Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.appTRI Ventures, Inc.litl.comView
We have engaged ARI Registry Services (ARI) to deliver services for this TLD. ARI provide registry services for a number of TLDs including the .au ccTLD. For more background information on ARI please see the attachment ‘Q28 – ARI Background & Roles.pdf’.

As stated in response to Question 18, TRI Ventures’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. TRI Ventures will implement its draft registration policy as means of abuse prevention and mitigation ** (see end of document).



1 INTRODUCTION

The efforts that will be undertaken in this TLD to minimise abusive registrations and other activities that have a negative impact on Internet users are described below. We will be utilising the Anti-Abuse Service of our managed registry service provider, ARI. This service includes the implementation of our comprehensive Anti-Abuse Policy. This policy, developed in consultation with ARI, clearly defines abusive behaviour and identifies particular types of abusive behaviour and the mitigation response to such behaviour.



2 OVERVIEW

We have engaged ARI to deliver registry services for this TLD. ARI will, owing to their extensive industry experience and established anti-abuse operations, implement and manage on our behalf various procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI will forward to us all matters requiring determination by the registry operator which fall beyond the scope of ARI’s Anti-Abuse Service. This is described below in the context of the implementation of our Anti-Abuse Policy.

Despite utilisation of ARI’s Anti-Abuse Service, we are nonetheless cognisant of our responsibility to minimise abusive registrations and other activities that have a negative impact on Internet users in the TLD. In recognition of this responsibility, we will play an instrumental role in overseeing the implementation of the Anti-Abuse Service by ARI. We will also have contractual commitments in the form of SLA’s in place to ensure that ARI’s delivery of the Anti-Abuse Service is aligned with our strong commitment to minimise abuse in our TLD.

That strong commitment is further demonstrated by our adoption of many of the requirements proposed in the ‘2011 Proposed Security, Stability and Resiliency Requirements for Financial TLDs’ (at http:⁄⁄www.icann.org⁄en⁄news⁄correspondence⁄aba-bits-to-beckstrom-crocker-20dec11-en.pdf) (the ‘BITS Requirements). We acknowledge that these requirements were developed by the financial services sector in relation to financial TLDs, but nevertheless believe that their adoption in this TLD (which is not financial-related) results in a more robust approach to combating abuse.

Consistent with Requirement 6 of the BITS Requirements, we will certify to ICANN on an annual basis our compliance with our Registry Agreement.

Please note that the various policies and practices that we have implemented to minimise abusive registrations and other activities that affect the rights of trademark holders are specifically described in our response to Question 29.



3 POLICY

In consultation with ARI we have developed a comprehensive Anti-Abuse Policy, which is the main instrument that captures our strategy in relation to abuse in the TLD.


3.1 DEFINITION OF ABUSE

Abusive behaviour in a TLD may relate to the core domain name-related activities performed by Registrars and registries including, but not limited to:
– The allocation of registered domain names.

– The maintenance of and access to registration information.

– The transfer, deletion, and reallocation of domain names.

– The manner in which the registrant uses the domain name upon creation.


Challenges arise in attempting to define abusive behaviour in the TLD due to its broad scope. Defining abusive behaviour by reference to the stage in the domain name lifecycle in which the behaviour occurs presents difficulty given that a particular type of abuse may occur at various stages of the life cycle.
With this in mind, ARI has fully adopted the definition of abuse developed by the Registration Abuse Policies Working Group (Registration Abuse Policies Working Group Final Report 2010, at http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), which does not focus on any particular stage in the domain name life cycle.


Abusive behaviour in a TLD may be defined as an action that:

– causes actual and substantial harm, or is a material predicate of such harm.

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


In applying this definition the following must be noted:

1. The party or parties harmed, and the severity and immediacy of the abuse, should be identified in relation to the specific alleged abuse.

2. The term ʺharmʺ is not intended to shield a party from fair market competition.

3. A predicate is a related action or enabler. There must be a clear link between the predicate and the abuse, and justification enough to address the abuse by addressing the predicate (enabling action).


For example, WhoIs data can be used in ways that cause harm to domain name registrants, intellectual property (IP) rights holders and Internet users. Harmful actions may include the generation of spam, the abuse of personal data, IP infringement, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences. Examples of predicates to these harmful actions are automated email harvesting, domain name registration by proxy⁄privacy services to aid wrongful activity, support of false or misleading registrant data, and the use of WhoIs data to develop large email lists for commercial purposes. The misuse of WhoIs data is therefore considered abusive because it is contrary to the intention and design of the stated legitimate purpose of WhoIs data.



3.2 AIMS AND OVERVIEW OF OUR ANTI-ABUSE POLICY

Our Anti-Abuse Policy will put registrants on notice of the ways in which we will identify and respond to abuse and serve as a deterrent to those seeking to register and use domain names for abusive purposes. The policy will be made easily accessible on the Abuse page of our registry website which will be accessible and have clear links from the home page along with FAQs and contact information for reporting abuse.


Consistent with Requirements 15 and 16 of the BITS Requirements, our policy:

– Defines abusive behaviour in our TLD.

– Identifies types of actions that constitute abusive behaviour, consistent with our adoption of the RAPWG definition of ‘abuse’.

– Classifies abusive behaviours based on the severity and immediacy of the harm caused.

– Identifies how abusive behaviour can be notified to us and the steps that we will take to determine whether the notified behaviour is abusive.

– Identifies the actions that we may take in response to behaviour determined to be abusive.

Our RRA will oblige all Registrars to do the following in relation to the Anti-Abuse Policy:

– comply with the Anti-Abuse Policy; and

– include in their registration agreement with each registrant an obligation for registrants to comply with the Anti-Abuse Policy and each of the following requirements:

‘operational standards, policies, procedures, and practices for the TLD established from time to time by the registry operator in a non-arbitrary manner and applicable to all Registrars, including affiliates of the registry operator, and consistent with ICANNʹs standards, policies, procedures, and practices and the registry operator’s Registry Agreement with ICANN. Additional or revised registry operator operational standards, policies, procedures, and practices for the TLD shall be effective upon thirty days notice by the registry operator to the Registrar. If there is a discrepancy between the terms required by this Agreement and the terms of the Registrar’s registration agreement, the terms of this Agreement shall supersede those of the Registrar’s registration agreement’.


Our RRA will additionally incorporate the following BITS Requirements:

– Requirement 7: Registrars must certify annually to ICANN and us compliance with ICANN’s Registrar Accreditation Agreement (RAA) our Registry-Registrar Agreement (RRA).

– Requirement 9: Registrars must provide and maintain valid primary contact information (name, email address, and phone number) on their website.

– Requirement 14: Registrars must notify us immediately regarding any investigation or compliance action, including the nature of the investigation or compliance action by ICANN or any outside party (eg law enforcement, etc.) along with the TLD impacted.

– Requirement 19: Registrars must disclose registration requirements on their website.
We will re-validate our RRAs at least annually, consistent with Requirement 10.



3.3 ANTI-ABUSE POLICY

Our Anti-Abuse Policy is as follows:


ANTI-ABUSE POLICY

INTRODUCTION:
The abusive registration and use of domain names in the TLD is not tolerated given that the inherent nature of such abuses creates security and stability issues for all participants in the Internet environment.


Definition of Abusive Behaviour:
Abusive behaviour is an action that:

– causes actual and substantial harm, or is a material predicate of such harm; or

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


A ‘predicate’ is an action or enabler of harm.
‘Material’ means that something is consequential or significant.

Examples of abusive behaviour falling within this definition:

– Spam: the use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.

– Phishing: the use of a fraudulently presented web site to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Pharming: the redirecting of unknowing users to fraudulent web sites or services, typically through DNS hijacking or poisoning, in order to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Wilful distribution of malware: the dissemination of software designed to infiltrate or cause damage to devices or to collect confidential data from users without the owner’s informed consent.

– Fast Flux hosting: the use of DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves in order to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast flux hosting may only be used with prior permission of the registry operator.

– Botnet command and control: the development and use of a command, agent, motor, service or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.

– Distribution of child pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

– Illegal access to other computers or networks: the illegal accessing of computers, accounts, or networks belonging to another party, or attempt to penetrate security measures of another individual’s system (hacking). Also, any activity that might be used as a precursor to an attempted system penetration.



DETECTION OF ABUSIVE BEHAVIOUR:


Abusive behaviour in the TLD may be detected in the following ways:

– By us through our on-going monitoring activities and industry participation.

– By third parties (general public, law enforcement, government agencies, industry partners) through notification submitted to the abuse point of contact on our website, or industry alerts.

Reports of abusive behaviour will be notified immediately to the Registrar of record.



HANDLING OF ABUSIVE BEHAVIOUR:

When abusive behaviour is detected in our TLD through notification by a third party, a preliminary assessment will be performed in order to determine whether the notification is legitimately made. Applying the definitions of types of abusive behaviours identified in this policy, we will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to registrants and Internet users. These categories are provided below and are defined by reference to the action that may be taken by us. The examples of types of abusive behaviour falling within each category are illustrative only.


Category 1:

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware


Mitigation steps:

1. Investigate
2. Notify registrant


Category 2:

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name

2. Investigate

3. Restore or terminate domain name


In the event that we receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, our mitigation steps will be in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, we will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime, eg distribution of child pornography.

Note that these expected actions are intended to provide a guide to our response to abusive behaviour rather than any guarantee that a particular action will be taken.
The identification of abusive behaviour in the TLD, as defined above, shall give us the right, but not the obligation, to take such actions in accordance with the following text in the RRA, which provides that the registry operator:

‘reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, or instruct Registrars to take such an action as we deem necessary in our discretion to;

1. protect the integrity and stability of the registry;

2. comply with any applicable laws, government rules or requirements, requests of law enforcement, or dispute resolution process;

3. avoid any liability, civil or criminal, on the part of the registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees, per the terms of the registration agreement; and

4. correct mistakes made by the registry operator or any Registrar in connection with a domain name registration.


We reserve the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

We also reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrars only and not Resellers may offer proxy registration services to private individuals using the domain name for non-commercial purposes.

We may amend or otherwise modify this policy to keep abreast of changes in consensus policy or new and emerging types of abusive behaviour in the Internet.
Registrar’s failure to comply with this Anti-Abuse Policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to us under the RRA.



4 ABUSE PREVENTION AND MITIGATION

This section describes the implementation of our abuse related processes regarding:

– Building awareness of the Anti-Abuse Policy.

– Mitigating the potential for abusive behaviour.

– Identifying abusive behaviour.

– Handling abusive behaviour.



4.1. AWARENESS OF POLICY

The Anti-Abuse Policy will be published on the Abuse page of our registry website, which will be accessible and have clear links from the home page. In addition, the URL to the Abuse page will be included in all email correspondence to the registrant, thereby placing all registrants on notice of the applicability of the Anti-Abuse Policy to all domain names registered in our TLD. The Abuse page will, consistent with Requirement 8 of the BITS Requirements, provide registry contact information (name, email address, and phone number) to enable the public to communicate with us about TLD policies. The Abuse page will emphasise and evidence our commitment to combating abusive registrations by clearly identifying what our policy on abuse is and what effect our implementation of the policy may have on registrants. We anticipate that this clear message, which communicates our commitment to combating abusive registrations, will serve to minimise abusive registrations in our TLD.



4.2 PRE-EMPTIVE – MITIGATING OF THE POTENTIAL FOR ABUSE

The following practices and procedures will be adopted to mitigate the potential for abusive behaviour in our TLD.



4.2.1 ICANN PRESCRIBED MEASURES

In accordance with our obligations as a registry operator, we will comply with all requirements in the ‘gTLD Applicant Guidebook’. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the TLD:

– DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy-to-use manner in order to facilitate deployment by registrants. DNSSEC deployment is further discussed in the context of our response to Question 43.

– Prohibition on Wild Carding as required by section 2.2 of Specification 6 of the Registry Agreement.

– Removal of Orphan Glue records (discussed below in ‎‘4.2.8 Orphan Glue Record Management’).



4.2.2 INCREASING REGISTRANT SECURITY AWARENESS

In accordance with our commitment to operating a secure and reliable TLD, we will attempt to improve registrant awareness of the threats of domain name hijacking, registrant impersonation and fraud, and emphasise the need for and responsibility of registrants to keep registration (including WhoIs) information accurate. Awareness will be raised by:

– Publishing the necessary information on the Abuse page of our registry website in the form of videos, presentations and FAQ’s.

– Developing and providing to registrants and resellers Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse when the uniqueness property of this domain name password is not preserved.

The increase in awareness renders registrants less susceptible to attacks on their domain names owing to the adoption of the recommended best practices thus serving to mitigate the potential for abuse in the TLD. The clear responsibility on registrants to provide and maintain accurate registration information (including WhoIs) further serves to minimise the potential for abusive registrations in the TLD.



4.2.3 MITIGATING THE POTENTIAL FOR ABUSIVE REGISTRATIONS THAT AFFECT THE LEGAL RIGHTS OF OTHERS

Many of the examples of abusive behaviour identified in our Anti-Abuse Policy may affect the rights of trademark holders. While our Anti-Abuse Policy addresses abusive behaviour in a general sense, we have additionally developed specific policies and procedures to combat behaviours that affect the rights of trademark holders at start-up and on an ongoing basis. These include the implementation of a trademark claims service and a sunrise registration service at start-up and implementation of the UDRP, URS and PDDRP on an ongoing basis. The implementation of these policies and procedures serves to mitigate the potential for abuse in the TLD by ensuring that domain names are allocated to those who hold a corresponding trademark.

These policies and procedures are described in detail in our response to Question 29.


4.2.4 SAFEGUARDS AGAINST ALLOWING FOR UNQUALIFIED REGISTRATIONS

The eligibility restrictions for this TLD are outlined in our response to Question 18.

Eligibility restrictions will be implemented contractually through our RRA, which will require Registrars to include the following in their Registration Agreements:

– Registrant warrants that it satisfies eligibility requirements.

Where applicable, eligibility restrictions will be enforced through the adoption of the Charter Eligibility Dispute Resolution Policy or a similar policy, and Registrars will be obliged to require in their registration agreements that registrants agree to be bound by such policy and acknowledge that a registration may be cancelled in the event that a challenge against it under such policy is successful.

Providing an administrative process for enforcing eligibility criteria and taking action when notified of eligibility violations mitigates the potential for abuse. This is achieved through the risk of cancellation in the event that it is determined in a challenge procedure that eligibility criteria are not satisfied.



4.2.5 REGISTRANT DISQUALIFICATION

As specified in our Anti-Abuse Policy, we reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrants, their agents or affiliates found through the application of our Anti-Abuse Policy to have repeatedly engaged in abusive registration will be disqualified from maintaining any registrations or making future registrations. This will be triggered when our records indicate that a registrant has had action taken against it an unusual number of times through the application of our Anti-Abuse Policy. Registrant disqualification provides an additional disincentive for qualified registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.

In addition, nameservers that are found to be associated only with fraudulent registrations will be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.
The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to partake in such behaviour from registering domain names.



4.2.6 RESTRICTIONS ON PROXY REGISTRATION SERVICES

Whilst it is understood that implementing measures to promote WhoIs accuracy is necessary to ensure that the registrant may be tracked down, it is recognised that some registrants may wish to utilise a proxy registration service to protect their privacy. In the event that Registrars elect to offer such services, the following conditions apply:

– Proxy registration services may only be offered by Registrars and NOT resellers.

– Registrars must ensure that the actual WhoIs data is obtained from the registrant and must maintain accurate records of such data.

– Registrars must provide Law Enforcement Agencies (LEA) with the actual WhoIs data upon receipt of a verified request.

– Proxy registration services may only be made available to private individuals using the domain name for non-commercial purposes.


These conditions will be implemented contractually by inclusion of corresponding clauses in the RRA as well as being published on the Abuse page of our registry website. Individuals and organisations will be encouraged through our Abuse page to report any domain names they believe violate the above restrictions, following which appropriate action may be taken by us. Publication of these conditions on the Abuse page of our registry website ensures that registrants are aware that despite utilisation of a proxy registration service, actual WhoIs information will be provided to LEA upon request in order to hold registrants liable for all actions in relation to their domain name. The certainty that WhoIs information relating to domain names which draw the attention of LEA will be disclosed results in the TLD being less attractive to those seeking to register domain names for abusive purposes, thus mitigating the potential for abuse in the TLD.



4.2.7 REGISTRY LOCK

Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst we will take efforts to promote the awareness of security amongst registrants, it is recognised that an added level of security may be provided to registrants by ‘registry locking’ the domain name thereby prohibiting any updates at the registry operator level. The registry lock service will be offered to all Registrars who may request this service on behalf of their registrants in order to prevent unintentional transfer, modification or deletion of the domain name. This service mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission-critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.


Upon receipt of a list of domain names to be placed on registry lock by an authorised representative from a Registrar, ARI will:

1. Validate that the Registrar is the Registrar of record for the domain names.

2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.

3. Record the status of the domain name in the Shared Registration System (SRS).

4. Provide a monthly report to Registrars indicating the names for which the registry lock service was provided in the previous month.



4.2.8 ORPHAN GLUE RECORD MANAGEMENT

The ARI registry SRS database does not allow orphan records. Glue records are removed when the delegation point NS record is removed. Other domains that need the glue record for correct DNS operation may become unreachable or less reachable depending on their overall DNS service architecture. It is the registrant’s responsibility to ensure that their domain name does not rely on a glue record that has been removed and that it is delegated to a valid nameserver. The removal of glue records upon removal of the delegation point NS record mitigates the potential for use of orphan glue records in an abusive manner.



4.2.9 PROMOTING WHOIS ACCURACY

Inaccurate WhoIs information significantly hampers the ability to enforce policies in relation to abuse in the TLD by allowing the registrant to remain anonymous. In addition, LEAs rely on the integrity and accuracy of WhoIs information in their investigative processes to identify and locate wrongdoers. In recognition of this, we will implement a range of measures to promote the accuracy of WhoIs information in our TLD including:

– Random monthly audits: registrants of randomly selected domain names are contacted by telephone using the provided WhoIs information by a member of the ARI Abuse and Compliance Team in order to verify all WhoIs information. Where the registrant is not contactable by telephone, alternative contact details (email, postal address) will be used to contact the registrant, who must then provide a contact number that is verified by the member of the ARI Policy Compliance team. In the event that the registrant is not able to be contacted by any of the methods provided in WhoIs, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt (based on the premise that a failure to respond is indicative of inaccurate WhoIs information and is grounds for terminating the registration agreement).

– Semi-annual audits: to identify incomplete WhoIs information. Registrants will be contacted using provided WhoIs information and requested to provide missing information. In the event that the registrant fails to provide missing information as requested, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt.

– Email reminders: to update WhoIs information to be sent to registrants every 6 months.

– Reporting system: a web-based submission service for reporting WhoIs accuracy issues available on the Abuse page of our registry website.

– Analysis of registry data: to identify patterns and correlations indicative of inaccurate WhoIs (eg repetitive use of fraudulent details).

Registrants will continually be made aware, through the registry website and email reminders, of their responsibility to provide and maintain accurate WhoIs information and the ramifications of a failure to do so or respond to requests to do so, including termination of the Registration Agreement.

The measures to promote WhoIs accuracy described above strike a balance between the need to maintain the integrity of the WhoIs service, which facilitates the identification of those taking part in illegal or fraudulent behaviour, and the operating practices of the registry operator and Registrars, which aim to offer domain names to registrants in an efficient and timely manner.

Awareness by registrants that we will actively take steps to maintain the accuracy of WhoIs information mitigates the potential for abuse in the TLD by discouraging abusive behaviour given that registrants may be identified, located and held liable for all actions in relation to their domain name.



4.3 REACTIVE – IDENTIFICATION

The methods by which abusive behaviour in our TLD may be identified are described below. These include detection by ARI and notification from third parties. These methods serve to merely identify and not determine whether abuse actually exists. Upon identification of abuse, the behaviour will be handled in accordance with ‘4.4 Abuse Handling’.

Any abusive behaviour identified through one of the methods below will, in accordance with Requirement 13 of the BITS Requirements, be notified immediately to relevant Registrars.



4.3.1 DETECTION – ANALYSIS OF DATA

ARI will routinely analyse registry data in order to identify abusive domain names by searching for behaviours typically indicative of abuse. The following are examples of the data variables that will serve as indicators of a suspicious domain name and may trigger further action by the ARI Abuse and Compliance Team:

– Unusual Domain Name Registration Practices: practices such as registering hundreds of domains at a time, registering domains which are unusually long or complex or include an obvious series of numbers tied to a random word (abuse40, abuse50, abuse60) may, when considered as a whole, be indicative of abuse.

– Domains or IP addresses identified as members of a Fast Flux Service Network (FFSN): ARI uses the formula developed by the University of Mannheim and tested by participants of the Fast Flux PDP WG to determine members of this list. IP addresses appearing within identified FFSN domains, as either NS or A records shall be added to this list.

– An Unusual Number of Changes to the NS record: the use of fast-flux techniques to disguise the location of web sites or other Internet services, to avoid detection and mitigation efforts, or to host illegal activities is considered abusive in the TLD. Fast flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves. As such an unusual number of changes to the NS record may be indicative of the use of fast-flux techniques given that there is little, if any, legitimate need to change the NS record for a domain name more than a few times a month.

– Results of WhoIs audits: The audits conducted to promote WhoIs accuracy described above are not limited to serving that purpose but may also be used to identify abusive behaviour given the strong correlation between inaccurate WhoIs data and abuse.

– Analysis of cross-validation of registrant WhoIs data against WhoIs data known to be fraudulent.

– Analysis of Domain Names belonging to a registrant subject to action under the Anti-Abuse Policy: in cases where action is taken against a registrant through the application of the Anti-Abuse Policy, we will also investigate other domain names by the same registrant (same name, nameserver IP address, email address, postal address etc).



4.3.2 ABUSE REPORTED BY THIRD PARTIES

Whilst we are confident in our abilities to detect abusive behaviour in the TLD owing to our robust ongoing monitoring activities, we recognise the value of notification from third parties to identify abuse. To this end, we will incorporate notifications from the following third parties in our efforts to identify abusive behaviour:

– Industry partners through ARI’s participation in industry forums which facilitate the sharing of information.

– LEA through a single abuse point of contact (our Abuse page on the registry website, as discussed in detail below) and an expedited process (described in detail in ‘4.4 Abuse Handling’) specifically for LEA.

– Members of the general public through a single abuse point of contact (our Abuse page on the registry website).



4.3.2.1 INDUSTRY PARTICIPATION AND INFORMATION SHARING

ARI is a member of the Registry Internet Safety Group (RISG), whose mission is to facilitate data exchange and promulgate best practices to address Internet identity theft, especially phishing and malware distribution. In addition, ARI coordinates with the Anti-Phishing Working Group (APWG) and other DNS abuse organisations and is subscribed to the NXdomain mailing list. ARI’s strong participation in the industry facilitates collaboration with relevant organisations on abuse-related issues and ensures that ARI is responsive to new and emerging domain name abuses.
The information shared as a result of this industry participation will be used to identify domain names registered or used for abusive purposes. Information shared may include a list of registrants known to partake in abusive behaviour in other TLDs. Whilst presence on such lists will not constitute grounds for registrant disqualification, ARI will investigate domain names registered to those listed registrants and take action in accordance with the Anti-Abuse Policy. In addition, information shared regarding practices indicative of abuse will facilitate detection of abuse by our own monitoring activities.



4.3.2.2 SINGLE ABUSE POINT OF CONTACT ON WEBSITE

In accordance with section 4.1 of Specification 6 of the Registry Agreement, we will establish a single abuse point of contact (SAPOC) responsible for addressing and providing a timely response to abuse complaints concerning all names registered in the TLD through all Registrars of record, including those involving a reseller. Complaints may be received from members of the general public, other registries, Registrars, LEA, government and quasi-governmental agencies and recognised members of the anti-abuse community.

The SAPOC’s accurate contact details (email and mailing address as well as a primary contact for handling inquiries related to abuse in the TLD) will be provided to ICANN and published on the Abuse page of our registry website, which will also include:

– All public facing policies in relation to the TLD, including the Anti-Abuse Policy.

– A web-based submission service for reporting inaccuracies in WhoIs information.

– Registrant Best Practices.

– Conditions that apply to proxy registration services and direction to the SAPOC to report domain names that violate the conditions.


As such, the SAPOC may receive complaints regarding a range of matters including but not limited to:

– Violations of the Anti-Abuse Policy.

– Inaccurate WhoIs information.

– Violation of the restriction of proxy registration services to individuals.


The SAPOC will be the primary method by which we will receive notification of abusive behaviour from third parties. It must be emphasised that the SAPOC will be the initial point of contact following which other processes will be triggered depending on the identity of the reporting organisation. Accordingly, separate processes for identifying abuse exist for reports by LEA⁄government and quasi-governmental agencies and members of the general public. These processes will be described in turn below.



4.3.2.2.1 NOTIFICATION BY LEA OF ABUSE

We recognise that LEA, governmental and quasi-governmental agencies may be privy to information beyond the reach of others which may prove critical in the identification of abusive behaviour in our TLD. As such, we will provide an expedited process which serves as a channel of communication for LEA, government and quasi-governmental agencies to, amongst other things, report illegal conduct in connection with the use of the TLD.

The process will involve prioritisation and prompt investigation of reports identifying abuse from those organisations. The steps in the expedited process are summarised as follows:

1. ARI’s Abuse and Compliance Team will identify relevant LEA, government and quasi-governmental agencies who may take part in the expedited process, depending on the mission⁄purpose and jurisdiction of our TLD. A means of verification will be established with each of the identified agencies in order to verify the identity of a reporting agency utilising the expedited process.

2. We will publish contact details on the Abuse page of the registry website for the SAPOC to be utilised by only those taking part in the expedited process.

3. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a ticket in ARI’s case management system (CMS).

4. The identity of the reporting agency will be identified using the established means of verification (ARIʹs Security Policy has strict guidelines regarding the verification of external parties over the telephone). If no means of verification has been established, the report will be immediately escalated to the ARI Abuse and Compliance Team. Results of verification will be recorded against the relevant CMS ticket.

5. Upon verification of the reporting agency, the ARI Service Desk will obtain the details necessary to adequately investigate the report of abusive behaviour in the TLD. This information will be recorded against the relevant CMS ticket.

6. Reports from verified agencies may be provided in the Incident Object Description Exchange Format (IODEF) as defined in RFC 5070. Provision of information in the IODEF will improve our ability to resolve complaints by simplifying collaboration and data sharing.

7. Tickets will then be forwarded to the ARI Abuse and Compliance Team to be dealt with in accordance with ‘4.4 Abuse Handling’.



4.3.2.2.2 NOTIFICATION BY GENERAL PUBLIC OF ABUSE

Abusive behaviour in the TLD may also be identified by members of the general public including but not limited to other registries, Registrars or security researchers. The steps in this notification process are summarised as follows:

1. We will publish contact details on the Abuse page of the registry website for the SAPOC (note that these contact details are not the same as those provided for the expedited process).

2. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a CMS ticket.

3. The details of the report identifying abuse will be documented in the CMS ticket using a standard information gathering template.

4. Tickets will be forwarded to the ARI Abuse and Compliance Team, to be dealt with in accordance with ‎‘4.4 Abuse Handling’.



4.4 ABUSE HANDLING

Upon being made aware of abuse in the TLD, whether by ongoing monitoring activities or notification from third parties, the ARI Abuse and Compliance Team will perform the following functions:



4.4.1 PRELIMINARY ASSESSMENT AND CATEGORISATION

Each report of purported abuse will undergo an initial preliminary assessment by the ARI Abuse and Compliance Team to determine the legitimacy of the report. This step may involve simply visiting the offending website and is intended to weed out spurious reports, and will not involve the in-depth investigation needed to make a determination as to whether the reported behaviour is abusive.
Where the report is assessed as being legitimate, the type of activity reported will be classified as one of the types of abusive behaviour as found in the Anti-Abuse Policy by the application of the definitions provided. In order to make this classification, the ARI Abuse and Compliance Team must establish a clear link between the activity reported and the alleged type of abusive behaviour such that addressing the reported activity will address the abusive behaviour.

While we recognise that each incident of abuse represents a unique security threat and should be mitigated accordingly, we also recognise that prompt action justified by objective criteria are key to ensuring that mitigation efforts are effective. With this in mind, we have categorised the actions that we may take in response to various types of abuse by reference to the severity and immediacy of harm. This categorisation will be applied to each validated report of abuse and actions will be taken in accordance with the table below. It must be emphasised that the actions to mitigate the identified type of abuse in the table are merely intended to provide a rough guideline and may vary upon further investigation.


Category 1

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware

Mitigation steps:

1. Investigate
2. Notify registrant


Category 2

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name
2. Investigate
3. Restore or terminate domain name
The mitigation steps for each category will now be described:



4.4.2 INVESTIGATION – CATEGORY 1

Types of abusive behaviour that fall into this category include those that represent a low severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in the dissemination of unsolicited information or the publication of illegitimate information. While undesirable, these activities do not generally present such an immediate threat as to justify suspension of the domain name in question. We will contact the registrant to instruct that the breach of the Anti-Abuse Policy be rectified. If the ARI Abuse and Compliance Team’s investigation reveals that the severity or immediacy of harm is greater than originally anticipated, the abusive behaviour will be escalated to Category 2 and mitigated in accordance with the applicable steps. These are described below. The assessment made and actions taken will be recorded against the relevant CMS ticket.



4.4.3 SUSPENSION – CATEGORY 2

Types of abusive behaviour that fall into this category include those that represent a medium to high severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in intrusion into other computers’ networks and systems or financial gain by fraudulent means. Following notification of the existence of such behaviours, the ARI Abuse and Compliance Team will suspend the domain name pending further investigation to determine whether the domain name should be restored or cancelled. Cancellation will result if, upon further investigation, the behaviour is determined to be one of the types of abuse defined in the Anti-Abuse Policy. Restoration of the domain name will result where further investigation determines that abusive behaviour, as defined by the Anti-Abuse Policy, does not exist. Due to the higher severity or immediacy of harm attributed to types of abusive behaviour in this category, ARI will, in accordance with their contractual commitment to us in the form of SLA’s, carry out the mitigation response within 24 hours by either restoring or cancelling the domain name. The assessment made and actions taken will be recorded against the relevant CMS ticket.

Phishing is considered to be a serious violation of the Anti-Abuse Policy owing to its fraudulent exploitation of consumer vulnerabilities for the purposes of financial gain. Given the direct relationship between phishing uptime and extent of harm caused, we recognise the urgency required to execute processes that handle phish domain termination in a timely and cost effective manner. Accordingly, the ARI Abuse and Compliance Team will prioritise all reports of phishing from brand owners, anti-phishing providers or otherwise and carry out the appropriate mitigation response within 12 hours in accordance with the SLA’s in place between us and ARI. In addition, since a majority of phish domains are subdomains, we believe it is necessary to ensure that subdomains do not represent an unregulated domain space to which phishers are known to gravitate. Regulation of the subdomain space is achieved by holding the registrant of the parent domain liable for any actions that may occur in relation to subdomains. In reality, this means that where a subdomain determined to be used for phishing is identified, the parent domain may be suspended and possibly cancelled, thus effectively neutralising every subdomain hosted on the parent. In our RRA we will require that Registrars ensure that their Registration Agreements reflect our ability to address phish subdomains in this manner.



4.4.4 EXECUTING LEA INSTRUCTIONS

We understand the importance of our role as a registry operator in addressing consumer vulnerabilities and are cognisant of our obligations to assist LEAs, government and quasi-governmental agencies in the execution of their responsibilities. As such, we will make all reasonable efforts to ensure the integration of these agencies into our processes for the identification and handling of abuse by, amongst other things:

1. Providing expedited channels of communication (discussed above).

2. Notifying LEA of abusive behaviour believed to constitute evidence of a commission of a crime eg distribution of child pornography.

3. Sharing all available information upon request from LEA utilising the expedited process, including results of our investigation.

4. Providing bulk WhoIs information upon request from LEA utilising the expedited process.

5. Acting on instructions from a verified reporting agency.
It is anticipated that these actions will assist agencies in the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties. The relevant agencies are not limited to those enforcing criminal matters but may also include those enforcing civil matters in order to eliminate consumer vulnerabilities.


Upon notification of abusive behaviour by LEA, government or quasi– governmental agencies through the expedited process and verification of the reporting agency, a matter will be immediately communicated to us for our consideration. If we do not instruct ARI to refer the matter to us for our resolution, the CMS ticket will be forwarded to the ARI Abuse and Compliance Team, which will take one of the following actions:

1. The reported behaviour will be subject to preliminary assessment and categorisation as described above. The reported behaviour will then be mitigated based on the results of the categorisation. A report describing the manner in which the notification from the agency was handled will be provided to the agency within 24 hours. This report will be recorded against the relevant CMS ticket.
OR

2. Where specific instructions are received from the reporting agency in the required format, ARI will act in accordance with those instructions provided that they do not result in the contravention of applicable law. ARI will, in accordance with their contractual commitment to us in the form of SLA’s, execute such instructions within 12 hours. The following criteria must be satisfied by the reporting agency at this stage:
a. The request must be made in writing to ARI using a Pro Forma document on the agency’s letterhead. The Pro Forma document will be sent to the verified agency upon request.
b. The Pro Forma document must be delivered to ARI by fax.
c. The Pro Forma document must:
i. Describe in sufficient detail the actions the agency seeks ARI to take.
ii. Provide the domain name⁄s affected.
iii. Certify that the agency is an ‘enforcement body’ for the purposes of the Privacy Act 1988 (Cth) or local equivalent.
iv. Certify that the requested actions are required for the investigation and⁄or enforcement of relevant legislation which must be specified.
v. Certify that the requested actions are necessary for the agency to effectively carry out its functions.

Following prompt execution of the request, a report will be provided to the agency in a timely manner. This report will be recorded against the relevant CMS ticket.
Finally, whilst we do not anticipate the occurrence of a security situation owing to our robust systems and processes deployed to combat abuse, we are aware of the availability of the Expedited Registry Security Request Process to inform ICANN of a present or imminent security situation and to request a contractual waiver for actions we might take or have taken to mitigate or eliminate the security concern.



5 RESOURCES

This function will be performed by ARI. Abuse services are supported by the following departments:

– Abuse and Compliance Team (6 staff)

– Development Team (11 staff)

– Service Desk (14 staff)


A detailed list of the departments, roles and responsibilities in ARI is provided as attachment ‘Q28 – ARI Background & Roles.pdf’. This attachment describes the functions of the above teams and the exact number and nature of staff within.
The number of resources required to design, build, operate and support the SRS does not vary significantly with, and is not linearly proportional to, the number or size of TLDs that ARI provides registry services to.

ARI provides registry backend services to 5 TLDs and has a wealth of experience in estimating the number of resources required to support a registry system.
Based on past experience ARI estimates that the existing staff is adequate to support a registry system that supports in excess of 50M domains. Since this TLD projects 3,664 domains, 0.01% of these resources are allocated to this TLD. See attachment ‘Q28 – Registry Scale Estimates & Resource Allocation.xlsx’ for more information.

ARI protects against loss of critical staff by employing multiple people in each role. Staff members have a primary role plus a secondary role for protection against personnel absence. Additionally ARI can scale resources as required.

ARI’s Anti-Abuse Service serves to prevent and mitigate abusive behaviour in the TLD as well as activities that may infringe trademarks. These responsibilities will be undertaken by three teams. ARI’s Development Team will be responsible for developing the technical platforms and meeting technical requirements needed to implement the procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI’s Abuse and Compliance Team will be responsible for the ongoing implementation of measures to minimise abusive registrations and other activities that have a negative impact on Internet users. ARI’s Service Desk will be responsible for responding to reports of abuse received through the abuse point of contact on the registry’s website and logging these in a ticket in ARI’s case management system.

The responsibilities of these teams relevant to the initial implementation and ongoing maintenance of our measures to minimise abusive registrations and other activities that affect the rights of trademark holders are described in our response to Question 29.

All of the responsibilities undertaken by ARI’s Development Team, Abuse and Compliance Team, and Service Desk are inclusive in ARI’s Managed TLD Registry services fee, which is accounted for as an outsourcing cost in our response to Question 47. The resources needs of these teams have been determined by applying the conservative growth projections for our TLD (which are identified in our response to Question 48) to the team’s responsibilities at start-up and on an ongoing basis.



5.1 ARI DEVELOPMENT TEAM

All tools and systems needed to support the initial and ongoing implementation of measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse will be developed and maintained by ARI. ARI has a software development department dedicated to this purpose which will ensure that the tools are fit for purpose and adjusted as requirements change.

ARI’s Development Team participate actively in the industry; this facilitates collaboration with relevant organisations on abuse related issues and ensures that the ARI Development Team is responsive to new and emerging domain name abuses and the tools and systems required to be built to address these abuses. This team consists of:

– 1 Development Manager

– 2 Business Analysts

– 6 Developers

– 2 Quality Analysts



5.2 ARI ABUSE AND COMPLIANCE TEAM

ARI’s Abuse and Compliance Team will be staffed by six full-time equivalent positions. These roles will entail the following:

Policy Compliance Officers: A principal responsibility of the Policy Compliance Officers will be handling notifications of abuse through the SAPOC. This will involve managing the expedited process, identifying and categorising suspected abuse according to our Anti-Abuse Policy, and carrying out the appropriate mitigation response for all categorised abuses. When abuse is identified, Policy Compliance Officers will investigate other domain names held by a registrant whose domain name is subject to a mitigation response. They will maintain a list of and disqualify registrants found to have repeatedly engaged in abusive behaviour. They will also be responsible for analysing registry data in search of behaviours indicative of abuse, reviewing industry lists in search of data that may identify abuse in the TLD.

Another key responsibility of Policy Compliance Officers will be implementing measures to promote WhoIs accuracy (including managing and addressing all reports of inaccurate WhoIs information received from the web submission service) and verifying the physical address provided by a registrant against various databases for format and content requirements for the region.

Policy Compliance Officers will act on the instructions of verified LEA and Dispute Resolution Providers and participate in ICANN and industry groups involved in the promulgation of policies and best practices to address abusive behaviour. They will escalate complaints and issues to the Legal Manager when necessary and communicate with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. This role will be provided on a 24⁄7 basis, supported outside of ordinary business hours by ARI’s Service Desk.

Policy Compliance Officers will be required to have the following skills⁄qualifications: customer service⁄fault handling experience, comprehensive knowledge of abusive behaviour in a TLD and related policies, Internet industry knowledge, relevant post-secondary qualification, excellent communication and professional skills, accurate data entry skills, high-level problem solving skills, and high-level computer skills.

Legal Manager: The Legal Manager will be responsible for handling all potential disputes arising in connection with the implementation of ARI’s Anti-Abuse service and related policies. This will involve assessing escalated complaints and issues, liaising with Legal Counsel and the registry operator, resolving disputes and communicating with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. The Legal Manager will be responsible for forwarding all matters requiring determination by the registry operator which fall outside the scope of ARI’s Anti-Abuse functions. The Legal Manager will be required to have the following skills⁄qualifications: legal background (in particular, intellectual property⁄information technology law) or experience with relevant tertiary or post-graduate qualifications, dispute resolution experience, Internet industry experience, strong negotiation skills, excellent communication and professional skills, good computer skills, high-level problem solving skills.

Legal Counsel: A qualified lawyer who will be responsible for all in-house legal advice, including responding to LEA and dealing with abusive behaviour.

The team consists of:

– 4 Policy Compliance Officers

– 1 Legal Manager

– 1 Legal Counsel



5.3 ARI SERVICE DESK

ARI’s Service Desk will be staffed by 14 full-time equivalent positions. Responsibilities of Service Desk relevant to ARI’s Anti-Abuse Service include the following: responding to notifications of abuse through the abuse point of contact and expedited process for LEA, logging notifications as a ticket in ARI’s case management system, notifying us of a report received through the expedited process for LEA, government and quasi-governmental agencies, and forwarding tickets to ARI’s Abuse and Compliance team for resolution in accordance with the Anti-Abuse Policy.

For more information on the skills and responsibilities of these roles please see the in-depth resources section in response to Question 31.

Based on the projections and the experience of ARI, the resources described here are more than sufficient to accommodate the needs of this TLD.

The use of these resources and the services they enable is included in the fees paid to ARI which are described in the financial responses.






** TRI Ventures’ draft registration policy


1. DOMAIN NAME LICENCES

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.



2. SELECTION OF REGISTRARS

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with
clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of TRI Ventures;

(iv) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(v) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(vi) provide multi-language support for the registration of IDNs;

(vii) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(viii) meet applicable technical requirements of TRI Ventures; and

(ix) comply with all conditions, dependencies, policies and other requirements reasonably imposed by TRI Ventures, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.



3. ELIGIBLE REGISTRANTS

Entities and persons with an interest in software applications (apps) may register Domain Names in the .app gTLD.



4. REQUIRED CRITERIA FOR DOMAIN NAME REGISTRATION

An application for Domain Name registration must meet all the following criteria:

(i) availability;

a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements.

(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry; and
c. any additional technical requirements as required by the Registry from time to time.

(iii) the use of the Domain Name must be consistent with the mission and purposes of the gTLD and consistent with the Domain Name registration policy of TRI Ventures, and include but not be limited to:
a. software application name;
b. application software development service name;
c. software application marketing term; or
d. any relevant name or term to the mission and purpose of the TLD

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.



5. OBLIGATION OF REGISTRANTS

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.


The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.



6. REGISTRANT CONTACT INFORMATION

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:
a. name of a company or organisation;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.


7. REVOCATION OF DOMAIN NAMES

The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials, except for when such speech or material are part of an art object itself;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.

(iv) in order to protect the integrity and stability of the domain name system and the Registry;

(v) where such Domain Name is placed under reserved names list at any time;

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services; and

(vii) where the use of the domain name is not consistent with the mission and purpose of the gTLD.


8. USE OF SECOND OR THIRD LEVEL IDNS IF AND WHEN PROVIDED BY TRI VENTURES

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the Registry.


9. USE OF GEOGRAPHIC NAMES

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.

Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with TRI Ventures’ response to Question 22 Geographic Names.


10. RESERVED NAMES

The Registry may place certain names in its reserved list from time to time where:

(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or

(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.

Reserved Names for TRI Ventures:
The Registry will prepare and publish a list of reserved names prior to the launch of the TLD.


11. ALLOCATION OF DOMAIN NAME

The Registry will register Domain Names on a first-come, first-served basis in accordance with the Registry Rules. The Registry does not provide pre-registration or reservation of Domain Names.


12. LIMITATION ON REGISTRATION ⁄ DOMAIN NAME LICENCES

There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.


13. PROTECTION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS

The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).


14. TERM OF REGISTRATION ⁄ RENEWAL

Initial term of registration:
A Domain Name can be registered for a period between one (1) to ten (10) years.


Renewal of registration:
(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.


Cancellation of registration:
The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.


Auto-renewal:
Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.


15. TRANSFER OF DOMAIN NAMES BETWEEN REGISTRANTS

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .app gTLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the Registry to approve such transfer.


16. CHANGE OF REGISTRAR

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.


17. PRIVACY AND DATA PROTECTION

By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .app gTLD. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.

The Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.


18. WHOIS

The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:

(i) the WHOIS database is provided for information purposes only; and

(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.


19. PRICING ⁄ PAYMENT

The standard fee charged to Registrars will be determined by TRI Ventures prior to launch of the .app gTLD. Such fees will include those relevant to new registrations and renewal of domain names within the .app gTLD.

The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.


20. DISPUTE RESOLUTION

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.


21. Compliance with Consensus and Temporary Policies
The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.


22. DEFINITIONS

Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:
(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or
(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or
(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

Domain Name means a domain name registered directly under the .app gTLD or for which a request or application for registration has been filed with the Registry;

ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).

Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;

Registry means TRI Ventures Inc. (TRI Ventures);

Registry Agreement means the agreement between TRI Ventures and ICANN;

Registry Rules mean:
(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and
(ii) Registration policies provided and amended by the Registry from time to time.

Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.
gTLDFull Legal NameE-mail suffixDetail
.studioNamesphere Limitedtld.asiaView
We have engaged ARI Registry Services (ARI) to deliver services for this TLD. ARI provide registry services for a number of TLDs including the .au ccTLD. For more background information on ARI please see the attachment ‘Q28 – ARI Background & Roles.pdf’. The Registry works closely with DotAsia Organisation (through Namesphere, as the registry front-end services provider) to develop and implement additional measures to improve abuse prevention and mitgation. DotAsia is the operator for the .ASIA gTLD and is a pioneer in the development of registry level policies to mitigate against abusive registrations.

1 INTRODUCTION

The efforts that will be undertaken in this TLD to minimise abusive registrations and other activities that have a negative impact on Internet users are described below. We will be utilising the Anti-Abuse Service of our managed registry service provider, ARI. This service includes the implementation of our comprehensive Anti-Abuse Policy. This policy, developed in consultation with ARI, clearly defines abusive behaviour and identifies particular types of abusive behaviour and the mitigation response to such behaviour.

2 OVERVIEW

We have engaged ARI to deliver registry services for this TLD. ARI will, owing to their extensive industry experience and established anti-abuse operations, implement and manage on our behalf various procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI will forward to us all matters requiring determination by the registry operator which fall beyond the scope of ARI’s Anti-Abuse Service. This is described below in the context of the implementation of our Anti-Abuse Policy.
Despite utilisation of ARI’s Anti-Abuse Service, we are nonetheless cognisant of our responsibility to minimise abusive registrations and other activities that have a negative impact on Internet users in the TLD. In recognition of this responsibility, we will play an instrumental role in overseeing the implementation of the Anti-Abuse Service by ARI. We will also have contractual commitments in the form of SLA’s in place to ensure that ARI’s delivery of the Anti-Abuse Service is aligned with our strong commitment to minimise abuse in our TLD.
That strong commitment is further demonstrated by our adoption of many of the requirements proposed in the ‘2011 Proposed Security, Stability and Resiliency Requirements for Financial TLDs’ (at http:⁄⁄www.icann.org⁄en⁄news⁄correspondence⁄aba-bits-to-beckstrom-crocker-20dec11-en.pdf) (the ‘BITS Requirements). We acknowledge that these requirements were developed by the financial services sector in relation to financial TLDs, but nevertheless believe that their adoption in this TLD (which is not financial-related) results in a more robust approach to combating abuse.
Consistent with Requirement 6 of the BITS Requirements, we will certify to ICANN on an annual basis our compliance with our Registry Agreement.
Please note that the various policies and practices that we have implemented to minimise abusive registrations and other activities that affect the rights of trademark holders are specifically described in our response to Question 29.

3 POLICY

In consultation with ARI we have developed a comprehensive Anti-Abuse Policy, which is the main instrument that captures our strategy in relation to abuse in the TLD.

3.1 Definition of Abuse
Abusive behaviour in a TLD may relate to the core domain name-related activities performed by Registrars and registries including, but not limited to:
– The allocation of registered domain names.
– The maintenance of and access to registration information.
– The transfer, deletion, and reallocation of domain names.
– The manner in which the registrant uses the domain name upon creation.
Challenges arise in attempting to define abusive behaviour in the TLD due to its broad scope. Defining abusive behaviour by reference to the stage in the domain name lifecycle in which the behaviour occurs presents difficulty given that a particular type of abuse may occur at various stages of the life cycle.
With this in mind, ARI has fully adopted the definition of abuse developed by the Registration Abuse Policies Working Group (Registration Abuse Policies Working Group Final Report 2010, at http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), which does not focus on any particular stage in the domain name life cycle.
Abusive behaviour in a TLD may be defined as an action that:
– causes actual and substantial harm, or is a material predicate of such harm.
– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.
In applying this definition the following must be noted:
1. The party or parties harmed, and the severity and immediacy of the abuse, should be identified in relation to the specific alleged abuse.
2. The term ʺharmʺ is not intended to shield a party from fair market competition.
3. A predicate is a related action or enabler. There must be a clear link between the predicate and the abuse, and justification enough to address the abuse by addressing the predicate (enabling action).
For example, WhoIs data can be used in ways that cause harm to domain name registrants, intellectual property (IP) rights holders and Internet users. Harmful actions may include the generation of spam, the abuse of personal data, IP infringement, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences. Examples of predicates to these harmful actions are automated email harvesting, domain name registration by proxy⁄privacy services to aid wrongful activity, support of false or misleading registrant data, and the use of WhoIs data to develop large email lists for commercial purposes. The misuse of WhoIs data is therefore considered abusive because it is contrary to the intention and design of the stated legitimate purpose of WhoIs data.

3.2 Aims and Overview of Our Anti-Abuse Policy
Our Anti-Abuse Policy will put registrants on notice of the ways in which we will identify and respond to abuse and serve as a deterrent to those seeking to register and use domain names for abusive purposes. The policy will be made easily accessible on the Abuse page of our registry website which will be accessible and have clear links from the home page along with FAQs and contact information for reporting abuse.
Consistent with Requirements 15 and 16 of the BITS Requirements, our policy:
– Defines abusive behaviour in our TLD.
– Identifies types of actions that constitute abusive behaviour, consistent with our adoption of the RAPWG definition of ‘abuse’.
– Classifies abusive behaviours based on the severity and immediacy of the harm caused.
– Identifies how abusive behaviour can be notified to us and the steps that we will take to determine whether the notified behaviour is abusive.
– Identifies the actions that we may take in response to behaviour determined to be abusive.

Our RRA will oblige all Registrars to do the following in relation to the Anti-Abuse Policy:
– comply with the Anti-Abuse Policy; and
– include in their registration agreement with each registrant an obligation for registrants to comply with the Anti-Abuse Policy and each of the following requirements:
‘operational standards, policies, procedures, and practices for the TLD established from time to time by the registry operator in a non-arbitrary manner and applicable to all Registrars, including affiliates of the registry operator, and consistent with ICANNʹs standards, policies, procedures, and practices and the registry operator’s Registry Agreement with ICANN. Additional or revised registry operator operational standards, policies, procedures, and practices for the TLD shall be effective upon thirty days notice by the registry operator to the Registrar. If there is a discrepancy between the terms required by this Agreement and the terms of the Registrar’s registration agreement, the terms of this Agreement shall supersede those of the Registrar’s registration agreement’.
Our RRA will additionally incorporate the following BITS Requirements:
– Requirement 7: Registrars must certify annually to ICANN and us compliance with ICANN’s Registrar Accreditation Agreement (RAA) our Registry-Registrar Agreement (RRA).
– Requirement 9: Registrars must provide and maintain valid primary contact information (name, email address, and phone number) on their website.
– Requirement 14: Registrars must notify us immediately regarding any investigation or compliance action, including the nature of the investigation or compliance action by ICANN or any outside party (eg law enforcement, etc.) along with the TLD impacted.
– Requirement 19: Registrars must disclose registration requirements on their website.
We will re-validate our RRAs at least annually, consistent with Requirement 10.

3.3 Anti-Abuse Policy
Our Anti-Abuse Policy is as follows:
Anti-Abuse Policy
Introduction:
The abusive registration and use of domain names in the TLD is not tolerated given that the inherent nature of such abuses creates security and stability issues for all participants in the Internet environment.
Definition of Abusive Behaviour:
Abusive behaviour is an action that:
– causes actual and substantial harm, or is a material predicate of such harm; or
– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.
A ‘predicate’ is an action or enabler of harm.
‘Material’ means that something is consequential or significant.
Examples of abusive behaviour falling within this definition:
– Spam: the use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.
– Phishing: the use of a fraudulently presented web site to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.
– Pharming: the redirecting of unknowing users to fraudulent web sites or services, typically through DNS hijacking or poisoning, in order to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.
– Wilful distribution of malware: the dissemination of software designed to infiltrate or cause damage to devices or to collect confidential data from users without the owner’s informed consent.
– Fast Flux hosting: the use of DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves in order to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast flux hosting may only be used with prior permission of the registry operator.
– Botnet command and control: the development and use of a command, agent, motor, service or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.
– Distribution of child pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.
– Illegal access to other computers or networks: the illegal accessing of computers, accounts, or networks belonging to another party, or attempt to penetrate security measures of another individual’s system (hacking). Also, any activity that might be used as a precursor to an attempted system penetration.

Detection of Abusive Behaviour:
Abusive behaviour in the TLD may be detected in the following ways:
– By us through our on-going monitoring activities and industry participation.
– By third parties (general public, law enforcement, government agencies, industry partners) through notification submitted to the abuse point of contact on our website, or industry alerts.
Reports of abusive behaviour will be notified immediately to the Registrar of record.

Handling of abusive behaviour:
When abusive behaviour is detected in our TLD through notification by a third party, a preliminary assessment will be performed in order to determine whether the notification is legitimately made. Applying the definitions of types of abusive behaviours identified in this policy, we will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to registrants and Internet users. These categories are provided below and are defined by reference to the action that may be taken by us. The examples of types of abusive behaviour falling within each category are illustrative only.
Category 1:
Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware
Mitigation steps:
1. Investigate
2. Notify registrant
Category 2:
Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control
Mitigation steps:
1. Suspend domain name
2. Investigate
3. Restore or terminate domain name
In the event that we receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, our mitigation steps will be in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, we will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime, eg distribution of child pornography.
Note that these expected actions are intended to provide a guide to our response to abusive behaviour rather than any guarantee that a particular action will be taken.
The identification of abusive behaviour in the TLD, as defined above, shall give us the right, but not the obligation, to take such actions in accordance with the following text in the RRA, which provides that the registry operator:
‘reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, or instruct Registrars to take such an action as we deem necessary in our discretion to;
1. protect the integrity and stability of the registry;
2. comply with any applicable laws, government rules or requirements, requests of law enforcement, or dispute resolution process;
3. avoid any liability, civil or criminal, on the part of the registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees, per the terms of the registration agreement; and
4. correct mistakes made by the registry operator or any Registrar in connection with a domain name registration.
We reserve the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.
We also reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.
Registrars only and not Resellers may offer proxy registration services to private individuals using the domain name for non-commercial purposes.
We may amend or otherwise modify this policy to keep abreast of changes in consensus policy or new and emerging types of abusive behaviour in the Internet.
Registrar’s failure to comply with this Anti-Abuse Policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to us under the RRA.

4 ABUSE PREVENTION AND MITIGATION

This section describes the implementation of our abuse related processes regarding:
– Building awareness of the Anti-Abuse Policy.
– Mitigating the potential for abusive behaviour.
– Identifying abusive behaviour.
– Handling abusive behaviour.

4.1. Awareness of Policy
The Anti-Abuse Policy will be published on the Abuse page of our registry website, which will be accessible and have clear links from the home page. In addition, the URL to the Abuse page will be included in all email correspondence to the registrant, thereby placing all registrants on notice of the applicability of the Anti-Abuse Policy to all domain names registered in our TLD. The Abuse page will, consistent with Requirement 8 of the BITS Requirements, provide registry contact information (name, email address, and phone number) to enable the public to communicate with us about TLD policies. The Abuse page will emphasise and evidence our commitment to combating abusive registrations by clearly identifying what our policy on abuse is and what effect our implementation of the policy may have on registrants. We anticipate that this clear message, which communicates our commitment to combating abusive registrations, will serve to minimise abusive registrations in our TLD.

4.2 Pre-emptive – Mitigating of the Potential for Abuse
The following practices and procedures will be adopted to mitigate the potential for abusive behaviour in our TLD.

4.2.1 ICANN Prescribed Measures
In accordance with our obligations as a registry operator, we will comply with all requirements in the ‘gTLD Applicant Guidebook’. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the TLD:
– DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy-to-use manner in order to facilitate deployment by registrants. DNSSEC deployment is further discussed in the context of our response to Question 43.
– Prohibition on Wild Carding as required by section 2.2 of Specification 6 of the Registry Agreement.
– Removal of Orphan Glue records (discussed below in ‎‘4.2.8 Orphan Glue Record Management’).

4.2.2 Increasing Registrant Security Awareness
In accordance with our commitment to operating a secure and reliable TLD, we will attempt to improve registrant awareness of the threats of domain name hijacking, registrant impersonation and fraud, and emphasise the need for and responsibility of registrants to keep registration (including WhoIs) information accurate. Awareness will be raised by:
– Publishing the necessary information on the Abuse page of our registry website in the form of videos, presentations and FAQ’s.
– Developing and providing to registrants and resellers Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse when the uniqueness property of this domain name password is not preserved.
The increase in awareness renders registrants less susceptible to attacks on their domain names owing to the adoption of the recommended best practices thus serving to mitigate the potential for abuse in the TLD. The clear responsibility on registrants to provide and maintain accurate registration information (including WhoIs) further serves to minimise the potential for abusive registrations in the TLD.

4.2.3 Mitigating the Potential for Abusive Registrations that Affect the Legal Rights of Others
Many of the examples of abusive behaviour identified in our Anti-Abuse Policy may affect the rights of trademark holders. While our Anti-Abuse Policy addresses abusive behaviour in a general sense, we have additionally developed specific policies and procedures to combat behaviours that affect the rights of trademark holders at start-up and on an ongoing basis. These include the implementation of a trademark claims service and a sunrise registration service at start-up and implementation of the UDRP, URS and PDDRP on an ongoing basis. The implementation of these policies and procedures serves to mitigate the potential for abuse in the TLD by ensuring that domain names are allocated to those who hold a corresponding trademark.
These policies and procedures are described in detail in our response to Question 29.

4.2.4 Safeguards Against Allowing for Unqualified Registrations
The eligibility restrictions for this TLD are outlined in our response to Question 18.
Eligibility restrictions will be implemented contractually through our RRA, which will require Registrars to include the following in their Registration Agreements:
– Registrant warrants that it satisfies eligibility requirements.
Where applicable, eligibility restrictions will be enforced through the adoption of the Charter Eligibility Dispute Resolution Policy or a similar policy, and Registrars will be obliged to require in their registration agreements that registrants agree to be bound by such policy and acknowledge that a registration may be cancelled in the event that a challenge against it under such policy is successful.
Providing an administrative process for enforcing eligibility criteria and taking action when notified of eligibility violations mitigates the potential for abuse. This is achieved through the risk of cancellation in the event that it is determined in a challenge procedure that eligibility criteria are not satisfied.

4.2.5 Registrant Disqualification
As specified in our Anti-Abuse Policy, we reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.
Registrants, their agents or affiliates found through the application of our Anti-Abuse Policy to have repeatedly engaged in abusive registration will be disqualified from maintaining any registrations or making future registrations. This will be triggered when our records indicate that a registrant has had action taken against it an unusual number of times through the application of our Anti-Abuse Policy. Registrant disqualification provides an additional disincentive for qualified registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.
In addition, nameservers that are found to be associated only with fraudulent registrations will be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.
The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to partake in such behaviour from registering domain names.

4.2.6 Restrictions on Proxy Registration Services
Whilst it is understood that implementing measures to promote WhoIs accuracy is necessary to ensure that the registrant may be tracked down, it is recognised that some registrants may wish to utilise a proxy registration service to protect their privacy. In the event that Registrars elect to offer such services, the following conditions apply:
– Proxy registration services may only be offered by Registrars and NOT resellers.
– Registrars must ensure that the actual WhoIs data is obtained from the registrant and must maintain accurate records of such data.
– Registrars must provide Law Enforcement Agencies (LEA) with the actual WhoIs data upon receipt of a verified request.
– Proxy registration services may only be made available to private individuals using the domain name for non-commercial purposes.
These conditions will be implemented contractually by inclusion of corresponding clauses in the RRA as well as being published on the Abuse page of our registry website. Individuals and organisations will be encouraged through our Abuse page to report any domain names they believe violate the above restrictions, following which appropriate action may be taken by us. Publication of these conditions on the Abuse page of our registry website ensures that registrants are aware that despite utilisation of a proxy registration service, actual WhoIs information will be provided to LEA upon request in order to hold registrants liable for all actions in relation to their domain name. The certainty that WhoIs information relating to domain names which draw the attention of LEA will be disclosed results in the TLD being less attractive to those seeking to register domain names for abusive purposes, thus mitigating the potential for abuse in the TLD.

4.2.7 Registry Lock
Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst we will take efforts to promote the awareness of security amongst registrants, it is recognised that an added level of security may be provided to registrants by ‘registry locking’ the domain name thereby prohibiting any updates at the registry operator level. The registry lock service will be offered to all Registrars who may request this service on behalf of their registrants in order to prevent unintentional transfer, modification or deletion of the domain name. This service mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission-critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.
Upon receipt of a list of domain names to be placed on registry lock by an authorised representative from a Registrar, ARI will:
1. Validate that the Registrar is the Registrar of record for the domain names.
2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.
3. Record the status of the domain name in the Shared Registration System (SRS).
4. Provide a monthly report to Registrars indicating the names for which the registry lock service was provided in the previous month.

4.2.8 Orphan Glue Record Management
The ARI registry SRS database does not allow orphan records. Glue records are removed when the delegation point NS record is removed. Other domains that need the glue record for correct DNS operation may become unreachable or less reachable depending on their overall DNS service architecture. It is the registrant’s responsibility to ensure that their domain name does not rely on a glue record that has been removed and that it is delegated to a valid nameserver. The removal of glue records upon removal of the delegation point NS record mitigates the potential for use of orphan glue records in an abusive manner.

4.2.9 Promoting WhoIs Accuracy
Inaccurate WhoIs information significantly hampers the ability to enforce policies in relation to abuse in the TLD by allowing the registrant to remain anonymous. In addition, LEAs rely on the integrity and accuracy of WhoIs information in their investigative processes to identify and locate wrongdoers. In recognition of this, we will implement a range of measures to promote the accuracy of WhoIs information in our TLD including:
– Random monthly audits: registrants of randomly selected domain names are contacted by telephone using the provided WhoIs information by a member of the ARI Abuse and Compliance Team in order to verify all WhoIs information. Where the registrant is not contactable by telephone, alternative contact details (email, postal address) will be used to contact the registrant, who must then provide a contact number that is verified by the member of the ARI Policy Compliance team. In the event that the registrant is not able to be contacted by any of the methods provided in WhoIs, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt (based on the premise that a failure to respond is indicative of inaccurate WhoIs information and is grounds for terminating the registration agreement).
– Semi-annual audits: to identify incomplete WhoIs information. Registrants will be contacted using provided WhoIs information and requested to provide missing information. In the event that the registrant fails to provide missing information as requested, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt.
– Email reminders: to update WhoIs information to be sent to registrants every 6 months.
– Reporting system: a web-based submission service for reporting WhoIs accuracy issues available on the Abuse page of our registry website.
– Analysis of registry data: to identify patterns and correlations indicative of inaccurate WhoIs (eg repetitive use of fraudulent details).
Registrants will continually be made aware, through the registry website and email reminders, of their responsibility to provide and maintain accurate WhoIs information and the ramifications of a failure to do so or respond to requests to do so, including termination of the Registration Agreement.
The measures to promote WhoIs accuracy described above strike a balance between the need to maintain the integrity of the WhoIs service, which facilitates the identification of those taking part in illegal or fraudulent behaviour, and the operating practices of the registry operator and Registrars, which aim to offer domain names to registrants in an efficient and timely manner.
Awareness by registrants that we will actively take steps to maintain the accuracy of WhoIs information mitigates the potential for abuse in the TLD by discouraging abusive behaviour given that registrants may be identified, located and held liable for all actions in relation to their domain name.

4.2.9.1. Additional Measures for Whois Accuracy

As a Chinese IDN TLD, it is reasonable to expect that a significant portion of the registrations will come from China. The Registry is therefore committed to harmonize with local requirements and regulations for domain registrations. For users from Mainland China registering a domain through a Mainland Chinese Registrar: If the Registrant is a real person, he⁄she must submit the following information: real name, email, fixed telephone, mobile phone, ID card number, and the valid ID card (two sides) in the form of electronic file (without any manual modification) or the passport (the first page) in the form of electronic file (without any manual modification). If the Registrant is an organization, it must submit the following additional information: valid enterprise business license or other valid qualification certificates in the form of digital photo file (without any manual modification), company address, and the ID card (two sides) or other valid certificates of company’s legal representative or contact in the form of electronic file (without any manual modification). This requirement will be fulfilled by Accredited Registrars operating out of Mainland China and enforced by Chinese regulatory bodies.

Any Registrant information updated by the Registrant shall undergo the same auditing procedures before taking effect. These measures ensures a high level of Whois accuracy and are put in place, especially for mainland China registrations. Because a majority of registrations can be expected to come from China, the Registry expects that this measure would significantly enhance Whois accuracy for the Registry.

4.3 Reactive – Identification
The methods by which abusive behaviour in our TLD may be identified are described below. These include detection by ARI and notification from third parties. These methods serve to merely identify and not determine whether abuse actually exists. Upon identification of abuse, the behaviour will be handled in accordance with ‘4.4 Abuse Handling’.
Any abusive behaviour identified through one of the methods below will, in accordance with Requirement 13 of the BITS Requirements, be notified immediately to relevant Registrars.

4.3.1 Detection – Analysis of Data
ARI will routinely analyse registry data in order to identify abusive domain names by searching for behaviours typically indicative of abuse. The following are examples of the data variables that will serve as indicators of a suspicious domain name and may trigger further action by the ARI Abuse and Compliance Team:
– Unusual Domain Name Registration Practices: practices such as registering hundreds of domains at a time, registering domains which are unusually long or complex or include an obvious series of numbers tied to a random word (abuse40, abuse50, abuse60) may, when considered as a whole, be indicative of abuse.
– Domains or IP addresses identified as members of a Fast Flux Service Network (FFSN): ARI uses the formula developed by the University of Mannheim and tested by participants of the Fast Flux PDP WG to determine members of this list. IP addresses appearing within identified FFSN domains, as either NS or A records shall be added to this list.
– An Unusual Number of Changes to the NS record: the use of fast-flux techniques to disguise the location of web sites or other Internet services, to avoid detection and mitigation efforts, or to host illegal activities is considered abusive in the TLD. Fast flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves. As such an unusual number of changes to the NS record may be indicative of the use of fast-flux techniques given that there is little, if any, legitimate need to change the NS record for a domain name more than a few times a month.
– Results of WhoIs audits: The audits conducted to promote WhoIs accuracy described above are not limited to serving that purpose but may also be used to identify abusive behaviour given the strong correlation between inaccurate WhoIs data and abuse.
– Analysis of cross-validation of registrant WhoIs data against WhoIs data known to be fraudulent.
– Analysis of Domain Names belonging to a registrant subject to action under the Anti-Abuse Policy: in cases where action is taken against a registrant through the application of the Anti-Abuse Policy, we will also investigate other domain names by the same registrant (same name, nameserver IP address, email address, postal address etc).

4.3.2 Abuse Reported by Third Parties
Whilst we are confident in our abilities to detect abusive behaviour in the TLD owing to our robust ongoing monitoring activities, we recognise the value of notification from third parties to identify abuse. To this end, we will incorporate notifications from the following third parties in our efforts to identify abusive behaviour:
– Industry partners through ARI’s participation in industry forums which facilitate the sharing of information.
– LEA through a single abuse point of contact (our Abuse page on the registry website, as discussed in detail below) and an expedited process (described in detail in ‘4.4 Abuse Handling’) specifically for LEA.
– Members of the general public through a single abuse point of contact (our Abuse page on the registry website).

4.3.2.1 Industry Participation and Information Sharing
ARI is a member of the Registry Internet Safety Group (RISG), whose mission is to facilitate data exchange and promulgate best practices to address Internet identity theft, especially phishing and malware distribution. In addition, ARI coordinates with the Anti-Phishing Working Group (APWG) and other DNS abuse organisations and is subscribed to the NXdomain mailing list. ARI’s strong participation in the industry facilitates collaboration with relevant organisations on abuse-related issues and ensures that ARI is responsive to new and emerging domain name abuses.
The information shared as a result of this industry participation will be used to identify domain names registered or used for abusive purposes. Information shared may include a list of registrants known to partake in abusive behaviour in other TLDs. Whilst presence on such lists will not constitute grounds for registrant disqualification, ARI will investigate domain names registered to those listed registrants and take action in accordance with the Anti-Abuse Policy. In addition, information shared regarding practices indicative of abuse will facilitate detection of abuse by our own monitoring activities.

4.3.2.2 Single Abuse Point of Contact on Website
In accordance with section 4.1 of Specification 6 of the Registry Agreement, we will establish a single abuse point of contact (SAPOC) responsible for addressing and providing a timely response to abuse complaints concerning all names registered in the TLD through all Registrars of record, including those involving a reseller. Complaints may be received from members of the general public, other registries, Registrars, LEA, government and quasi-governmental agencies and recognised members of the anti-abuse community.
The SAPOC’s accurate contact details (email and mailing address as well as a primary contact for handling inquiries related to abuse in the TLD) will be provided to ICANN and published on the Abuse page of our registry website, which will also include:
– All public facing policies in relation to the TLD, including the Anti-Abuse Policy.
– A web-based submission service for reporting inaccuracies in WhoIs information.
– Registrant Best Practices.
– Conditions that apply to proxy registration services and direction to the SAPOC to report domain names that violate the conditions.
As such, the SAPOC may receive complaints regarding a range of matters including but not limited to:
– Violations of the Anti-Abuse Policy.
– Inaccurate WhoIs information.
– Violation of the restriction of proxy registration services to individuals.
The SAPOC will be the primary method by which we will receive notification of abusive behaviour from third parties. It must be emphasised that the SAPOC will be the initial point of contact following which other processes will be triggered depending on the identity of the reporting organisation. Accordingly, separate processes for identifying abuse exist for reports by LEA⁄government and quasi-governmental agencies and members of the general public. These processes will be described in turn below.

4.3.2.2.1 Notification by LEA of Abuse
We recognise that LEA, governmental and quasi-governmental agencies may be privy to information beyond the reach of others which may prove critical in the identification of abusive behaviour in our TLD. As such, we will provide an expedited process which serves as a channel of communication for LEA, government and quasi-governmental agencies to, amongst other things, report illegal conduct in connection with the use of the TLD.
The process will involve prioritisation and prompt investigation of reports identifying abuse from those organisations. The steps in the expedited process are summarised as follows:
1. ARI’s Abuse and Compliance Team will identify relevant LEA, government and quasi-governmental agencies who may take part in the expedited process, depending on the mission⁄purpose and jurisdiction of our TLD. A means of verification will be established with each of the identified agencies in order to verify the identity of a reporting agency utilising the expedited process.
2. We will publish contact details on the Abuse page of the registry website for the SAPOC to be utilised by only those taking part in the expedited process.
3. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a ticket in ARI’s case management system (CMS).
4. The identity of the reporting agency will be identified using the established means of verification (ARIʹs Security Policy has strict guidelines regarding the verification of external parties over the telephone). If no means of verification has been established, the report will be immediately escalated to the ARI Abuse and Compliance Team. Results of verification will be recorded against the relevant CMS ticket.
6. Upon verification of the reporting agency, the ARI Service Desk will obtain the details necessary to adequately investigate the report of abusive behaviour in the TLD. This information will be recorded against the relevant CMS ticket.
7. Reports from verified agencies may be provided in the Incident Object Description Exchange Format (IODEF) as defined in RFC 5070. Provision of information in the IODEF will improve our ability to resolve complaints by simplifying collaboration and data sharing.
8. Tickets will then be forwarded to the ARI Abuse and Compliance Team to be dealt with in accordance with ‘4.4 Abuse Handling’.

4.3.2.2.2 Notification by General Public of Abuse
Abusive behaviour in the TLD may also be identified by members of the general public including but not limited to other registries, Registrars or security researchers. The steps in this notification process are summarised as follows:
1. We will publish contact details on the Abuse page of the registry website for the SAPOC (note that these contact details are not the same as those provided for the expedited process).
2. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a CMS ticket.
3. The details of the report identifying abuse will be documented in the CMS ticket using a standard information gathering template.
4. Tickets will be forwarded to the ARI Abuse and Compliance Team, to be dealt with in accordance with ‎‘4.4 Abuse Handling’.

4.4 Abuse Handling
Upon being made aware of abuse in the TLD, whether by ongoing monitoring activities or notification from third parties, the ARI Abuse and Compliance Team will perform the following functions:

4.4.1 Preliminary Assessment and Categorisation
Each report of purported abuse will undergo an initial preliminary assessment by the ARI Abuse and Compliance Team to determine the legitimacy of the report. This step may involve simply visiting the offending website and is intended to weed out spurious reports, and will not involve the in-depth investigation needed to make a determination as to whether the reported behaviour is abusive.
Where the report is assessed as being legitimate, the type of activity reported will be classified as one of the types of abusive behaviour as found in the Anti-Abuse Policy by the application of the definitions provided. In order to make this classification, the ARI Abuse and Compliance Team must establish a clear link between the activity reported and the alleged type of abusive behaviour such that addressing the reported activity will address the abusive behaviour.
While we recognise that each incident of abuse represents a unique security threat and should be mitigated accordingly, we also recognise that prompt action justified by objective criteria are key to ensuring that mitigation efforts are effective. With this in mind, we have categorised the actions that we may take in response to various types of abuse by reference to the severity and immediacy of harm. This categorisation will be applied to each validated report of abuse and actions will be taken in accordance with the table below. It must be emphasised that the actions to mitigate the identified type of abuse in the table are merely intended to provide a rough guideline and may vary upon further investigation.
Category 1
Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware
Mitigation steps:
1. Investigate
2. Notify registrant
Category 2
Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control
Mitigation steps:
1. Suspend domain name
2. Investigate
3. Restore or terminate domain name
The mitigation steps for each category will now be described:

4.4.2 Investigation – Category 1
Types of abusive behaviour that fall into this category include those that represent a low severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in the dissemination of unsolicited information or the publication of illegitimate information. While undesirable, these activities do not generally present such an immediate threat as to justify suspension of the domain name in question. We will contact the registrant to instruct that the breach of the Anti-Abuse Policy be rectified. If the ARI Abuse and Compliance Team’s investigation reveals that the severity or immediacy of harm is greater than originally anticipated, the abusive behaviour will be escalated to Category 2 and mitigated in accordance with the applicable steps. These are described below. The assessment made and actions taken will be recorded against the relevant CMS ticket.

4.4.3 Suspension – Category 2
Types of abusive behaviour that fall into this category include those that represent a medium to high severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in intrusion into other computers’ networks and systems or financial gain by fraudulent means. Following notification of the existence of such behaviours, the ARI Abuse and Compliance Team will suspend the domain name pending further investigation to determine whether the domain name should be restored or cancelled. Cancellation will result if, upon further investigation, the behaviour is determined to be one of the types of abuse defined in the Anti-Abuse Policy. Restoration of the domain name will result where further investigation determines that abusive behaviour, as defined by the Anti-Abuse Policy, does not exist. Due to the higher severity or immediacy of harm attributed to types of abusive behaviour in this category, ARI will, in accordance with their contractual commitment to us in the form of SLA’s, carry out the mitigation response within 24 hours by either restoring or cancelling the domain name. The assessment made and actions taken will be recorded against the relevant CMS ticket.

Phishing is considered to be a serious violation of the Anti-Abuse Policy owing to its fraudulent exploitation of consumer vulnerabilities for the purposes of financial gain. Given the direct relationship between phishing uptime and extent of harm caused, we recognise the urgency required to execute processes that handle phish domain termination in a timely and cost effective manner. Accordingly, the ARI Abuse and Compliance Team will prioritise all reports of phishing from brand owners, anti-phishing providers or otherwise and carry out the appropriate mitigation response within 12 hours in accordance with the SLA’s in place between us and ARI. In addition, since a majority of phish domains are subdomains, we believe it is necessary to ensure that subdomains do not represent an unregulated domain space to which phishers are known to gravitate. Regulation of the subdomain space is achieved by holding the registrant of the parent domain liable for any actions that may occur in relation to subdomains. In reality, this means that where a subdomain determined to be used for phishing is identified, the parent domain may be suspended and possibly cancelled, thus effectively neutralising every subdomain hosted on the parent. In our RRA we will require that Registrars ensure that their Registration Agreements reflect our ability to address phish subdomains in this manner.

4.4.4 Executing LEA Instructions
We understand the importance of our role as a registry operator in addressing consumer vulnerabilities and are cognisant of our obligations to assist LEAs, government and quasi-governmental agencies in the execution of their responsibilities. As such, we will make all reasonable efforts to ensure the integration of these agencies into our processes for the identification and handling of abuse by, amongst other things:
1. Providing expedited channels of communication (discussed above).
2. Notifying LEA of abusive behaviour believed to constitute evidence of a commission of a crime eg distribution of child pornography.
3. Sharing all available information upon request from LEA utilising the expedited process, including results of our investigation.
4. Providing bulk WhoIs information upon request from LEA utilising the expedited process.
5. Acting on instructions from a verified reporting agency.
It is anticipated that these actions will assist agencies in the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties. The relevant agencies are not limited to those enforcing criminal matters but may also include those enforcing civil matters in order to eliminate consumer vulnerabilities.
Upon notification of abusive behaviour by LEA, government or quasi– governmental agencies through the expedited process and verification of the reporting agency, a matter will be immediately communicated to us for our consideration. If we do not instruct ARI to refer the matter to us for our resolution, the CMS ticket will be forwarded to the ARI Abuse and Compliance Team, which will take one of the following actions:
1. The reported behaviour will be subject to preliminary assessment and categorisation as described above. The reported behaviour will then be mitigated based on the results of the categorisation. A report describing the manner in which the notification from the agency was handled will be provided to the agency within 24 hours. This report will be recorded against the relevant CMS ticket.
OR
2. Where specific instructions are received from the reporting agency in the required format, ARI will act in accordance with those instructions provided that they do not result in the contravention of applicable law. ARI will, in accordance with their contractual commitment to us in the form of SLA’s, execute such instructions within 12 hours. The following criteria must be satisfied by the reporting agency at this stage:
a. The request must be made in writing to ARI using a Pro Forma document on the agency’s letterhead. The Pro Forma document will be sent to the verified agency upon request.
b. The Pro Forma document must be delivered to ARI by fax.
c. The Pro Forma document must:
i. Describe in sufficient detail the actions the agency seeks ARI to take.
ii. Provide the domain name⁄s affected.
iii. Certify that the agency is an ‘enforcement body’ for the purposes of the Privacy Act 1988 (Cth) or local equivalent.
iv. Certify that the requested actions are required for the investigation and⁄or enforcement of relevant legislation which must be specified.
v. Certify that the requested actions are necessary for the agency to effectively carry out its functions.
Following prompt execution of the request, a report will be provided to the agency in a timely manner. This report will be recorded against the relevant CMS ticket.
Finally, whilst we do not anticipate the occurrence of a security situation owing to our robust systems and processes deployed to combat abuse, we are aware of the availability of the Expedited Registry Security Request Process to inform ICANN of a present or imminent security situation and to request a contractual waiver for actions we might take or have taken to mitigate or eliminate the security concern.

5 RESOURCES

This function will be performed by ARI. Abuse services are supported by the following departments:

– Abuse and Compliance Team (6 staff)
– Development Team (11 staff)
– Service Desk (14 staff)

A detailed list of the departments, roles and responsibilities in ARI is provided as attachment ‘Q28 – ARI Background & Roles.pdf’. This attachment describes the functions of the above teams and the exact number and nature of staff within.
The number of resources required to design, build, operate and support the SRS does not vary significantly with, and is not linearly proportional to, the number or size of TLDs that ARI provides registry services to.
ARI provides registry backend services to 5 TLDs and has a wealth of experience in estimating the number of resources required to support a registry system.
Based on past experience ARI estimates that the existing staff is adequate to support a registry system that supports in excess of 50M domains. Since this TLD projects 8,779 domains, 0.02% of these resources are allocated to this TLD. See attachment ‘Q28 – Registry Scale Estimates & Resource Allocation.xlsx’ for more information.
ARI protects against loss of critical staff by employing multiple people in each role. Staff members have a primary role plus a secondary role for protection against personnel absence. Additionally ARI can scale resources as required.

ARI’s Anti-Abuse Service serves to prevent and mitigate abusive behaviour in the TLD as well as activities that may infringe trademarks. These responsibilities will be undertaken by three teams. ARI’s Development Team will be responsible for developing the technical platforms and meeting technical requirements needed to implement the procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI’s Abuse and Compliance Team will be responsible for the ongoing implementation of measures to minimise abusive registrations and other activities that have a negative impact on Internet users. ARI’s Service Desk will be responsible for responding to reports of abuse received through the abuse point of contact on the registry’s website and logging these in a ticket in ARI’s case management system.
The responsibilities of these teams relevant to the initial implementation and ongoing maintenance of our measures to minimise abusive registrations and other activities that affect the rights of trademark holders are described in our response to Question 29.
All of the responsibilities undertaken by ARI’s Development Team, Abuse and Compliance Team, and Service Desk are inclusive in ARI’s Managed TLD Registry services fee, which is accounted for as an outsourcing cost in our response to Question 47. The resources needs of these teams have been determined by applying the conservative growth projections for our TLD (which are identified in our response to Question 48) to the team’s responsibilities at start-up and on an ongoing basis.

5.1 ARI Development Team
All tools and systems needed to support the initial and ongoing implementation of measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse will be developed and maintained by ARI. ARI has a software development department dedicated to this purpose which will ensure that the tools are fit for purpose and adjusted as requirements change.
ARI’s Development Team participate actively in the industry; this facilitates collaboration with relevant organisations on abuse related issues and ensures that the ARI Development Team is responsive to new and emerging domain name abuses and the tools and systems required to be built to address these abuses. This team consists of:
– 1 Development Manager
– 2 Business Analysts
– 6 Developers
– 2 Quality Analysts

5.2 ARI Abuse and Compliance Team
ARI’s Abuse and Compliance Team will be staffed by six full-time equivalent positions. These roles will entail the following:
Policy Compliance Officers: A principal responsibility of the Policy Compliance Officers will be handling notifications of abuse through the SAPOC. This will involve managing the expedited process, identifying and categorising suspected abuse according to our Anti-Abuse Policy, and carrying out the appropriate mitigation response for all categorised abuses. When abuse is identified, Policy Compliance Officers will investigate other domain names held by a registrant whose domain name is subject to a mitigation response. They will maintain a list of and disqualify registrants found to have repeatedly engaged in abusive behaviour. They will also be responsible for analysing registry data in search of behaviours indicative of abuse, reviewing industry lists in search of data that may identify abuse in the TLD.
Another key responsibility of Policy Compliance Officers will be implementing measures to promote WhoIs accuracy (including managing and addressing all reports of inaccurate WhoIs information received from the web submission service) and verifying the physical address provided by a registrant against various databases for format and content requirements for the region.
Policy Compliance Officers will act on the instructions of verified LEA and Dispute Resolution Providers and participate in ICANN and industry groups involved in the promulgation of policies and best practices to address abusive behaviour. They will escalate complaints and issues to the Legal Manager when necessary and communicate with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. This role will be provided on a 24⁄7 basis, supported outside of ordinary business hours by ARI’s Service Desk.
Policy Compliance Officers will be required to have the following skills⁄qualifications: customer service⁄fault handling experience, comprehensive knowledge of abusive behaviour in a TLD and related policies, Internet industry knowledge, relevant post-secondary qualification, excellent communication and professional skills, accurate data entry skills, high-level problem solving skills, and high-level computer skills.
Legal Manager: The Legal Manager will be responsible for handling all potential disputes arising in connection with the implementation of ARI’s Anti-Abuse service and related policies. This will involve assessing escalated complaints and issues, liaising with Legal Counsel and the registry operator, resolving disputes and communicating with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. The Legal Manager will be responsible for forwarding all matters requiring determination by the registry operator which fall outside the scope of ARI’s Anti-Abuse functions. The Legal Manager will be required to have the following skills⁄qualifications: legal background (in particular, intellectual property⁄information technology law) or experience with relevant tertiary or post-graduate qualifications, dispute resolution experience, Internet industry experience, strong negotiation skills, excellent communication and professional skills, good computer skills, high-level problem solving skills.
Legal Counsel: A qualified lawyer who will be responsible for all in-house legal advice, including responding to LEA and dealing with abusive behaviour.
The team consists of:
– 4 Policy Compliance Officers
– 1 Legal Manager
– 1 Legal Counsel

5.3 ARI Service Desk
ARI’s Service Desk will be staffed by 14 full-time equivalent positions. Responsibilities of Service Desk relevant to ARI’s Anti-Abuse Service include the following: responding to notifications of abuse through the abuse point of contact and expedited process for LEA, logging notifications as a ticket in ARI’s case management system, notifying us of a report received through the expedited process for LEA, government and quasi-governmental agencies, and forwarding tickets to ARI’s Abuse and Compliance team for resolution in accordance with the Anti-Abuse Policy.
For more information on the skills and responsibilities of these roles please see the in-depth resources section in response to Question 31.
Based on the projections and the experience of ARI, the resources described here are more than sufficient to accommodate the needs of this TLD.
The use of these resources and the services they enable is included in the fees paid to ARI which are described in the financial responses.