Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.dwgAutodesk, Inc.autodesk.comView
28.1 Abuse Prevention and Mitigation Implementation Plan

Autodesk’s primary safeguard against mitigating abusive and⁄or non-compliant registrations within the .DWG name space is the limited universe of registrants that will be permitted to register with the .DWG gTLD. As a .BRAND registry, registration will initially be limited to the Applicant. This built-in validation mechanism promotes uniform compliance and increase accuracy of WHOIS data. The Applicant is committed to providing best in class safeguards and will be closely monitoring other .BRAND applicants for suitable safeguards.

28.1.2 Policies for Handling Complaints Regarding Abuse

As required by the ICANN template Registry Agreement, the Applicant will establish, publish, and maintain on its website a single point of contact for handling abuse complaints. This contact will be a role account, e.g., abuse@registry.DWG. All email inquiries submitted to this email account will be responded to in a reasonably timely manner. The Applicant will employ an escalated complaint procedure. This procedure will place priority on complaints received from a trusted⁄verified source (e.g. law enforcement). If the complaint falls within the scope of the Applicant’s Abuse Policy Listed below, the Applicant reserves the right to suspend or cancel the non-compliant domain.

The role email account identified above will have multiple the Applicant staff recipients to allow for monitoring on a 24X7 basis. In addition the phone number provided for on the Registry website will be answered by the Applicant staff during normal working hours.

28.1.3 Proposed Measures for Removal of Orphan Glue Records

Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. The Applicant’s selected back-end registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.

To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:
- Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
- If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
If no domains reference a name server, then the zone file removes the glue record.

28.1.4 Resourcing Plans

Details related to resourcing plans for the initial implementation and ongoing maintenance of the Applicant’s abuse plan are provided in Section 2 of this response.

28.1.5 Measures to Promote WHOIS Accuracy

Ensuring the accuracy of WHOIS information is of paramount importance to the Applicant in the operation of the .DWG gTLD. The Applicant will employ the following mechanism to promote WHOIS accuracy.

-Only the Applicant and will be permitted to register in the .DWG namespace.
-There will be a strict prohibition against the use of proxy registration services;
-The Applicant will maintain a web-based form for third parties to submit claims regarding false and or inaccurate WHOIS data.

28.1.5.1 Authentication of Registrant Information

Only the Applicant and will be permitted to register in the .DWG namespace, therefore registrant information will be uniform, authenticated, accurate, and complete.

28.1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness

Verisign, the Applicant’s selected back-end registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s WHOIS accuracy requirements. Verisign provides the following service to the Applicant for incorporation into its full-service registry operations.

WHOIS data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s WHOIS Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the WHOIS information provided during the registration process, to investigate claims of fraudulent WHOIS information, and to cancel domain name registrations for which WHOIS information is determined to be invalid.

28.1.5.3 Use of Registrars

The Applicant has not yet made any determinations regarding which registrar will be selected to provide domain name registration services in the gTLD. the Applicant currently uses one corporate domain name registrar. The likely registrar plan will be to use one corporate registrar, thus enabling the Applicant to maintain its entire domain name portfolio with one registrar. However, any final determination will depend upon the Applicant and the registrar of choice reaching an agreed-upon price for the specified services.

28.1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution

The Applicant will have an Authorized Usage Policy that will govern how a registrant may use its registered domain name(s). A draft framework of this policy is as follows:

By registering a name in this gTLD, the registrant agrees to be bound by the terms of this Acceptable Use Policy (AUP). Registrant may not:
1. Use domain names for any purposes that are prohibited by the laws of the jurisdiction(s) in which registrant does business, or any other applicable law.
2. Use domain names for any purposes or in any manner that violates a statute, rule, or law governing use of the Internet and⁄or electronic commerce (specifically including “phishing,” ʺpharming,ʺ distributing Internet viruses and other destructive activities).
3. Use domain names for the following types of activity:
i. Violation of the privacy or publicity rights of any third party,
ii. Promotion of or engagement in hate speech; hate crime; terrorism; violence against people, animals, or property; or intolerance of or against any protected class;
iii. Promotion of or engagement in defamatory, harassing, abusive or otherwise objectionable behavior;
iv. Promotion of or engagement in child pornography or the exploitation of children;
v. Promotion of or engagement in any spam or other unsolicited bulk email, or computer or network hacking or cracking;
vi. Infringement on the intellectual property rights of another member of the .DWG gTLD community, or any other person or entity;
vii. Engagement in activities designed to impersonate any third party or create a likelihood of confusion in sponsorship;
viii. Interference with the operation of the .DWG gTLD or services offered by the Applicant;
ix. Installation of any viruses, worms, bugs, Trojan horses, or other code, files, or programs designed to, or capable of, disrupting, damaging, or limiting the functionality of any software or hardware; or distributing false or deceptive language, or unsubstantiated or comparative claims, regarding the Applicant;
x. Registration of .DWG domain names for the purpose of reselling or transferring those domain names.

28.1.7 Controls to Ensure Proper Access to Domain Functions

The Applicant will primarily be relying upon the safeguards incorporated at the registrar level to ensure proper access to domain names. Because the Applicant envisions working with a single corporate registrar, this will provide an important gate keeping functions.

28.1.7.2 Requiring Multiple, Unique Points of Contact and Means of Notification

The Applicant will likely assigned multiple unique point of contact. In connection with compliance, abuse, or malicious activity, an individual within the Applicant’s legal department will be identified. In connection with technical, security, and⁄or stability issues, an individual in the Applicant’s IT department will be identified. These unique POCs will have a corresponding unique email address that will auto-forward emails to these addresses to multiple individuals in each of the appropriate departments to ensure that there is no single point of failure in the communication chain.

28.2 Technical plan that is adequately resourced in the planned costs detailed in the financial section

28.2.1 Resource Planning

The Applicant is committed to operating the .DWG gTLD in a manner that protects the core brand of the Applicant. The Applicant has projected that a staff level XX FTE for legal compliance and oversight for the gTLD. In addition, the Applicant can rely upon existing in-house legal and other support staff should the need arise. The Applicant has strategically chosen Verisign as its registry services provider because of their excellent track record in operating some of the worldʹs most complex and critical top level domains. Verisignʹs support for the .DWG gTLD will help ensure its success.

28.2.2 Resource Planning Specific to Back-end Registry Activities

Verisign, the Applicant’s selected back-end registry services provider, is an experienced back-end registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a gTLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the back-end registry services it provides to the Applicant fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .COM, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
Application Engineers: 19
Business Continuity Personnel: 3
Customer Affairs Organization: 9
Customer Support Personnel: 36
Information Security Engineers: 11
Network Administrators: 11
Network Architects: 4
Network Operations Center (NOC) Engineers: 33
Project Managers: 25
Quality Assurance Engineers: 11
Systems Architects: 9

To implement and manage the .DWG gTLD as described in this application, Verisign, the Applicant’s selected back-end registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .COM and .NET). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

28.3.2 Ongoing Anti-Abuse Policies and Procedures

28.3.2.1 Policies and Procedures that Identify Malicious or Abusive Behavior

Verisign, the Applicant’s selected back-end registry services provider, provides the following service to the Applicant for incorporation into its full-service registry operations.

Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.

28.3.2.2 Policies and Procedures that Address the Abusive Use of Registered Names

Suspension processes: Any future registrant which ceases to have a qualified ongoing legal relationship with the Applicant will immediately have their domain name suspended and⁄or cancelled. In addition, any registrant that fails to timely respond to a WHOIS accuracy complaint is subject to having their domain name suspended and⁄or cancelled. Prior to taking any affirmation action in connection with an WHOIS accuracy compliant, the Applicant will attempt to contact registrant through various electronic means (email, telephone and fax).

Suspension processes conducted by back-end registry services provider: In the case of domain name abuse, the Applicant will determine whether to take down the subject domain name. Verisign, the Applicant’s selected back-end registry services provider, will follow the following auditable processes to comply with the suspension request.

Verisign Suspension Notification: the Applicant submits the suspension request to Verisign for processing, documented by:
Threat domain name
Registry incident number
Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
Threat classification
Threat urgency description
Recommended timeframe for suspension⁄takedown
Technical details (e.g., WHOIS records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
Incident response, including surge capacity

Verisign Notification Verification: When Verisign receives a suspension request from the Applicant, it performs the following verification procedures:
Validate that all the required data appears in the notification.
Validate that the request for suspension is for a registered domain name.
Return a case number for tracking purposes.

Suspension Rejection: If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to the Applicant with the following information:
Threat domain name
Registry incident number
Verisign case number
Error reason

Upon the Applicant request, Verisign can provide a process for registrants to protest the suspension.

Domain Suspension: Verisign places the domain to be suspended on the following statuses:
serverUpdateProhibited
serverDeleteProhibited
serverTransferProhibited
serverHold

Suspension Acknowledgement: Verisign notifies the Applicant that the suspension has been completed. Acknowledgement of the suspension includes the following information:
Threat domain name
Registry incident number
Verisign case number
Case number
Domain name
the Applicant abuse contact name and number, or registrar abuse contact name and number
Suspension status

28.4 When executed in accordance with the Registry Agreement, plans will result in compliance with contractual requirements

As noted in the Question 18 business plan, the purpose of this gTLD registry is to provide the Applicant with a secure and trusted namespace that is the representation of its brand online. Given the fact that the Applicant authored the contractual requirements, which have been incorporated into the Registrant Agreement, the Applicant intends to fully comply with these contractual requirements. Moreover, the Applicant has a vested interest to ensure that future registrants adhere to these legal requirements.

As noted, in the above referenced compliance section, failure for registrants to timely remedy any non-compliant activity will result in the suspension and⁄or deletion of the domain in question.

28.5 Technical plan scope⁄scale that is consistent with the overall business approach and planned size of the registry

28.5.1 Scope⁄Scale Consistency

As a .BRAND gTLD Registry, the allocated registry staff will ensure that all registrations are in compliance with the requirements set forth in the Registrant Agreement. As this staff member(s) is proposed to be sourced from the Applicant’s legal department, this will facilitate compliance of affiliates, partners, licensees or other third parties with whom the Applicant has a pre-existing legal relationship. Unlike other registries that must oversee numerous registrars and untold number of registrants, the .DWG gTLD will be a limited-universe of known entities with a pre-existing legal relationship with the Applicant that will likely be registered through one registrar.

28.5.2 Scope⁄Scale Consistency Specific to Back-End Registry Activities

Verisign, the Applicant’s selected back-end registry services provider, is an experienced back-end registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.

Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .DWG gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the back-end registry services it provides to the Applicant fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.
gTLDFull Legal NameE-mail suffixDetail
.SECURITYSymantec Corporationfairwindspartners.comView
VeriSign, Inc. Response to Question 28 Abuse Prevention and Mitigation

28.1 Abuse Prevention and Mitigation Implementation Plan

Symantec Corporation’s primary safeguard against mitigating abusive and⁄or non-compliant registrations within the .SECURITY name space is the limited universe of registrants that will be permitted to register with the .SECURITY gTLD. As a dot Brand registry, registration will initially be limited to Symantec Corporation and its qualified subsidiaries and affiliates. This built-in validation mechanism promotes uniform compliance and increase accuracy of WHOIS data. Symantec Corporation is committed to providing best in class safeguards and will be closely monitoring other .BRAND applicants for suitable safeguards.

28.1.2 Policies for Handling Complaints Regarding Abuse

As required by the ICANN template Registry Agreement, Symantec Corporation will establish, publish, and maintain on its website a single point of contact for handling abuse complaints. This contact will be a role account, e.g., abuse@registry.SECURITY. All email inquiries submitted to this email account will be responded to in a reasonably timely manner. Symantec Corporation will employ an escalated complaint procedure. This procedure will place priority on complaints received from a trusted⁄verified source (e.g. law enforcement). If the complaint falls within the scope of Symantec Corporation’s Abuse Policy Listed below, Symantec Corporation reserves the right to suspend or cancel the non-compliant domain.

The role email account identified above will have multiple Symantec Corporation staff recipients to allow for monitoring on a 24X7 basis. In addition the phone number provided for on the Registry website will be answered by Symantec Corporation staff during normal working hours.

28.1.3 Proposed Measures for Removal of Orphan Glue Records

Although orphan glue records often support correct and ordinary operation of the Domain Name System (DNS), registry operators will be required to remove orphan glue records (as defined at http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct. Symantec Corporation’s selected back-end registry services provider’s (Verisign’s) registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.

To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:

Checks during domain delete:
- Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
- If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.

Check during explicit name server delete:
Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.

Zone-file impact:
If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
If no domains reference a name server, then the zone file removes the glue record.

28.1.4 Resourcing Plans

Details related to resourcing plans for the initial implementation and ongoing maintenance of Symantec Corporation’s abuse plan are provided in Section 2 of this response.

28.1.5 Measures to Promote WHOIS Accuracy

Ensuring the accuracy of WHOIS information is of paramount importance to Symantec Corporation in the operation of the .SECURITY gTLD. Symantec Corporation will employ the following mechanism to promote WHOIS accuracy.

-Only Symantec Corporation and qualified subsidiaries, affiliates and potentially licensees, and partners of Symantec Corporation will be permitted to register in the .SECURITY namespace.
-There will be a strict prohibition against the use of proxy registration services;
-Symantec Corporation will maintain a web-based form for third parties to submit claims regarding false and or inaccurate WHOIS data.

28.1.5.1 Authentication of Registrant Information

Because all registrants in the .SECURITY gTLD namespace will have a pre-existing contractual relationship with Symantec Corporation, this will be pre-authenticated thus promoting accurate and complete WHOIS data.

28.1.5.2 Regular Monitoring of Registration Data for Accuracy and Completeness

Verisign, Symantec Corporation’s selected back-end registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s WHOIS accuracy requirements. Verisign provides the following service to Symantec Corporation for incorporation into its full-service registry operations.


WHOIS data reminder process. Verisign regularly reminds registrars of their obligation to comply with ICANN’s WHOIS Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄registrars⁄wdrp.htm). Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the WHOIS information provided during the registration process, to investigate claims of fraudulent WHOIS information, and to cancel domain name registrations for which WHOIS information is determined to be invalid.

28.1.5.3 Use of Registrars

Symantec Corporation has not yet made any determinations regarding which registrar will be selected to provide domain name registration services in the gTLD. Symantec Corporation currently uses one corporate domain name registrar. The likely registrar plan will be to use one corporate registrar, thus enabling Symantec Corporation to maintain its entire domain name portfolio with one registrar. However, any final determination will depend upon Symantec Corporation and the registrar of choice reaching an agreed-upon price for the specified services.

28.1.6 Malicious or Abusive Behavior Definitions, Metrics, and Service Level Requirements for Resolution

Symantec Corporation will have an Authorized Usage Policy that will govern how a registrant may use its registered domain name(s). A draft framework of this policy is as follows:

By registering a name in this gTLD, the registrant agrees to be bound by the terms of this Acceptable Use Policy (AUP). Registrant may not:
1. Use domain names for any purposes that are prohibited by the laws of the jurisdiction(s) in which registrant does business, or any other applicable law.
2. Use domain names for any purposes or in any manner that violates a statute, rule, or law governing use of the Internet and⁄or electronic commerce (specifically including “phishing,” ʺpharming,ʺ distributing Internet viruses and other destructive activities).
3. Use domain names for the following types of activity:
i. Violation of the privacy or publicity rights of any third party,
ii. Promotion of or engagement in hate speech; hate crime; terrorism; violence against people, animals, or property; or intolerance of or against any protected class;
iii. Promotion of or engagement in defamatory, harassing, abusive or otherwise objectionable behavior;
iv. Promotion of or engagement in child pornography or the exploitation of children;
v. Promotion of or engagement in any spam or other unsolicited bulk email, or computer or network hacking or cracking;
vi. Infringement on the intellectual property rights of another member of the .SECURITY gTLD community, or any other person or entity;
vii. Engagement in activities designed to impersonate any third party or create a likelihood of confusion in sponsorship;
viii. Interference with the operation of the .SECURITY gTLD or services offered by Symantec Corporation;
ix. Installation of any viruses, worms, bugs, Trojan horses, or other code, files, or programs designed to, or capable of, disrupting, damaging, or limiting the functionality of any software or hardware; or distributing false or deceptive language, or unsubstantiated or comparative claims, regarding Symantec Corporation;
x. Registration of .SECURITY domain names for the purpose of reselling or transferring those domain names.

28.1.7 Controls to Ensure Proper Access to Domain Functions

Symantec Corporation will primarily be relying upon the safeguards incorporated at the registrar level to ensure proper access to domain names. Because Symantec Corporation envisions working with a single corporate registrar, this will provide an important gate keeping functions.

28.1.7.2 Requiring Multiple, Unique Points of Contact and Means of Notification

Symantec Corporation will likely assigned multiple unique point of contact. In connection with compliance, abuse, or malicious activity, an individual within Symantec Corporation’s legal department will be identified. In connection with technical, security, and⁄or stability issues, an individual in Symantec Corporation’s IT department will be identified. These unique POCs will have a corresponding unique email address that will auto-forward emails to these addresses to multiple individuals in each of the appropriate departments to ensure that there is no single point of failure in the communication chain.

28.2 Technical plan that is adequately resourced in the planned costs detailed in the financial section

28.2.1 Resource Planning

Symantec Corporation is committed to operating the .SECURITY gTLD in a manner that protects the core brand of Symantec Corporation. Symantec Corporation has projected that a staff level 0.25 FTE for legal compliance and oversight for the gTLD. In addition, Symantec Corporation can rely upon existing in-house legal and other support staff should the need arise. Symantec Corporation has strategically chosen Verisign as its registry services provider because of their excellent track record in operating some of the worldʹs most complex and critical top level domains. Verisignʹs support for the .SECURITY gTLD will help ensure its success.

28.2.2 Resource Planning Specific to Back-end Registry Activities

Verisign, Symantec Corporation’s selected back-end registry services provider, is an experienced back-end registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a gTLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the back-end registry services it provides to Symantec Corporation fully accounts for cost related to this infrastructure, which is provided as “Total Critical Registry Function Cash Outflows” (Template 1, Line IIb.G) within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .COM, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:
Application Engineers: 19
Business Continuity Personnel: 3
Customer Affairs Organization: 9
Customer Support Personnel: 36
Information Security Engineers: 11
Network Administrators: 11
Network Architects: 4
Network Operations Center (NOC) Engineers: 33
Project Managers: 25
Quality Assurance Engineers: 11
Systems Architects: 9

To implement and manage the .SECURITY gTLD as described in this application, Verisign, Symantec Corporation’s selected back-end registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .COM and .NET). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

28.3.2 Ongoing Anti-Abuse Policies and Procedures

28.3.2.1 Policies and Procedures that Identify Malicious or Abusive Behavior

Verisign, Symantec Corporation’s selected back-end registry services provider, provides the following service to Symantec Corporation for incorporation into its full-service registry operations.

Malware scanning service. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.

28.3.2.2 Policies and Procedures that Address the Abusive Use of Registered Names

Suspension processes: Any registrant which ceases to have a qualified ongoing legal relationship with Symantec Corporation will immediately have their domain name suspended and⁄or cancelled. In addition, any registrant that fails to timely respond to a WHOIS accuracy complaint is subject to having their domain name suspended and⁄or cancelled. Prior to taking any affirmation action in connection with an WHOIS accuracy compliant, Symantec Corporation will attempt to contact registrant through various electronic means (email, telephone and fax).

Suspension processes conducted by back-end registry services provider: In the case of domain name abuse, Symantec Corporation will determine whether to take down the subject domain name. Verisign, Symantec Corporation’s selected back-end registry services provider, will follow the following auditable processes to comply with the suspension request.

Verisign Suspension Notification: Symantec Corporation submits the suspension request to Verisign for processing, documented by:
Threat domain name
Registry incident number
Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence
Threat classification
Threat urgency description
Recommended timeframe for suspension⁄takedown
Technical details (e.g., WHOIS records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)
Incident response, including surge capacity

Verisign Notification Verification: When Verisign receives a suspension request from Symantec Corporation, it performs the following verification procedures:
Validate that all the required data appears in the notification.
Validate that the request for suspension is for a registered domain name.
Return a case number for tracking purposes.

Suspension Rejection: If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to Symantec Corporation with the following information:
Threat domain name
Registry incident number
Verisign case number
Error reason

Upon Symantec Corporation request, Verisign can provide a process for registrants to protest the suspension.

Domain Suspension: Verisign places the domain to be suspended on the following statuses:
serverUpdateProhibited
serverDeleteProhibited
serverTransferProhibited
serverHold

Suspension Acknowledgement: Verisign notifies Symantec Corporation that the suspension has been completed. Acknowledgement of the suspension includes the following information:
Threat domain name
Registry incident number
Verisign case number
Case number
Domain name
Symantec Corporation abuse contact name and number, or registrar abuse contact name and number
Suspension status

28.4 When executed in accordance with the Registry Agreement, plans will result in compliance with contractual requirements

As noted in the Question 18 business plan, the purpose of this gTLD registry is to provide Symantec Corporation with a secure and trusted namespace that is the representation of its brand online. Given the fact that Symantec Corporation authored the contractual requirements, which have been incorporated into the Registrant Agreement, Symantec Corporation intends to fully comply with these contractual requirements. Moreover, Symantec Corporation has a vested interest to ensure that all qualified subsidiaries, affiliates, and potentially partners, licensees and other related third parties adhere to these legal requirements.

As noted, in the above referenced compliance section, failure for registrants to timely remedy any non-compliant activity will result in the suspension and⁄or deletion of the domain in question.

28.5 Technical plan scope⁄scale that is consistent with the overall business approach and planned size of the registry

28.5.1 Scope⁄Scale Consistency

As a .BRAND gTLD Registry, the allocated registry staff will ensure that all registrations are in compliance with the requirements set forth in the Registrant Agreement. As this staff member(s) is proposed to be sourced from Symantec Corporation’s legal department, this will facilitate compliance of affiliates, partners, licensees or other third parties with whom Symantec Corporation has a pre-existing legal relationship. Unlike other registries that must oversee numerous registrars and untold number of registrants, the .SECURITY gTLD will be a limited-universe of known entities with a pre-existing legal relationship with Symantec that will likely be registered through one registrar.

28.5.2 Scope⁄Scale Consistency Specific to Back-End Registry Activities

Verisign, Symantec Corporation’s selected back-end registry services provider, is an experienced back-end registry provider that has developed and uses proprietary system scaling models to guide the growth of its TLD supporting infrastructure. These models direct Verisign’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. Verisign periodically updates these models to account for the adoption of more capable and cost-effective technologies.

Verisign’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the .SECURITY gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, Verisign derived the necessary infrastructure required to implement and sustain this gTLD. Verisign’s pricing for the back-end registry services it provides to Symantec Corporation fully accounts for cost related to this infrastructure, which is provided as “Other Operating Cost” (Template 1, Line I.L) within the Question 46 financial projections response.