Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.fyiCharleston Road Registry Inc.google.comView

Specifically, we will implement in our internal policies and in our Registry⁄Registrar and Registration Agreements that all registered domain names will be subject to a Domain Name Anti-Abuse Policy (“Abuse Policy”). The Abuse Policy will provide CRR with broad power to suspend, cancel, or transfer domain names that violate the Abuse Policy. We plan to post the Abuse Policy on a publicly facing website at nic.fyi⁄abuse, which will provide a reporting mechanism whereby violations of the policy can be reported by those who are impacted; an easy to find place to report policy violations; “plain language” definitions of what constitutes a “reportable” problem; and compliance processes to provide due process, and sanctions that will be applied, in the case of policy violations. The nic.fyi⁄abuse website will list CRR’s Abuse Point of Contact. The Abuse Point of Contact shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of abuse complaints. CRR will ensure that this information is kept accurate and up to date and will be provided to ICANN if and when changes are made.The Abuse Point of Contact will review complaints regarding an alleged violation of the Abuse Policy.

28.1. Abuse Tracking

CRR also plans to catalog all abuse communications in Google’s customer relationship management (CRM) software using a ticketing system and to maintain records of all abuse complaints for an appropriate amount of time. We shall only provide access to these records to third parties under limited circumstances, such as in response to a subpoena or other such court order or demonstrated official need by law enforcement.

The Abuse Policy will define abuse as an action that:
a. Causes actual and substantial harm, or is a material predicate of such harm; and
b. Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed.

28.2. Abuse Definitions

The Abuse Policy will also name and provide basic definitions as to what constitutes the abusive registration and⁄or use of domain names within the TLD. These will include, but not be limited to, the following activities:
1. Unqualified Applicant - not authorized to register domain name;
2. Child Pornography - Web sites that contain content that exploits children, such as child pornography (including cartoon child porn) or content that presents children in a sexual manner;
3. Fake renewal notices - Fake renewal notices are misleading correspondence sent to registrants from an individual or organization claiming to be or to represent the current registrar. These are sent for a variety of deceptive purposes, such as obtaining an unnecessary fee (fraud); getting a registrant to switch registrars unnecessarily (“slamming”, or illegitimate market-based switching); or to obtain registrant credentials or authorization codes to facilitate theft of the domain;
4. Cross-TLD Registration Scam - a deceptive sales practice where an existing registrant is sent a notice that another party is interested in or is attempting to register the registrant’s domain string in another TLD;
5. Domain kiting⁄tasting - Registrants may abuse an Add Grace Period through continual registration and deletion of domain names to test their monetization (“tasting”), and re-registration of the same names in order to avoid paying the registration fees (“kiting”);
6. Phishing - a Web site fraudulently presenting itself as a trusted site (often a bank) in order to deceive Internet users into divulging sensitive information (e.g. online banking credentials, email passwords);
7. Spam - use of electronic messaging systems from email addresses from domains in the TLD to send unsolicited bulk e-mail;
8. Malware ⁄ Botnet Command-and-Control - Malware authors sometimes use domain names as a way to control and update botnets. Botnets are composed of thousands to millions of infected computers under the common control of a criminal. Botnets can be used to perpetrate many kinds of malicious activity, including distributed denial-of-service attacks (DDoS), spam, and fast-flux hosting of phishing sites;
9. Use of Stolen Credentials –such as stolen credit card numbers, to register domain names for malicious purposes;
10. Pharming - redirecting of unknowing users to fraudulent Web sites or services, typically through domain name system (DNS) hijacking or poisoning;
11. Fast flux hosting - use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of CRR;

28.3. Abuse Policy Rights Reserved

The Abuse Policy will state, at a minimum, that CRR reserves the right to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary, in its discretion: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of CRR, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or any agreement CRR has with any party; (5) to correct mistakes made by CRR, its registry services provider, or any registrar in connection with a domain name registration; (6) during resolution of any dispute regarding the domain; and (7) to remedy the abusive registration or use of any domain name.

28.4. Orphan Glue

We will remove orphan glue records for names removed from the zone when provided with evidence in written form to the Abuse Point of Contact that the glue is present in connection with malicious conduct according to Specification 6 of the New gTLD Registry Agreement. Google’s back-end systems will also periodically search for orphaned glue. We will inform its registrants that it removes glue if the covering zone is removed, and thus registrants should not reference it from outside the domain.

28.5. Resourcing

CRR and its affiliates will commit ample resources for the purpose of implementing its internal policies and its Registry⁄Registrar and Registration Agreements. As described herein, we will create an Internal Abuse Team, including an Abuse Point of Contact, whose responsibilities will include reviewing, responding, cataloging, and, if applicable, remedying complaints regarding alleged violations of the Abuse Policy. This team will be dedicated to manually reviewing abuse complaints. The roles and responsibilities of the team members are anticipated to include, but are not limited to, the following:
- Reviewing, responding, and if applicable, resolving complaints regarding alleged violations of the Abuse Policy
- Enforcing the Abuse Policy
- Monitoring productivity and efficiency of the manual review process
- Addressing high priority escalations from Law Enforcement quickly
- Collaborating with internal and external partners to drive issues to resolution
- Interface with the technical team to improve workflow, prioritize escalations, create tools for the manual review process

28.6. Anti-abuse Notice and Takedown Procedure

In order to reduce abusive registrations that affect the security of the TLD and its users, CRR plans to provide a domain anti-abuse notice and takedown procedure. Specifically, we will operate an anti-abuse website at the URI address nic.fyi⁄abuse that will provide the contact information for the Abuse Point of Contact. The nic.fyi⁄abuse website will prominently display CRR’s Abuse Policy and a fill-in section wherein the user will then be asked to fill in several fields, including the user’s identity and contact information, and the identity and relevant information of the individual or organization that is making an abusive registration or use of a domain name within the TLD, and specific details on how, why, and when the complainant believes the registration or use of the domain name is abusive. The user will be asked to read the Abuse Policy before it submits a complaint and then click on a check box to indicate that the user has read and understands the Abuse Policy.

28.7. Abuse Response

CRR will then provide a targeted response time as to the decision regarding the complaint. We will review with the Internal Abuse Team and render a decision regarding the alleged abuse, and decide whether to deny, cancel, or transfer any registration or transaction, or place any domain(s) on registry lock, hold, or similar status that violates the Abuse Policy, if applicable. In accordance with the applicable terms of service, CRR reserves the right to terminate the accounts or domains of repeat abusers.

Specifically, the process is anticipated to occur as follows: an email containing the information relayed in the complaint will be sent to the Abuse Point of Contact. The Abuse Point of Contact will send an email to the complainant within twenty-four hours of receiving the complaint confirming receipt of the email. The Abuse Point of Contact will preliminarily review to determine whether the complaint reasonably falls within an abusive use as defined by the Abuse Policy. If the complaint does not, the Abuse Point of Contact will email the complainant within forty-eight business hours of the confirmation email to indicate that the subject of the complaint does not fall within the abusive uses as defined by the Abuse Policy, and that CRR considers the matter closed.

If the preliminary review does not resolve the matter, the Abuse Point of Contact will relay the complaint to CRR’s Abuse Team.

All requests from law enforcement will be flagged for prompt review by the Internal Abuse Team. With the resources of Google’s registry services team, CRR can meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD.

In high-priority cases the Internal Abuse Team will seek to determine within forty-eight business hours whether the registration or use of the domain within the TLD is abusive as defined by the Abuse Policy. In all cases, the Internal Abuse Team will determine whether a domain is abusive within seven business days or sooner of receipt of the Complaint. If an abusive use is determined, the Internal Abuse Team may alert the registry services team to immediately suspend resolution of the domain name, as appropriate. Thereafter, if we decide to suspend resolution of the domain name at issue, the Abuse Point of Contact will immediately notify the abusive domain name registrant of such action, the nature of the complaint, and provide the registrant with the option to respond within ten days. All such actions will be ticketed in Google’s CRM software to maintain accurate complaint processing records.

If the registrant responds within ten business days, the Internal Abuse Team will review the response to determine if the registration or use is not abusive. If the Internal Abuse Team is satisfied by the registrant’s response, the Abuse Point of Contact will submit a request to the registry services team to reactivate the domain name. If the registrant does not respond within ten business days or the Internal Abuse Team is not satisfied by the registrant’s response, the Abuse Point of Contact will notify the registry services team to continue the suspension, transfer or cancel the abusive domain name, as appropriate.

The anti-abuse procedure will not prejudice either party’s election to pursue another dispute mechanism, such as the Uniform Rapid Suspension System (URS) or Uniform Domain-Name Dispute-Resolution Policy (UDRP). If CRR’s registrar receives notice of a URS or UDRP complaint pertaining to a domain name within the TLD, the registrar will ensure that the domain name is locked within twenty-four hours of receipt of the complaint. The registrar will also notify CRR’s Abuse Point of Contact and the registrant.

28.8. Abuse Prevention

In order to further minimize abusive domain name registrations and other activities that have a negative impact on Internet users, CRR will promote the ability to contact a domain registrant using information in WHOIS by providing accessibility in a reliable, consistent, and predictable fashion. CRR will adhere to port 43 WHOIS Service Level Agreements (SLA), which require that port 43 WHOIS service be highly accessible and fast.

CRR will authenticate registrant information by providing an email verification link sent to the registrant to confirm its email address. In addition, we will ensure an ongoing ability to contact the registrant via email by confirming the new email address as part of changes affecting the contact information.

CRR plans to regularly monitor registration data for accuracy and completeness, employing authentication methods, and establishing policies and procedures to address domain names with inaccurate or incomplete WHOIS data.

As required by Specification 4 of the new gTLD Registry Agreement, CRR will offer thick WHOIS services, in which all authoritative WHOIS data is maintained at the registry. Through CRR’s registrar and registry services team, we will maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information, identity of the registrar, domain name’s expiration date, nameservers associated with the domain, and specified fields of data for the Registrant Contact, Administrative Contact, and Technical Contact.

CRR will employ query rate limiting and CAPTCHA procedures for its WHOIS database to minimize abuse of its features.

28.9. Summary and Key Insights

Abusive activity on the Internet has been a growing problem, creating security and stability issues for registrants, registrars and users of the Internet in general. CRR intends to address this issue across its TLDs by dedicating ample resources for the purpose of implementing its strict abuse policies and procedures.
gTLDFull Legal NameE-mail suffixDetail
.motoCharleston Road Registry Inc.google.comView
28. Abuse Prevention and Mitigation

It is anticipated that only Google and its affiliates will be eligible to register domain names within the top-level domain (TLD). At no time during the life of the registry does Charleston Road Registry (CRR) plan to offer domain name registrations to third-parties, and CRR will employ a stringent verification process to establish that every prospective registrant meets the registration criteria. In addition to this verification process, we will implement strict policies and procedures to minimize abusive domain name registrations and uses and other activities that have a negative impact on Internet users.

Specifically, we will implement in our internal policies and in our Registry⁄Registrar and Registration Agreements that all registered domain names will be subject to a Domain Name Anti-Abuse Policy (“Abuse Policy”). The Abuse Policy will provide CRR with broad power to suspend, cancel, or transfer domain names that violate the Abuse Policy. We plan to post the Abuse Policy on a publicly facing website at nic.moto⁄abuse, which will provide a reporting mechanism whereby violations of the policy can be reported by those who are impacted; an easy to find place to report policy violations; “plain language” definitions of what constitutes a “reportable” problem; and compliance processes to provide due process, and sanctions that will be applied, in the case of policy violations. The nic.moto⁄abuse website will list CRR’s Abuse Point of Contact. The Abuse Point of Contact shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of abuse complaints. CRR will ensure that this information is kept accurate and up to date and will be provided to ICANN if and when changes are made.The Abuse Point of Contact will review complaints regarding an alleged violation of the Abuse Policy.

28.1. Abuse Tracking

CRR also plans to catalog all abuse communications in Google’s customer relationship management (CRM) software using a ticketing system and to maintain records of all abuse complaints for an appropriate amount of time. We shall only provide access to these records to third parties under limited circumstances, such as in response to a subpoena or other such court order or demonstrated official need by law enforcement.

The Abuse Policy will define abuse as an action that:
a. Causes actual and substantial harm, or is a material predicate of such harm; and
b. Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed.

We further anticipate that the Abuse Policy will state that only Google and its authorized affiliates are authorized to register and operate domain names within the TLD, and that it conducts an ongoing verification process designed to establish that a prospective registrant meets the registration criteria, namely that the registration was made by Google or an authorized affiliate.

28.2. Abuse Definitions

The Abuse Policy will also name and provide basic definitions as to what constitutes the abusive registration and⁄or use of domain names within the TLD. These will include, but not be limited to, the following activities:
1. Unqualified Applicant - not authorized to register domain name;
2. Child Pornography - Web sites that contain content that exploits children, such as child pornography (including cartoon child porn) or content that presents children in a sexual manner;
3. Fake renewal notices - Fake renewal notices are misleading correspondence sent to registrants from an individual or organization claiming to be or to represent the current registrar. These are sent for a variety of deceptive purposes, such as obtaining an unnecessary fee (fraud); getting a registrant to switch registrars unnecessarily (“slamming”, or illegitimate market-based switching); or to obtain registrant credentials or authorization codes to facilitate theft of the domain;
4. Cross-TLD Registration Scam - a deceptive sales practice where an existing registrant is sent a notice that another party is interested in or is attempting to register the registrant’s domain string in another TLD;
5. Domain kiting⁄tasting - Registrants may abuse an Add Grace Period through continual registration and deletion of domain names to test their monetization (“tasting”), and re-registration of the same names in order to avoid paying the registration fees (“kiting”);
6. Phishing - a Web site fraudulently presenting itself as a trusted site (often a bank) in order to deceive Internet users into divulging sensitive information (e.g. online banking credentials, email passwords);
7. Spam - use of electronic messaging systems from email addresses from domains in the TLD to send unsolicited bulk e-mail;
8. Malware ⁄ Botnet Command-and-Control - Malware authors sometimes use domain names as a way to control and update botnets. Botnets are composed of thousands to millions of infected computers under the common control of a criminal. Botnets can be used to perpetrate many kinds of malicious activity, including distributed denial-of-service attacks (DDoS), spam, and fast-flux hosting of phishing sites;
9. Use of Stolen Credentials –such as stolen credit card numbers, to register domain names for malicious purposes;
10. Pharming - redirecting of unknowing users to fraudulent Web sites or services, typically through domain name system (DNS) hijacking or poisoning;
11. Fast flux hosting - use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of CRR;

28.3. Abuse Policy Rights Reserved

The Abuse Policy will state, at a minimum, that CRR reserves the right to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary, in its discretion: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of CRR, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or any agreement CRR has with any party; (5) to correct mistakes made by CRR, its registry services provider, or any registrar in connection with a domain name registration; (6) during resolution of any dispute regarding the domain; and (7) to remedy the abusive registration or use of any domain name.

28.4. Orphan Glue

For closed registries, there is unlikely to be orphan glue. Nonetheless, the following policy will apply to the TLD. We will remove orphan glue records for names removed from the zone when provided with evidence in written form to the Abuse Point of Contact that the glue is present in connection with malicious conduct according to Specification 6 of the New gTLD Registry Agreement. Google’s back-end systems will also periodically search for orphaned glue. We will inform its registrants that it removes glue if the covering zone is removed, and thus registrants should not reference it from outside the domain.

28.5. Resourcing

CRR and its affiliates will commit ample resources for the purpose of implementing its internal policies and its Registry⁄Registrar and Registration Agreements. As described herein, we will create an Internal Abuse Team, including an Abuse Point of Contact, whose responsibilities will include reviewing, responding, cataloging, and, if applicable, remedying complaints regarding alleged violations of the Abuse Policy. This team will be dedicated to manually reviewing abuse complaints. The roles and responsibilities of the team members are anticipated to include, but are not limited to, the following:
- Reviewing, responding, and if applicable, resolving complaints regarding alleged violations of the Abuse Policy
- Enforcing the Abuse Policy
- Monitoring productivity and efficiency of the manual review process
- Addressing high priority escalations from Law Enforcement quickly
- Collaborating with internal and external partners to drive issues to resolution
- Interface with the technical team to improve workflow, prioritize escalations, create tools for the manual review process

28.6. Anti-abuse Notice and Takedown Procedure

In order to reduce abusive registrations that affect the security of the TLD and its users, CRR plans to provide a domain anti-abuse notice and takedown procedure. Specifically, we will operate an anti-abuse website at the URI address nic.moto⁄abuse that will provide the contact information for the Abuse Point of Contact. The nic.moto⁄abuse website will prominently display CRR’s Abuse Policy and a fill-in section wherein the user will then be asked to fill in several fields, including the user’s identity and contact information, and the identity and relevant information of the individual or organization that is making an abusive registration or use of a domain name within the TLD, and specific details on how, why, and when the complainant believes the registration or use of the domain name is abusive. The user will be asked to read the Abuse Policy before it submits a complaint and then click on a check box to indicate that the user has read and understands the Abuse Policy.

28.7. Abuse Response

CRR will then provide a targeted response time as to the decision regarding the complaint. We will review with the Internal Abuse Team and render a decision regarding the alleged abuse, and decide whether to deny, cancel, or transfer any registration or transaction, or place any domain(s) on registry lock, hold, or similar status that violates the Abuse Policy, if applicable. In accordance with the applicable terms of service, CRR reserves the right to terminate the accounts or domains of repeat abusers.

Specifically, the process is anticipated to occur as follows: an email containing the information relayed in the complaint will be sent to the Abuse Point of Contact. The Abuse Point of Contact will send an email to the complainant within twenty-four hours of receiving the complaint confirming receipt of the email. The Abuse Point of Contact will preliminarily review to determine whether the complaint reasonably falls within an abusive use as defined by the Abuse Policy. If the complaint does not, the Abuse Point of Contact will email the complainant within forty-eight business hours of the confirmation email to indicate that the subject of the complaint does not fall within the abusive uses as defined by the Abuse Policy, and that CRR considers the matter closed.

If the preliminary review does not resolve the matter, the Abuse Point of Contact will relay the complaint to CRR’s Abuse Team.

All requests from law enforcement will be flagged for prompt review by the Internal Abuse Team. With the resources of Google’s registry services team, CRR can meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD.

In high-priority cases the Internal Abuse Team will seek to determine within forty-eight business hours whether the registration or use of the domain within the TLD is abusive as defined by the Abuse Policy. In all cases, the Internal Abuse Team will determine whether a domain is abusive within seven business days or sooner of receipt of the Complaint. If an abusive use is determined, the Internal Abuse Team may alert the registry services team to immediately suspend resolution of the domain name, as appropriate. Thereafter, if we decide to suspend resolution of the domain name at issue, the Abuse Point of Contact will immediately notify the abusive domain name registrant of such action, the nature of the complaint, and provide the registrant with the option to respond within ten days. All such actions will be ticketed in Google’s CRM software to maintain accurate complaint processing records.

If the registrant responds within ten business days, the Internal Abuse Team will review the response to determine if the registration or use is not abusive. If the Internal Abuse Team is satisfied by the registrant’s response, the Abuse Point of Contact will submit a request to the registry services team to reactivate the domain name. If the registrant does not respond within ten business days or the Internal Abuse Team is not satisfied by the registrant’s response, the Abuse Point of Contact will notify the registry services team to continue the suspension, transfer or cancel the abusive domain name, as appropriate.

The anti-abuse procedure will not prejudice either party’s election to pursue another dispute mechanism, such as the Uniform Rapid Suspension System (URS) or Uniform Domain-Name Dispute-Resolution Policy (UDRP). If CRR’s registrar receives notice of a URS or UDRP complaint pertaining to a domain name within the TLD, the registrar will ensure that the domain name is locked within twenty-four hours of receipt of the complaint. The registrar will also notify CRR’s Abuse Point of Contact and the registrant.

28.8. Abuse Prevention

In order to further minimize abusive domain name registrations and other activities that have a negative impact on Internet users, CRR will promote the ability to contact a domain registrant using information in WHOIS by providing accessibility in a reliable, consistent, and predictable fashion. CRR will adhere to port 43 WHOIS Service Level Agreements (SLA), which require that port 43 WHOIS service be highly accessible and fast.

In order to ensure that only Google and its authorized affiliates are authorized to register and operate domain names within the TLD, CRR will authenticate registrant information by providing an email verification link sent to the registrant to confirm its email address. In addition, we will ensure an ongoing ability to contact the registrant via email by confirming the new email address as part of changes affecting the contact information.

CRR plans to regularly monitor registration data for accuracy and completeness, employing authentication methods, and establishing policies and procedures to address domain names with inaccurate or incomplete WHOIS data. Namely, the WHOIS data will be updated to reflect that the registrant is associated with CRR and⁄or Google.

As required by Specification 4 of the new gTLD Registry Agreement, CRR will offer thick WHOIS services, in which all authoritative WHOIS data is maintained at the registry. Through CRR’s registrar and registry services team, we will maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information, identity of the registrar, domain name’s expiration date, nameservers associated with the domain, and specified fields of data for the Registrant Contact, Administrative Contact, and Technical Contact.

CRR will employ query rate limiting and CAPTCHA procedures for its WHOIS database to minimize abuse of its features.

28.9. Summary and Key Insights

Abusive activity on the Internet has been a growing problem, creating security and stability issues for registrants, registrars and users of the Internet in general. CRR intends to address this issue across its TLDs by dedicating ample resources for the purpose of implementing its strict abuse policies and procedures.