28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.ummahUmmah Digital Limitedgmail.comView

CoCCA and UMMAH DIGITAL will address abuse in the .UMMAH using policy and technology that is currently used in several dozen production TLD environments. CoCCA’s policy matrix and SRS technology is constantly being fine-tuned in response to emerging threats and best practice recommendations.

28.1 The UMMAH DIGITAL .UMMAH Policy Matrix

UMMAH DIGITAL has chosen to adopt CoCCAʹs tested acceptable use based policy matrix, recommendations for minimizing harm in TLDs, and subject the .UMMAH TLD to the CoCCA Complaint Resolution Service (ʺCRSʺ). UMMAH DIGITALʹs polices for the .UMMAH are subordinate to any ICANN consensus-based polices or requirements for gTLDs. Any individual who has a concern regarding abuse involving a .UMMAH domain, glue record, or CoCCAʹs, PCHʹs or ISCʹs network services as they relate to the .UMMAH TLD may lodge a complaint via the CoCCA CRS. The CoCCA CRS will be modified from time to time to ensure compliance with UMMAH DIGITAL and ICANN consensus policy aimed at prevention and mitigation of abuse of the DNS.

The CoCCA best practice AUP policy matrix has been developed over the past decade and has been adopted by 16 ccTLDs. It was developed by ccTLD managers that desired to operate an efficient standards-based EPP SRS system complemented by a policy environment that addressed local concerns regarding a registrant’s ʺuseʺ of a string - as well as the more traditional gTLD emphasis on ʺrights to the stringʺ. CoCCA’s proven AUP policy matrix is well suited to the target market for the .UMMAH TLD.

A key element of CoCCA’s policy matrix is that it provides for registry-level suspensions where there is evidence of an AUP violation. The .UMMAH TLD will join other TLDs that utilize CoCCAʹs existing CRS. The CoCCA CRS provides a framework for the public, law enforcement, regulatory bodies and intellectual property owners to swiftly address concerns regarding the use of .UMMAH domains and CoCCAʹs Registry Services. The CRS can be used to address concerns regarding a domain or any resource records (by way of example, glue records) that appear in the .UMMAH zone.

The CRS procedure provides a swift, effective alternative to the court system while allowing for complaints to be handled in in a fair and equal manner and allows for all affected parties to present evidence and arguments in a constructive forum.

Under certain circumstances cases, it may be necessary for a CoCCA Complaints Officer (CCO) to trigger a Critical Issue Suspension (CIS), or a Uniform Rapid Suspension. CoCCA may suspend a domain or remove a glue (or other resource) record when there is a compelling and demonstrable threat to the stability of the Internet, evidence of criminal activity, threat to critical infrastructure or to public safety.

The intent of any CIS is to respond to abuse that may occur in a timely manner; accordingly the CoCCA CRS is a 24⁄7⁄365 service. Unlike controversial “domain seizures”, the CoCCA policy matrix facilitates CIS removal of specific records from the zone to protect the public interest but does not transfer a domain or extinguish a registration. Registrants may appeal a CIS to the CoCCA Ombudsmanʹs Office for Amicable Complaint Resolution (a free service), a CoCCA Expert for binding arbitration or to the courts.

28.2 Contractual Framework
Under the proposed policy matrix UMMAH DIGITAL will bind registrants to a .UMMAH TLD Registrant Agreement (ʺRAʺ). This RA is a collateral agreement to any Registrar-Registrant agreement and binds all Registrants to the .UMMAH AUP, Privacy and RDDS policy, CoCCA CRS and any other requirements or dispute mechanisms mandated by UMMAH DIGITAL or ICANN.

The .UMMAH draft Registrant Agreement, AUP Policy and Privacy and RDDS Policy are attached.

28.3 Minimizing Harm, Pro-active Measures

ICANN has expressed a concern regarding glue records for in-zone hosts. CoCCA automatically removes all references to a domain’s glue records from zones when a domain’s status is ʺSuspendedʺ or ʺPending Deleteʺ (in redemption). If a domain that has glue records is deleted by a registrar or purged by an automated process, the glue records are automatically deleted by the SRS. CoCCA does not depend on registrars to delete glue records.

UMMAH DIGITAL will adopt the following key provisions (28.3.1-28.3.8) of CoCCA’s already field-tested policies and technology aimed at preventing and mitigating abuse.

28.3.1 ʺTrust but Verifyʺ
Applicants for .UMMAH registrations must confirm to the registry that they agree to be bound by the registrant agreement and confirm the accuracy of contact details logged by the Registrar with the Registry. Until the Registrant or their Administrative Contact confirms the contact details with the Registry directly, views and accepts the Registrant Agreement, .UMMAH domains will be excluded from the zone and parked on a ʺpending activationʺ page. See attached Life-Cycle Policy.

Automated Activation processes are already in place for 11 TLDs currently using the CoCCA SRS. The process involves direct registry-registrant communication using email details provided to the registry by the Registrar. On registration an automated email is sent to the Registrant that contains a link, the recipient must click on the link and is directed to a web page that; 1) displays the contact information the Registrar provided, 2) displays the .UMMAH Registrant Agreement and AUP policy. Registrants must confirm the accuracy of the RDDS (WHOIS) information and agree to the policy before a domain is delegated to their nominated servers and included in the .UMMAH zone.

All responses by the Registrant are lodged against the domain’s permanent history in the SRS; the time, date and IP address are stored. CoCCAʹs Activation process allows the registry the opportunity to independently verify the accuracy of contact data supplied by the registrar, or at minimum, the existence of a functioning email. It also serves as a record of the Registrantʹs acceptance of the .UMMAH Registrant Agreement and policies.

The SRS uses dynamically generated images as a challenge-response verification to prevent automated processes from activating domains. Although registrars are required to advise registrants of the TLD policies and conditions, with the prevalence of highly automated registration systems and expansive reseller networks it cannot be guaranteed that registrants have reviewed or agreed to the policy. CoCCAʹs Activation technology helps ensure the accuracy of WHOIS data and also that Registrants are made aware of their rights and responsibilities before a name is activated.

The registrant or administrative contact must confirm the accuracy of the WHOIS data not only on initial registration, but also on the anniversary of registration and⁄or renewal.

On any change of Registrant, the new Registrant must accept the RA before the changes to the contacts are committed in the registry.

On any Registrar Transfer, the Registrant must agree to the Transfer before it is finalized in the SRS. This ensures that domains are not transferred without the consent of the existing registrant. The activation and confirmation technology does not involve EPP Extensions or place a burden on Registrars - if the information in the SRS is accurate and up-to-date. CoCCA activation procedures and technology described above are in use today; the technology undergoes constant refinement in response to Registrar and Registrant suggestions.

28.3.2 Registrants’ rights to a limited license

The .UMMAH Registrant Agreement and AUP limit a registrantʹs rights to a limited license to use - but not to sub-license the use of any portion of the allocated domain, subject to continuing compliance with all .UMMAH policies.

ʺ7. Registrant Representations and Warranties. The Registrant represents, warrants, and guarantees that:

...(ii) the Registrant will not sub-license, purport to sub-license, delegate sub-domains within or otherwise permit use by persons other than the Registrant of portions of, the .UMMAH Domain name;ʺ

See attached draft Registrant Agreement for more information.

It is increasingly common for some Registrants to register a second level domain in order to set up what amounts to a third level registry, effectively sub-licensing to third parties the use of portions of their allocated second level domain. There is significant evidence that most abuse of the DNS occurs in lower level domains created by registrants and given away or licensed to third parties. While the .UMMAH TLD policy is recursive, combating abusive activity in a TLD is complicated if the registry has no information about the user of the subordinate (lower level) domain and no way to suspend domains created by a registrant at a subordinate level. The only recourse available to UMMAH DIGITAL (where there is an actionable AUP violation involving a lower level registrant-created domain) is to suspend the super-ordinate (higher level) domain. A suspension may negatively impact third parties if the Registrant has created and sub-licensed lower level domains. The Registrant’s limited license narrows the impact of a suspension to the Registrant and limits and UMMAH DIGITAL’s liability should a higher-level domain suspension be required.

28.3.3 Fast flux mitigation

CoCCA will queue for manual intervention by CoCCAʹs Registrar Support all DNS delegation modifications that exceed four (4) requests in any 28-day period or three (3) in a one-week period. Rationale: This minimizes a registrant’s ability to frequently re-delegate a domain in order to overcome service limitations imposed by Internet service providers. Frequent re-delegation may also assist a malicious user to obscure their identity. Limiting frequent re-delegations enhances the effectiveness of service termination as a sanction by an Internet service provider. The exact thresholds for fast flux may be amended from time to time.

CoCCA also updates the .UMMAH TLD zones no more than 12 times a day, in a small TLD this is sufficient. If there is an urgent need to remove a domain or glue record from a zone, CoCCA Compliant Resolution Officers are available 24⁄7⁄365 and can propagate a zone on demand when a complaint is received that requires immediate action or propagation of a new zone.

28.3.4 Anycast Resiliency

A denial of service (DoS) on a DNS resolver from a single ISP will usually only affect a single node. All other nodes in the world will not notice anything about the attack and the rest of the Internet will thus not notice it either. A local attack therefore only affects the local neighborhood. Distributed denial of service (DDoS) attacks usually affect a few nodes only, but because the attack is spread out between nodes, so is the amount of traffic flowing to each node. With 80+ nodes and two Anycast networks, the .UMMAH TLD is well protected against abuse targeting the .UMMAH DNS resolvers. PCH and ISC constantly monitor their Anycast networks and will take action to block DoS traffic before it gets to an anycast node or remove the node from the anycast cloud.

28.3.5 High Risk Strings

UMMAH DIGITAL will require manual intervention by the Registry Services Provider before domains that contain various strings such as ʺbankʺ, ʺsecureʺ, etc. go into the zone. A comprehensive list of high-risk strings will be compiled and advertised prior to launch. CoCCA has technology in place which allows registrars to submit an application to register a domain that may contain a high - risk string but CoCCA’s SRS will not delegate them until they are manually approved by COCCAʹs Registrar Support. CoCCAʹs Registrar Support may ask the Registrar to upload via the CoCCA GUI supporting documents (which become part of the domains permanent public record) before delegating the domain.

This technology is in place and has been field tested over the past several years. It was developed in response to the conficker virus threat and a request by the Egyptian government for tools related to the launch of the .masr IDN TLD.

28.3.6 UMMAH DIGITAL CERT Law Enforcement Collaboration

UMMAH DIGITAL will provide CERT, Law Enforcement and other interested parties direct read-only Access to the SRS on application for research and other activities related to identifying and mitigating abuse. CoCCA already provides direct access to the Australian Government CERT and thesecuredomain.org. The CoCCA SRS contains a variety of login types with various permissions, one such type is ʺCert⁄Law Enforcementʺ which allows GUI - based query as well as EPP and Zone Access. Under the access agreement the information in the SRS can be shared with other CERTS or Law Enforcement entities. CERT or Law Enforcement may under certain situations trigger an automated suspension of a domain, this is provided for in the .UMMAH RA.

ʺUMMAH DIGITAL may delegate authority to:
(i) investigate any breach or potential breach of .UMMAH TLD Policies; and
(ii) take action to cure or sanction any breach or potential breach of .UMMAH TLD Policies;
including the authority to automatically suspend use of the .UMMAH Domain name upon detection by a service provider or notification from an Internet security agency that the .UMMAH Domain name may contain malicious software or violate the .UMMAH AUP.

In such circumstances neither UMMAH DIGITAL, its employees, delegees, agents, assigns nor the external service provider or Internet security agency triggering the suspension shall be liable to the Registrant or any other person on account of any service disruption or loss, irrespective of the nature of that loss.ʺ

See attached for the RA in entirety.

CoCCA may provide access to other CERTS free of charge on request. Where an application for free access is rejected, any entity may purchase a Premium RDDS subscription that gives similar level of access. CoCCA will automate checks against third party databases of suspected malicious hosts and domains when suitable APIʹs can be identified and as APIʹs become available.

28.3.7 Domain Scans

The .UMMAH Registrant Agreement allows the Registry Services provider to scan or contract the scanning of domains for malware or other exploits. Scanning all domains in TLD has been tested by CoCCA but has been of limited use as most malicious use is in the third or lower level domains and cyber criminals have developed technical solutions to avert detection by common malware scanning methods. Where there is a suspicion of malicious code or activity, or if scanning technology improves CoCCA may scan websites ending in .UMMAH.

From the .UMMAH RA (attached)

ʺ(v) The Registrant grants an irrevocable license to UMMAH DIGITAL, its agents and assignees to access, monitor and scan any content published, including where such processes involve an intrusion or cause modification of data, providing such scanning is for the purpose of identifying internet security vulnerabilities or the presence of malicious software or content capable of causing harm or disruption to the systems of other Internet users.ʺ

28.3.7 Notify Services

Subscribers to CoCCAʹs Premium RDDS service may create lists of domains or strings (including using java regular expressions), when a domain that matches one of these is registered - in any TLD in the CoCCA SRS, the subscriber will be notified by email and⁄or EPP polling message.

28.3.8 Malware Malicious Domain Polling

CoCCA will continuously poll against trusted databases for domains or subdomains that have been associated with malicious activity. By way of example; CoCCA will poll thesecuredomain.org for any .UMMAH domain or subordinate “registrant created” domain that matches a domain in the SRS, if a match is found the information will be extracted from the third party database and become part of the domain’s record. If there are multiple independent matches the domain may be automatically suspended.

28.4 CoCCA Complaint Resolution Service

The Complaint Resolution Service (ʺCRSʺ) has been operational for six years. It is collateral to any ICANN required complaint or dispute Services. It provides a transparent, efficient and cost effective way for the public, law enforcement, regulatory bodies and intellectual property owners to have their concerns addressed regarding use of a TLD manager’s network or CoCCAʹs SRS services. The CRS provides a single framework in which cyber-crime, accessibility of prohibited Internet content and abuse of intellectual property rights are addressed. The framework relies on three tiers of review: immediate action to protect the public interest, amicable complaint resolution led by an independent Ombudsman, and where applicable, adjudication by an Expert. The CRS provides an efficient and swift alternative to the Courts. The COCCA CRS is collateral to any ICANN UDRP, URS or other mandated dispute or complaint resolution services.

Third party complaints against a registrant’s use of a domain may be addressed through CoCCAʹs CRS protocol - or alternatively depending on the nature of the complaint, UDRP. The .UMMAH AUP generally deals with a broader range of issues than are covered by the ICANN policy and may be more appropriate. When a complaint is filed, a CoCCA Complaints Officer (CCO) ensures that it meets the necessary criteria. If it does, notice is sent to involved parties and CRS Proceedings begin. If a Registrant responds to the complaint, it will be referred to an Ombudsman for Amicable Complaint Resolution (ACR). If ACR does not achieve acceptable resolution, the complainant may request binding arbitration by a CoCCA Expert.

In some cases, a Critical Issue Suspension (CIS) may become necessary. If a CoCCA Complaints Officer deems a CIS to be necessary, the domain, or other resource records in a zone will be disabled (removed from the zone) until a enduring resolution is found using the CRS protocol. A CIS does not terminate the license to a domain, it simply removes it from the zone.

A copy of the current CoCCA CRS Policy and Procedures and Overview Diagram is attached.

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.wedAtgron, Inc.atgron.com-3.73Compare