encountered, the reports of such behaviour and the evidence available will be analysed by the Registry. If the Registry, in its sole discretion, concludes that a Domain Name Holder has indeed violated a TLD Policy, the registrant will be given a notice and opportunity to correct the breach.
Furthermore, the registry reserves the right to lock the domain name or put it on hold (preventing domain resolution in the DNS). In extreme cases where a domain is involved in malicious or illegal activity there are provisions for rapid takedown of the domain name in question. The situations in which rapid takedown provisions may be applied, include, but are not limited to:
Phishing
Pharming
Distribution of illegal content
Distribution of malware
Fast flux hosting
Botnetting
Unauthorized access to information systems
Threats to the security and⁄or stability of the TLD
The Acceptable Use Policy will be incorporated into the Registry-Registrar agreements and Registrars will be required to pass through the requirements to comply with the policy to the registrants.
Applicant will take reasonable steps to investigate and respond to any reports of illegal activity in connection with the use of the TLD and will cooperate with the competent governmental agencies in such investigations.
Applicant will utilize the expert services of its registry services provider CentralNic to implement and enforce all of our anti-abuse policies in our TLD. CentralNic has dedicated and scalable resources for this function, described below.
CentralNic has long experience in the domain registry business, and is an industry leader with respect to its anti-abuse policies. CentralNic has a dedicated Dispute Resolution Policy in place with WIPO, found at WIPO’s website: http:⁄⁄www.wipo.int⁄amc⁄en⁄domains⁄gtld⁄cnic⁄index.html.
This policy mirrors the UDRP policy for new gTLDs and, as a result, CentralNic already has real-time experience working with WIPO to implement and execute a similar policy.
CentralNic has trained personnel who handle interaction with WIPO, to ensure that panelists’ decisions are carried out expeditiously as required by the DRP.
CentralNic also enforces a Policy on Phishing and Fraud, found at its dedicated Phishing & Abuse page at the following website: https:⁄⁄www.centralnic.com⁄support⁄abuse. Pursuant to clause 13, sections (f) and (h) of CentralNicʹs Terms and Conditions, CentralNic may cancel the registration or suspend registration of a domain name:
(f) if CentralNic believes that the domain name was registered for use in a ʺphishingʺ attack or other illegal activity of any kind.
(h) if inaccurate or false contact details are provided.
Further to these conditions, CentralNic operates the following policy regarding suspected ʺphishingʺ domain names:
- If we have a reasonable suspicion that a domain name registered at CentralNic is being used in a phishing attack, or otherwise being used for other illegal activities, we will place the domain name ʺOn Holdʺ and under a Registry Lock. - We will then notify the current registrar for the domain name. If the registrar can provide confirmation that the domain name was registered in ʺgood faithʺ by the registrant, then CentralNic will immediately unlock the domain name and place it on the ʺLiveʺ status. - If no confirmation is received, or the registrars agree that the domain name was registered in ʺbad faithʺ, the domain name will be placed onto ʺPending Deletionʺ, and will be fully deleted from the database after 45 days.

28.3. Orphan Glue
CentralNicʹs registry system includes effective measures to prevent the abuse of orphan glue records.
Firstly, the Shared Registry System will reject any request to create host object that is the child of a non-existent domain name. That is, if EXAMPLE.TLD does not exist, then NS0.EXAMPLE.TLD cannot be created. If the parent domain name does exist, then only the sponsoring registrar of that domain is permitted to create child host objects.
CentralNicʹs registry system currently follows the third model described in the SAC 048 report: orphan glue records are deleted from the registry and removed from the DNS when the parent domain name is deleted. If other domains in the database are delegated to orphan hosts that are removed, then the delegation is also removed from these domains.

28.4. Measures to Maintain Whois Accuracy
Applicant will operate a “thick” WHOIS system, in which all registrants’ contact information will be stored in a single database maintained by the registry. Accredited registrars will have the ability to change the records in that database through the Shared Registration System. The Registry-Registrar agreement requires registrars to ensure that the WHOIS data is accurate at the time of submission and also requires the information provided on the system to be updated in a timely manner in case of any changes. Corresponding provisions also exist in the Registrar Accreditation Agreement (RAA), para. 3.7.7.
In addition to the standard measures described above, the .TLD WHOIS system will feature extra levels of reliability with regards to Whois information.

28.4.1. Extra checks on WHOIS data
Applicant, through its Registry-Registrar agreements will require registrars to perform the following additional checks on the WHOIS data:
Verify syntactic correctness of email addresses and phone numbers by validating them against the corresponding standards
Verify that the domain holder receives email at the addresses listed in WHOIS as registrant’s email address and administrative contact email address, by requiring them to click a unique web link that is sent to those addresses.
28.4.2. Random audits of WHOIS records by the Registry
Applicant will periodically (at least once every 12 months) perform a random check of WHOIS records in .TLD for prima facie evidence of fraudulent or inaccurate WHOIS information. For those suspicious records that may be found, Applicant will further require registrars to conduct a reasonable investigation and to respond with one of the three possible actions:
confirm that the information provided in WHOIS is accurate, or
correct the WHOIS information, or
delete the domain name(s).
The measures described above exceed the ICANN requirements and are adequate to improve accuracy of WHOIS information while maintaining low implementation cost for registrars and good user experience for registrants.

28.5. Resourcing
Applicant and CentralNic will provide abuse response on a 24x7 basis. The resourcing to fulfill this function will be provided by a combined team of support and operations personnel. The first response function will be provided by support agents during normal office hours, with this responsibility being passed to the Network Operations Centre(NOC) during 24x7 operations.
As can be seen in the Resourcing Matrix found in Appendix 23.2, CentralNic will maintain a team of full-time developers and engineers which will contribute to the development and maintenance of this aspect of the registry system. These developers and engineers will not work on specific subsystems full-time, but a certain percentage of their time will be dedicated to each area. The total HR resource dedicated to this area is equivalent to 75% of a full-time role.
CentralNic operates a shared registry environment where multiple registry zones (such as CentralNicʹs domains, the .LA ccTLD, this TLD and other gTLDs) share a common infrastructure and resources. Since the TLD will be operated in an identical manner to these other registries, and on the same infrastructure, then the TLD will benefit from an economy of scale with regards to access to CentralNicʹs resources.
CentralNicʹs resourcing model assumes that the ʺdedicatedʺ resourcing required for the TLD (ie, that required to deal with issues related specifically to the TLD and not to general issues with the system as a whole) will be equal to the proportion of the overall registry system that the TLD will use. After three years of operation, the optimistic projection for the TLD states that there will be 10,000 domains in the zone. CentralNic has calculated that, if all its TLD clients are successful in their applications, and all meet their optimistic projections after three years, its registry system will be required to support up to 4.5 million domain names. Therefore the TLD will require 0.22% of the total resources available for this area of the registry system.
In the event that registration volumes exceed this figure, CentralNic will proactively increase the size of the Technical Operations, Technical Development and support teams to ensure that the needs of the TLD are fully met. Revenues from the additional registration volumes will fund the salaries of these new hires. Nevertheless, CentralNic is confident that the staffing outlined above is sufficient to meet the needs of the TLD for at least the first 18 months of operation.

28.6. Periodic review of anti-abuse policies
Applicant acknowledges that new types of abusive behaviour emerge in cyber space and is prepared to take steps to counter any new types of abuse. Applicant will periodically (once every 12 months, or more frequently depending on the circumstances) require CentralNic to provide reports regarding the received abuse-related complaints. Such reports should contain categorisation of the abusive behaviour reported, actions taken and response time. Applicant will analyse the reports and will review its anti-abuse policies to continually improve the handling of abuse complaints.
gTLDFull Legal NameE-mail suffixDetail
.styleTop Level Design, LLCgmail.comView
Except where specified this answer refers to the operations of the Top Level Design, LLC ʹs outsource Registry Service Provider, CentralNic.

Top Level Domain registries stand in a unique position within the global DNS infrastructure.

TLD registries collect registrants’ registration data and so often “know” the entity responsible for a particular domain name. TLD registries record associations between domain names, registrars and registrants and therefore are in the core of the control chain for every domain name in the TLD. Registries also directly control the delegation records and therefore have the power to enable or disable a particular domain name in the DNS.

This unique position gives power and calls for responsibility. Top Level Design, LLC as a future TLD registry recognizes its important role in maintaining law and order and is committed to acting in the best interests of the public.

Hereby we provide a description of the principles and procedures we will apply to mitigate abusive conduct.

28.1. Single Abuse Point of Contact
To streamline the information flow and to facilitate ease of communication with the public, Top Level Design, LLC will dedicate a single abuse point of contact responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the TLD. The contact information will consist of at least an email address and a telephone number. This point of contact will be prominently published on the registry website by the commencement of the Sunrise period.

Top Level Design, LLC will ensure that:
• The e-mail account is continuously monitored and all communication securely stored
• The telephone number is either answered by a live person or diverted to a monitored voicemail account.
• Abuse contact information will be kept current and will be updated should it ever change in a timely manner

Messages received through the published abuse point of contact will be processed via the same procedure and within the same timeframe as the signals coming from the monitoring systems. Each message, both via email and phone channels, triggers the creation of a support ticket in a dedicated queue and procedures for ticket escalation exist. Messages originating from law enforcement authorities are by default assigned an escalated level. For critical tickets personnel is available 24x7 to react accordingly.

Top Level Design, LLC and CentralNic commit to responding to all abuse complaints within 24 hours of receipt (on a 24x7 basis). During the time periods when its global offices are open (typically 8am-6pm in London, Los Angeles and Dubai) response times are expected to be substantially faster, at around 2-3 hours.

28.2. Policy on Handling Complaints Regarding Abuse
Top Level Design, LLC is prepared to deal with situations where registry intervention may be required in order to stop illegal activity, prevent abusive conduct or to enforce the law.

Top Level Design, LLC will adopt a comprehensive Acceptable Use Policy that will establish what constitutes acceptable use of the domain and will contain a description of procedures registry that will apply to enforce the Policy. The initial policy is provided in answer to question 29.

An enforcement action may be triggered by a variety of events including complaints from the public, registrars or ICANN, decisions of a competent dispute resolution provider, outreach from a governmental agency or findings produced by internal investigation or monitoring processes.

Normally if abusive behaviour in a TLD is encountered, the reports of such behaviour and the evidence available will be analysed by the Registry. If the Registry, in its sole discretion, concludes that a Domain Name Holder has indeed violated a TLD Policy, the registrant will be given a notice and opportunity to correct the breach.

Furthermore, the registry reserves the right to lock the domain name or put it on hold (preventing domain resolution in the DNS). In extreme cases where a domain is involved in malicious or illegal activity there are provisions for rapid takedown of the domain name in question. The situations in which rapid takedown provisions may be applied, include, but are not limited to:
• Phishing
• Pharming
• Distribution of illegal content
• Distribution of malware
• Fast flux hosting
• Botnetting
• Unauthorized access to information systems
• Threats to the security and⁄or stability of the TLD

The Acceptable Use Policy will be incorporated into the Registry-Registrar agreements and Registrars will be required to pass through the requirements to comply with the policy to the registrants.

Top Level Design, LLC will take reasonable steps to investigate and respond to any reports of illegal activity in connection with the use of the TLD and will cooperate with the competent governmental agencies in such investigations.

Top Level Design, LLC will utilize the expert services of its registry services provider CentralNic to implement and enforce all of our anti-abuse policies in our TLD. CentralNic has dedicated and scalable resources for this function, described below.

CentralNic has long experience in the domain registry business, and is an industry leader with respect to its anti-abuse policies. CentralNic has a dedicated Dispute Resolution Policy in place with WIPO, found at WIPO’s website: http:⁄⁄www.wipo.int⁄amc⁄en⁄domains⁄gtld⁄cnic⁄index.html. CentralNic has trained personnel who handle interaction with WIPO, to ensure that panelists’ decisions are carried out expeditiously as required by the DRP.

CentralNic also enforces a Policy on Phishing and Fraud, found at its dedicated Phishing & Abuse page at the following website: https:⁄⁄www.centralnic.com⁄support⁄abuse. Pursuant to clause 13, sections (f) and (h) of CentralNicʹs Terms and Conditions, CentralNic may cancel the registration or suspend registration of a domain name:
(f) if CentralNic believes that the domain name was registered for use in a ʺphishingʺ attack or other illegal activity of any kind.
(h) if inaccurate or false contact details are provided.

Further to these conditions, CentralNic operates the following policy regarding suspected ʺphishingʺ domain names:
- If we have a reasonable suspicion that a domain name registered at CentralNic is being used in a phishing attack, or otherwise being used for other illegal activities, we will place the domain name ʺOn Holdʺ and under a Registry Lock. - We will then notify the current registrar for the domain name. If the registrar can provide confirmation that the domain name was registered in ʺgood faithʺ by the registrant, then CentralNic will immediately unlock the domain name and place it on the ʺLiveʺ status. - If no confirmation is received, or the registrars agree that the domain name was registered in ʺbad faithʺ, the domain name will be placed onto ʺPending Deletionʺ, and will be fully deleted from the database after 45 days.

28.3. Orphan Glue
CentralNicʹs registry system includes effective measures to prevent the abuse of orphan glue records.

Firstly, the Shared Registry System will reject any request to create host object that is the child of a non-existent domain name. That is, if EXAMPLE.style does not exist, then NS0.EXAMPLE.style cannot be created. If the parent domain name does exist, then only the sponsoring registrar of that domain is permitted to create child host objects.

CentralNicʹs registry system currently follows the third model described in the SAC 048 report: orphan glue records are deleted from the registry and removed from the DNS when the parent domain name is deleted. If other domains in the database are delegated to orphan hosts that are removed, then the delegation is also removed from these domains.

28.4. Measures to Maintain Whois Accuracy
Top Level Design, LLC will operate a “thick” WHOIS system, in which all registrants’ contact information will be stored in a single database maintained by the registry. Accredited registrars will have the ability to change the records in that database through the Shared Registration System. The Registry-Registrar agreement requires registrars to ensure that the WHOIS data is accurate at the time of submission and also requires the information provided on the system to be updated in a timely manner in case of any changes. Corresponding provisions also exist in the Registrar Accreditation Agreement (RAA), para. 3.7.7.

In addition to the standard measures described above, the .style WHOIS system will feature extra levels of reliability with regards to Whois information.

28.4.1. Extra checks on WHOIS data
Top Level Design, LLC, through its Registry-Registrar agreements will require registrars to perform the following additional checks on the WHOIS data:
• Verify syntactic correctness of email addresses and phone numbers by validating them against the corresponding standards
• Verify that the domain holder receives email at the addresses listed in WHOIS as registrant’s email address and administrative contact email address, by requiring them to click a unique web link that is sent to those addresses.

28.4.2. Random audits of WHOIS records by the Registry
Top Level Design, LLC will periodically (at least once every 12 months) perform a random check of WHOIS records in .style for prima facie evidence of fraudulent or inaccurate WHOIS information. For those suspicious records that may be found, Top Level Design, LLC will further require registrars to conduct a reasonable investigation and to respond with one of the three possible actions:
• confirm that the information provided in WHOIS is accurate, or
• correct the WHOIS information, or
• delete the domain name(s).
The measures described above exceed the ICANN requirements and are adequate to improve accuracy of WHOIS information while maintaining low implementation cost for registrars and good user experience for registrants.

28.5. Resourcing
Top Level Design, LLC and CentralNic will provide abuse response on a 24x7 basis. The resourcing to fulfill this function will be provided by a combined team of support and operations personnel. The first response function will be provided by support agents during normal office hours, with this responsibility being passed to the Network Operations Centre(NOC) during 24x7 operations.

As can be seen in the Resourcing Matrix found in Appendix 23.2, CentralNic will maintain a team of full-time developers and engineers which will contribute to the development and maintenance of this aspect of the registry system. These developers and engineers will not work on specific subsystems full-time, but a certain percentage of their time will be dedicated to each area. The total HR resource dedicated to this area is equivalent to 75% of a full-time role.

CentralNic operates a shared registry environment where multiple registry zones (such as CentralNicʹs domains, the .LA ccTLD, this TLD and other gTLDs) share a common infrastructure and resources. Since the TLD will be operated in an identical manner to these other registries, and on the same infrastructure, then the TLD will benefit from an economy of scale with regards to access to CentralNicʹs resources.

CentralNicʹs resourcing model assumes that the ʺdedicatedʺ resourcing required for the TLD (ie, that required to deal with issues related specifically to the TLD and not to general issues with the system as a whole) will be equal to the proportion of the overall registry system that the TLD will use. After three years of operation, the optimistic projection for the TLD states that there will be 32,182 domains in the zone. CentralNic has calculated that, if all its TLD clients are successful in their applications, and all meet their optimistic projections after three years, its registry system will be required to support up to 4.5 million domain names. Therefore the TLD will require .72% of the total resources available for this area of the registry system.

In the event that registration volumes exceed this figure, CentralNic will proactively increase the size of the Technical Operations, Technical Development and support teams to ensure that the needs of the TLD are fully met. Revenues from the additional registration volumes will fund the salaries of these new hires. Nevertheless, CentralNic is confident that the staffing outlined above is sufficient to meet the needs of the TLD for at least the first 18 months of operation.

28.6. Periodic review of anti-abuse policies
Top Level Design, LLC acknowledges that new types of abusive behaviour emerge in cyber space and is prepared to take steps to counter any new types of abuse. Top Level Design, LLC will periodically (once every 12 months, or more frequently depending on the circumstances) require CentralNic to provide reports regarding the received abuse-related complaints. Such reports should contain categorisation of the abusive behaviour reported, actions taken and response time. Top Level Design, LLC will analyse the reports and will review its anti-abuse policies to continually improve the handling of abuse complaints.