28 Abuse Prevention and Mitigation

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.BANAMEXCitigroup Inc.steptoe.comView

Abuse within the TLD will not be tolerated. Citigroup Inc. (ʺApplicantʺ) will implement very strict policies and procedures to minimize abusive registrations and other activities that have a negative impact on Internet users.

One of Applicant’s primary abuse prevention and mitigation strategies is to ensure that only Applicant registers and Applicant and⁄or its Affiliates (as defined in Applicant’s registration policy) use domain names in the TLD under strict guidelines as set by Applicant. In order to ensure that Applicant does not register abusive domain names, Applicant has appointed a single group of employees as authorized to register, acquire, and⁄or monitor domain names in the TLD.

As stated elsewhere, Applicant will not allow the registration of any domain names, except for those required by ICANN and for internal business or testing purposes, that resolve to websites for likely one (1) to five (5) years while it conducts marketing and technical studies on how to best operate the TLD. Accordingly, Applicant will initially register and use only two domain names, namely, [NIC.BANAMEX] to host a homepage that provides Applicant’s contact information and the Abuse Policy and [WHOIS.BANAMEX] to provide access to the TLD’s Whois database.

Any registration of a domain name in the applied-for .BANAMEX gTLD (the ʺTLDʺ) will be guided by internal guidelines that define a set of governance policies and processes for managing Applicant’s portfolio of domain names and sub-domains used internally and externally. The guidelines will provide that a single group of employees, namely Applicant’s Domain Name Team, which consists of several domain professionals based in North America and Singapore, will review and approve or reject all new domain and sub-domain registrations and transfers that are requested by Applicant’s business divisions and after approval from Applicant’s Legal and Operations & Technology (“O&T”) team. The Domain Name Team’s role is to facilitate adherence to the guidelines and to review requests with respect to branding, trademark, and technical issues.

The guidelines’ objectives are:

1. Provide standards and governance for the various aspects of domain names managed and owned by Applicant, considering their domain’s impact on global or corporate areas such as Applicant’s Operations & Technology (“O&T”), Global Branding, and Trademark groups;
2. Define Applicant’s businesses’ roles and responsibilities in the management of domain names though their life-cycle; and
3. Support corporate strategies on brand naming and trademark protection in the domain name space.

Applicant’s guidelines also provide for various representatives of Applicant’s Domain Name Team, O&T Team, Senior Global branding, Corporate Communications, Corporate Technology, Trademark Counsel, and Regional Consumer and Institutional Clients Group (“ICG”) Digital officers to consult on:

Reviewing and approving requests during the last month for trends and compliance
Reviewing and deciding on exceptions requested in the last month
Reviewing and deciding on domain names to be retired
Initiating and approving updates to the guidelines
Discussing strategic internal and external issues in connection with domain and sub-domain policies and procedures (i.e. ICANN events, new gTLDs, etc.)

The Domain Name Team is further tasked with monitoring domain name data (e.g., ownership, name servers, etc.) and configuration (redirects) in order to guarantee compliance adherence to the guidelines in the long term. If a domain name is found not compliant, the Domain Name Team will notify the business client to take remedial action and confirm that required changes were made.

Regarding how Applicant will likely structure its domain names, if displayed to the public, the Domain Name Team will only be allowed to register or acquire domain names for approved business purposes that consist of a generic qualifier followed by an existing, approved primary domain name corresponding to one of Applicant’s brand or business names under Applicant’s branding standards or a modifier after the TLD. A generic qualifier is defined as a clear, straightforward term that corresponds to the services offered on the particular Website or pages, e.g., college.debitcards.banamex or cashtradetreasury.banamex. A modifier is a “subdirectory” of a domain name (each term is separated by a slash) that identifies a particular web page or web site on the TLD server. In the example “www.banamex.tld⁄corporaterealtyservices” “corporaterealtyservices” is the subdirectory⁄modifier. Names that do not have this structure require branding approval and trademark review and⁄or clearance and will be reviewed by the Domain Name Team. Non-standard domain names will be redirected to primary Applicant websites.

The guidelines also provide that all domain names or sub-domains owned and managed by Applicant that include or reference a third party brand or trademark require written approval, through license or otherwise, from the third party granting permission to Applicant to use its brand name in the specific URL.

With these and other policies in place regarding sub-domains, intranet websites, subdirectories, vanity domain names, re-registration, domain retirement, among others, Applicant will have a strong and robust internal structure prepared to avoid and root out any abusive domain name registration and⁄or use in the applied-for TLD.

Anti-Abuse Policy

Applicant will implement in its internal guidelines and its Registrar and Registration agreements that all domain names in the TLD will be subject to this Domain Name Anti-Abuse Policy (“Abuse Policy”).

The Abuse Policy will provide Applicant with broad power to suspend, cancel, or transfer domain names that violate the Abuse Policy. Applicant will publish the Abuse Policy on its website at NIC.BANAMEX and clearly provide Applicant’s Abuse Point of Contact (“Abuse Contact”) and its contact information. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of abuse complaints, and a telephone number, mailing address, and fax number for the Abuse Contact. Applicant will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made.

Inquiries addressed to the Abuse Contact will be forwarded to Applicant’s Intellectual Property Legal Team, which currently consists of four (4) lawyers, who will review with possible consultation with outside counsel (together, Applicant’s “Legal Team”) and if applicable remedy any Complaint regarding an alleged violation of the Abuse Policy as described in more detail below. Applicant will catalog all abuse communications and provide them to third parties within a reasonable time under limited circumstances, such as in response to a subpoena or other such court order or demonstrated official need by law enforcement.

The Abuse Policy will state, at a minimum, that Applicant reserves the right to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Applicant, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or any agreement Applicant has with any party; (5) to correct mistakes made by the Applicant, registry services provider, or any registrar in connection with a domain name registration; (6) during resolution of any dispute regarding the domain; and (7) if a registrant’s pre-authorization fails.

The Abuse Policy will define the abusive use of domain names to include, but not be limited to, the following activities:

Illegal or fraudulent actions: use of the Applicant’s or Registrarʹs services to violate the laws or regulations of any country, state, or other jurisdiction in which the Internet may operate, or in a manner that adversely affects the legal rights of any other person;
Spam: use of electronic messaging systems from email addresses from domains in the TLD to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums;
Phishing: use of counterfeit Web pages within the TLD that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;
Pharming: redirecting of unknowing users to fraudulent Web sites or services, typically through DNS hijacking or poisoning;
Willful distribution of malware: dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses.
Fast flux hosting: use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of PIR;
Botnet command and control: services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks);
Distribution of pornography;
Illegal Access to Other Computers or Networks: illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity);
Non-intended Use: use of the domain name other than that which was stated during the registration, without a change of intended use accepted by Applicant;
Reselling Domain Names: resale of a domain name will not be accepted by Applicant or any registrar during the life of the TLD;
Cybersquatting: registration of a domain name confusingly similar to a third party’s name or trademark without any legitimate interest in the name and in bad faith;
Domain Kiting⁄Tasting: registration of domain names to test their commercial viability before returning them during a Grace Period;
High Volume Registrations⁄Surveying: registration of multiple domain names in order to warehouse them for sale or pay-per-click websites in a way that can impede Applicant from offering them to legitimate users or timely services to other subscribers;
Inadequate Security: registering and using a domain name to host a website that collects third-party information but does not employ adequate security measures to protect third-party information in accordance with that geographic area’s data and financial privacy laws.

Domain Anti-Abuse Procedure

Applicant will provide a domain name anti-abuse procedure (“Abuse Procedure”) modeled after the Digital Millennium Copyright Act’s notice-and-takedown procedure. At all times, Applicant will publish on its website at NIC.BANAMEX the Abuse Policy and Abuse Procedure and the contact information for the Abuse Contact. The Abuse Procedure will specify that it is recommended that any correspondence (“Complaint”) be sent by both fax and email, that any email include “Notice of Alleged Abuse” in the subject line of the email, and that all Complaints specify the type of abuse at issue as defined in the Abuse Policy.

Inquiries addressed to the Abuse Contact will be received by Legal Team who will remedy or deny any Complaint regarding an alleged violation of the Abuse Policy. Applicant will catalog all abuse communications and provide them to third parties only under limited circumstances, such as in response to a subpoena or other such court order or demonstrated official need by law enforcement.

Legal Team will first give the Complaint a “quick look” to see if the Complaint reasonably falls within an abusive use as defined by the Abuse Policy. If not, the Abuse Contact will write a timely correspondence to Complainant stating that the subject of the complaint clearly does not fall within one of the delineated abusive uses as defined by the Abuse Policy and that Applicant considers the matter closed.

If the quick look does not resolve the matter, Legal Team will timely give the Complaint a full review. If an abusive use is determined, the Abuse Contact will alert the registry services provider to immediately suspend the resolution of the domain name. Legal Team will then immediately notify the registrant of the suspension of the domain name, the nature of the complaint, and provide the registrant with the option to respond within a timely fashion or the domain name will be canceled.

If the registrant responds within a timely period, its response will be reviewed by Legal Team for further review. If Legal Team is satisfied by the registrant’s response that the use is not abusive, Legal Team will submit a timely request to the registry services provider to unsuspend the domain name. The Abuse Contact will then timely notify the Complainant that its complaint was ultimately denied and provide the reasons for the denial. If the registrant does not respond within a timely fashion, the Abuse Contact will notify the registry services provider to cancel the abusive domain name.

This Abuse Procedure will not prejudice either party’s election to pursue another dispute mechanism, such as URS or UDRP.

With the assistance of its back-end registry services provider, Applicant will meet its obligations under Section 2.8 of the Registry Agreement to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. Accordingly, Applicant will timely respond to legitimate law enforcement inquiries. Any such response shall include, at a minimum, a timely acknowledgement of receipt of the request, questions or comments concerning the request, and an outline of the next steps to be taken by Applicant for a timely resolution of the request.

In the event such request involves any of the activities which can be validated by Applicant’s Legal Team and involves the type of activity set forth in the Abuse Policy, Abuse Contact will timely notify the registry services provider to either suspend or cancel the domain name. If Legal Team determines that it is not an abusive activity, Abuse Contact will timely provide the relevant law enforcement, governmental and⁄or quasi-governmental agency a compelling argument to keep the name in the zone.

Whois Accuracy

Applicant will provide WHOIS accessibility in a reliable, consistent, and predictable fashion in order to promote Whois accuracy. The TLD will adhere to port 43 WHOIS Service Level Agreements (SLAs), which require that port 43 WHOIS service be highly accessible and fast.

Applicant will offer thick WHOIS services, in which all authoritative WHOIS data—including contact data—is maintained at the registry. Through Applicant’s registrar and registry services operators, Applicant will maintain timely, unrestricted, and public access to accurate and complete WHOIS information, including all data objects as specified in Specification 4. Moreover, prior to the release of any domain names, Applicant’s registrar will provide Applicant’s Domain Name Team with an authorization code to provide when registering domain names, and Applicant’s Domain Name Team will provide registrar with authorized registrant contact information to verify upon the attempted registration of any domain names. Upon registration, registrar will verify the authorization code and contact information before the prospective registrant is allowed to proceed.

In order to further promote WHOIS accuracy, Applicant will offer a mechanism duly posted on its WHOIS.BANAMEX website whereby third parties can submit complaints directly to the Applicant’s Domain Name Team (as opposed to ICANN or the sponsoring Registrar) about inaccurate or incomplete WHOIS data. Such information shall be forwarded to the registrar, who shall be required to address those complaints with their registrants. Within a reasonable time period after forwarding the complaint to the registrar, Domain Name Team will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the registrar has failed to take any action, or it is clear that the registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the registrant is able to cure the deficiencies.

In addition, Applicant’s Domain Name Team will at least twice per year perform a manual review of a random sampling of domain names within the applied-for TLD to test the accuracy of the WHOIS information. Through this review, Applicant’s Domain Name Team will examine the WHOIS data for evidence of inaccurate or incomplete Whois information. In the event that such errors or missing information exists, it shall be forwarded to the registrar, who shall be required to address such deficiencies with their registrants. Within a reasonable time period, Domain Name Team will examine the current WHOIS data for names that were alleged to be inaccurate or incomplete to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the registrar has failed to take any action, or it is clear that the registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.

Abuse Prevention and Mitigation Domain Name Access

All domain name registrants will have adequate controls to ensure proper access to domain functions.

In addition to the above, all domain name registrations in the applied-for TLD will be required to name at least two (2) unique points of contact within Applicant’s Domain Name Team, all of whom will be authorized to request and⁄or approve update, transfer, and deletion requests. The points of contact will establish strong passwords with the registrar that along with at least one other authentication factor must be authenticated before a point of contact will be allowed to process updates, transfer, and deletion requests. Once a process update, transfer, or deletion request is entered, all of the points of contact will automatically be notified when a domain has been updated, transferred, or deleted through by Applicant’s registrar.

28.1 Abuse Prevention and Mitigation
Strong abuse prevention of a new gTLD is an important benefit to the internet community. TLD and its registry operator and back-end registry services provider, Neustar, agree that a registry must not only aim for the highest standards of technical and operational competence, but also needs to act as a steward of the space on behalf of the Internet community and ICANN in promoting the public interest. Neustar brings extensive experience establishing and implementing registration policies. This experience will be leveraged to help TLD combat abusive and malicious domain activity within the new gTLD space.

One of those public interest functions for a responsible domain name registry includes working towards the eradication of abusive domain name registrations, including, but not limited to, those resulting from:

Illegal or fraudulent actions




Distribution of malware

Fast flux hosting


Distribution of child pornography

Online sale or distribution of illegal pharmaceuticals.

More specifically, although traditionally botnets have used Internet Relay Chat (IRC) servers to control registry and the compromised PCs, or bots, for DDoS attacks and the theft of personal information, an increasingly popular technique, known as fast-flux DNS, allows botnets to use a multitude of servers to hide a key host or to create a highly-available control network. This ability to shift the attacker’s infrastructure over a multitude of servers in various countries creates an obstacle for law enforcement and security researchers to mitigate the effects of these botnets. But a point of weakness in this scheme is its dependence on DNS for its translation services. By taking an active role in researching and monitoring these sorts of botnets, Applicant’s partner, Neustar, has developed the ability to efficiently work with various law enforcement and security communities to begin a new phase of mitigation of these types of threats.

Policies and Procedures to Minimize Abusive Registrations
A Registry must have the policies, resources, personnel, and expertise in place to combat such abusive DNS practices. As TLDʹs registry provider, Neustar is at the forefront of the prevention of such abusive practices and is one of the few registry operators to have actually developed and implemented an active “domain takedown” policy. We also believe that a strong program is essential given that registrants have a reasonable expectation that they are in control of the data associated with their domains, especially its presence in the DNS zone. Because domain names are sometimes used as a mechanism to enable various illegitimate activities on the Internet often the best preventative measure to thwart these attacks is to remove the names completely from the DNS before they can impart harm, not only to the domain name registrant, but also to millions of unsuspecting Internet users.

Removing the domain name from the zone has the effect of shutting down all activity associated with the domain name, including the use of all websites and e-mail. The use of this technique should not be entered into lightly. TLD has an extensive, defined, and documented process for taking the necessary action of removing a domain from the zone when its presence in the zone poses a threat to the security and stability of the infrastructure of the Internet or the registry.

28.3 Measures for Removal of Orphan Glue Records
As the Security and Stability Advisory Committee of ICANN (SSAC) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the “dominant use of orphaned glue supports the correct and ordinary operation of the DNS.” See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.

While orphan glue often support correct and ordinary operation of the DNS, we understand that such glue records can be used maliciously to point to name servers that host domains used in illegal phishing, bot-nets, malware, and other abusive behaviors. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in DNS. Therefore, when the Registry has written evidence of actual abuse of orphaned glue, the Registry will take action to remove those records from the zone to mitigate such malicious conduct.

Neustar runs a daily audit of entries in its DNS systems and compares those with its provisioning system. This serves as an umbrella protection to make sure that items in the DNS zone are valid. Any DNS record that shows up in the DNS zone but not in the provisioning system will be flagged for investigation and removed if necessary. This daily DNS audit serves to not only prevent orphaned hosts but also other records that should not be in the zone.

In addition, if either TLD or Neustar become aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.

28.5 Resourcing Plans
Responsibility for abuse mitigation rests with a variety of functional groups. The Legal Team is primarily responsible for providing analysis and conducting investigations of reports of abuse. The customer service team also plays an important role in assisting with the investigations, responded to customers, and notifying registrars of abusive domains. Finally, the Policy⁄Legal team is responsible for developing the relevant policies and procedures.

The necessary resources from Neustar will be pulled from the pool of available resources described in detail in the response to Question 31. The following resources are available from those teams:

Customer Support 12 employees

Policy⁄Legal 2 employees

The resources are more than adequate to support the abuse mitigation procedures of the TLD registry.

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.CITICitigroup Inc.steptoe.com-4.63Compare