Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.appTRI Ventures, Inc.litl.comView
We have engaged ARI Registry Services (ARI) to deliver services for this TLD. ARI provide registry services for a number of TLDs including the .au ccTLD. For more background information on ARI please see the attachment ‘Q28 – ARI Background & Roles.pdf’.

As stated in response to Question 18, TRI Ventures’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. TRI Ventures will implement its draft registration policy as means of abuse prevention and mitigation ** (see end of document).



1 INTRODUCTION

The efforts that will be undertaken in this TLD to minimise abusive registrations and other activities that have a negative impact on Internet users are described below. We will be utilising the Anti-Abuse Service of our managed registry service provider, ARI. This service includes the implementation of our comprehensive Anti-Abuse Policy. This policy, developed in consultation with ARI, clearly defines abusive behaviour and identifies particular types of abusive behaviour and the mitigation response to such behaviour.



2 OVERVIEW

We have engaged ARI to deliver registry services for this TLD. ARI will, owing to their extensive industry experience and established anti-abuse operations, implement and manage on our behalf various procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI will forward to us all matters requiring determination by the registry operator which fall beyond the scope of ARI’s Anti-Abuse Service. This is described below in the context of the implementation of our Anti-Abuse Policy.

Despite utilisation of ARI’s Anti-Abuse Service, we are nonetheless cognisant of our responsibility to minimise abusive registrations and other activities that have a negative impact on Internet users in the TLD. In recognition of this responsibility, we will play an instrumental role in overseeing the implementation of the Anti-Abuse Service by ARI. We will also have contractual commitments in the form of SLA’s in place to ensure that ARI’s delivery of the Anti-Abuse Service is aligned with our strong commitment to minimise abuse in our TLD.

That strong commitment is further demonstrated by our adoption of many of the requirements proposed in the ‘2011 Proposed Security, Stability and Resiliency Requirements for Financial TLDs’ (at http:⁄⁄www.icann.org⁄en⁄news⁄correspondence⁄aba-bits-to-beckstrom-crocker-20dec11-en.pdf) (the ‘BITS Requirements). We acknowledge that these requirements were developed by the financial services sector in relation to financial TLDs, but nevertheless believe that their adoption in this TLD (which is not financial-related) results in a more robust approach to combating abuse.

Consistent with Requirement 6 of the BITS Requirements, we will certify to ICANN on an annual basis our compliance with our Registry Agreement.

Please note that the various policies and practices that we have implemented to minimise abusive registrations and other activities that affect the rights of trademark holders are specifically described in our response to Question 29.



3 POLICY

In consultation with ARI we have developed a comprehensive Anti-Abuse Policy, which is the main instrument that captures our strategy in relation to abuse in the TLD.


3.1 DEFINITION OF ABUSE

Abusive behaviour in a TLD may relate to the core domain name-related activities performed by Registrars and registries including, but not limited to:
– The allocation of registered domain names.

– The maintenance of and access to registration information.

– The transfer, deletion, and reallocation of domain names.

– The manner in which the registrant uses the domain name upon creation.


Challenges arise in attempting to define abusive behaviour in the TLD due to its broad scope. Defining abusive behaviour by reference to the stage in the domain name lifecycle in which the behaviour occurs presents difficulty given that a particular type of abuse may occur at various stages of the life cycle.
With this in mind, ARI has fully adopted the definition of abuse developed by the Registration Abuse Policies Working Group (Registration Abuse Policies Working Group Final Report 2010, at http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), which does not focus on any particular stage in the domain name life cycle.


Abusive behaviour in a TLD may be defined as an action that:

– causes actual and substantial harm, or is a material predicate of such harm.

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


In applying this definition the following must be noted:

1. The party or parties harmed, and the severity and immediacy of the abuse, should be identified in relation to the specific alleged abuse.

2. The term ʺharmʺ is not intended to shield a party from fair market competition.

3. A predicate is a related action or enabler. There must be a clear link between the predicate and the abuse, and justification enough to address the abuse by addressing the predicate (enabling action).


For example, WhoIs data can be used in ways that cause harm to domain name registrants, intellectual property (IP) rights holders and Internet users. Harmful actions may include the generation of spam, the abuse of personal data, IP infringement, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences. Examples of predicates to these harmful actions are automated email harvesting, domain name registration by proxy⁄privacy services to aid wrongful activity, support of false or misleading registrant data, and the use of WhoIs data to develop large email lists for commercial purposes. The misuse of WhoIs data is therefore considered abusive because it is contrary to the intention and design of the stated legitimate purpose of WhoIs data.



3.2 AIMS AND OVERVIEW OF OUR ANTI-ABUSE POLICY

Our Anti-Abuse Policy will put registrants on notice of the ways in which we will identify and respond to abuse and serve as a deterrent to those seeking to register and use domain names for abusive purposes. The policy will be made easily accessible on the Abuse page of our registry website which will be accessible and have clear links from the home page along with FAQs and contact information for reporting abuse.


Consistent with Requirements 15 and 16 of the BITS Requirements, our policy:

– Defines abusive behaviour in our TLD.

– Identifies types of actions that constitute abusive behaviour, consistent with our adoption of the RAPWG definition of ‘abuse’.

– Classifies abusive behaviours based on the severity and immediacy of the harm caused.

– Identifies how abusive behaviour can be notified to us and the steps that we will take to determine whether the notified behaviour is abusive.

– Identifies the actions that we may take in response to behaviour determined to be abusive.

Our RRA will oblige all Registrars to do the following in relation to the Anti-Abuse Policy:

– comply with the Anti-Abuse Policy; and

– include in their registration agreement with each registrant an obligation for registrants to comply with the Anti-Abuse Policy and each of the following requirements:

‘operational standards, policies, procedures, and practices for the TLD established from time to time by the registry operator in a non-arbitrary manner and applicable to all Registrars, including affiliates of the registry operator, and consistent with ICANNʹs standards, policies, procedures, and practices and the registry operator’s Registry Agreement with ICANN. Additional or revised registry operator operational standards, policies, procedures, and practices for the TLD shall be effective upon thirty days notice by the registry operator to the Registrar. If there is a discrepancy between the terms required by this Agreement and the terms of the Registrar’s registration agreement, the terms of this Agreement shall supersede those of the Registrar’s registration agreement’.


Our RRA will additionally incorporate the following BITS Requirements:

– Requirement 7: Registrars must certify annually to ICANN and us compliance with ICANN’s Registrar Accreditation Agreement (RAA) our Registry-Registrar Agreement (RRA).

– Requirement 9: Registrars must provide and maintain valid primary contact information (name, email address, and phone number) on their website.

– Requirement 14: Registrars must notify us immediately regarding any investigation or compliance action, including the nature of the investigation or compliance action by ICANN or any outside party (eg law enforcement, etc.) along with the TLD impacted.

– Requirement 19: Registrars must disclose registration requirements on their website.
We will re-validate our RRAs at least annually, consistent with Requirement 10.



3.3 ANTI-ABUSE POLICY

Our Anti-Abuse Policy is as follows:


ANTI-ABUSE POLICY

INTRODUCTION:
The abusive registration and use of domain names in the TLD is not tolerated given that the inherent nature of such abuses creates security and stability issues for all participants in the Internet environment.


Definition of Abusive Behaviour:
Abusive behaviour is an action that:

– causes actual and substantial harm, or is a material predicate of such harm; or

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


A ‘predicate’ is an action or enabler of harm.
‘Material’ means that something is consequential or significant.

Examples of abusive behaviour falling within this definition:

– Spam: the use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.

– Phishing: the use of a fraudulently presented web site to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Pharming: the redirecting of unknowing users to fraudulent web sites or services, typically through DNS hijacking or poisoning, in order to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Wilful distribution of malware: the dissemination of software designed to infiltrate or cause damage to devices or to collect confidential data from users without the owner’s informed consent.

– Fast Flux hosting: the use of DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves in order to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast flux hosting may only be used with prior permission of the registry operator.

– Botnet command and control: the development and use of a command, agent, motor, service or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.

– Distribution of child pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

– Illegal access to other computers or networks: the illegal accessing of computers, accounts, or networks belonging to another party, or attempt to penetrate security measures of another individual’s system (hacking). Also, any activity that might be used as a precursor to an attempted system penetration.



DETECTION OF ABUSIVE BEHAVIOUR:


Abusive behaviour in the TLD may be detected in the following ways:

– By us through our on-going monitoring activities and industry participation.

– By third parties (general public, law enforcement, government agencies, industry partners) through notification submitted to the abuse point of contact on our website, or industry alerts.

Reports of abusive behaviour will be notified immediately to the Registrar of record.



HANDLING OF ABUSIVE BEHAVIOUR:

When abusive behaviour is detected in our TLD through notification by a third party, a preliminary assessment will be performed in order to determine whether the notification is legitimately made. Applying the definitions of types of abusive behaviours identified in this policy, we will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to registrants and Internet users. These categories are provided below and are defined by reference to the action that may be taken by us. The examples of types of abusive behaviour falling within each category are illustrative only.


Category 1:

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware


Mitigation steps:

1. Investigate
2. Notify registrant


Category 2:

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name

2. Investigate

3. Restore or terminate domain name


In the event that we receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, our mitigation steps will be in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, we will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime, eg distribution of child pornography.

Note that these expected actions are intended to provide a guide to our response to abusive behaviour rather than any guarantee that a particular action will be taken.
The identification of abusive behaviour in the TLD, as defined above, shall give us the right, but not the obligation, to take such actions in accordance with the following text in the RRA, which provides that the registry operator:

‘reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, or instruct Registrars to take such an action as we deem necessary in our discretion to;

1. protect the integrity and stability of the registry;

2. comply with any applicable laws, government rules or requirements, requests of law enforcement, or dispute resolution process;

3. avoid any liability, civil or criminal, on the part of the registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees, per the terms of the registration agreement; and

4. correct mistakes made by the registry operator or any Registrar in connection with a domain name registration.


We reserve the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

We also reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrars only and not Resellers may offer proxy registration services to private individuals using the domain name for non-commercial purposes.

We may amend or otherwise modify this policy to keep abreast of changes in consensus policy or new and emerging types of abusive behaviour in the Internet.
Registrar’s failure to comply with this Anti-Abuse Policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to us under the RRA.



4 ABUSE PREVENTION AND MITIGATION

This section describes the implementation of our abuse related processes regarding:

– Building awareness of the Anti-Abuse Policy.

– Mitigating the potential for abusive behaviour.

– Identifying abusive behaviour.

– Handling abusive behaviour.



4.1. AWARENESS OF POLICY

The Anti-Abuse Policy will be published on the Abuse page of our registry website, which will be accessible and have clear links from the home page. In addition, the URL to the Abuse page will be included in all email correspondence to the registrant, thereby placing all registrants on notice of the applicability of the Anti-Abuse Policy to all domain names registered in our TLD. The Abuse page will, consistent with Requirement 8 of the BITS Requirements, provide registry contact information (name, email address, and phone number) to enable the public to communicate with us about TLD policies. The Abuse page will emphasise and evidence our commitment to combating abusive registrations by clearly identifying what our policy on abuse is and what effect our implementation of the policy may have on registrants. We anticipate that this clear message, which communicates our commitment to combating abusive registrations, will serve to minimise abusive registrations in our TLD.



4.2 PRE-EMPTIVE – MITIGATING OF THE POTENTIAL FOR ABUSE

The following practices and procedures will be adopted to mitigate the potential for abusive behaviour in our TLD.



4.2.1 ICANN PRESCRIBED MEASURES

In accordance with our obligations as a registry operator, we will comply with all requirements in the ‘gTLD Applicant Guidebook’. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the TLD:

– DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy-to-use manner in order to facilitate deployment by registrants. DNSSEC deployment is further discussed in the context of our response to Question 43.

– Prohibition on Wild Carding as required by section 2.2 of Specification 6 of the Registry Agreement.

– Removal of Orphan Glue records (discussed below in ‎‘4.2.8 Orphan Glue Record Management’).



4.2.2 INCREASING REGISTRANT SECURITY AWARENESS

In accordance with our commitment to operating a secure and reliable TLD, we will attempt to improve registrant awareness of the threats of domain name hijacking, registrant impersonation and fraud, and emphasise the need for and responsibility of registrants to keep registration (including WhoIs) information accurate. Awareness will be raised by:

– Publishing the necessary information on the Abuse page of our registry website in the form of videos, presentations and FAQ’s.

– Developing and providing to registrants and resellers Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse when the uniqueness property of this domain name password is not preserved.

The increase in awareness renders registrants less susceptible to attacks on their domain names owing to the adoption of the recommended best practices thus serving to mitigate the potential for abuse in the TLD. The clear responsibility on registrants to provide and maintain accurate registration information (including WhoIs) further serves to minimise the potential for abusive registrations in the TLD.



4.2.3 MITIGATING THE POTENTIAL FOR ABUSIVE REGISTRATIONS THAT AFFECT THE LEGAL RIGHTS OF OTHERS

Many of the examples of abusive behaviour identified in our Anti-Abuse Policy may affect the rights of trademark holders. While our Anti-Abuse Policy addresses abusive behaviour in a general sense, we have additionally developed specific policies and procedures to combat behaviours that affect the rights of trademark holders at start-up and on an ongoing basis. These include the implementation of a trademark claims service and a sunrise registration service at start-up and implementation of the UDRP, URS and PDDRP on an ongoing basis. The implementation of these policies and procedures serves to mitigate the potential for abuse in the TLD by ensuring that domain names are allocated to those who hold a corresponding trademark.

These policies and procedures are described in detail in our response to Question 29.


4.2.4 SAFEGUARDS AGAINST ALLOWING FOR UNQUALIFIED REGISTRATIONS

The eligibility restrictions for this TLD are outlined in our response to Question 18.

Eligibility restrictions will be implemented contractually through our RRA, which will require Registrars to include the following in their Registration Agreements:

– Registrant warrants that it satisfies eligibility requirements.

Where applicable, eligibility restrictions will be enforced through the adoption of the Charter Eligibility Dispute Resolution Policy or a similar policy, and Registrars will be obliged to require in their registration agreements that registrants agree to be bound by such policy and acknowledge that a registration may be cancelled in the event that a challenge against it under such policy is successful.

Providing an administrative process for enforcing eligibility criteria and taking action when notified of eligibility violations mitigates the potential for abuse. This is achieved through the risk of cancellation in the event that it is determined in a challenge procedure that eligibility criteria are not satisfied.



4.2.5 REGISTRANT DISQUALIFICATION

As specified in our Anti-Abuse Policy, we reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrants, their agents or affiliates found through the application of our Anti-Abuse Policy to have repeatedly engaged in abusive registration will be disqualified from maintaining any registrations or making future registrations. This will be triggered when our records indicate that a registrant has had action taken against it an unusual number of times through the application of our Anti-Abuse Policy. Registrant disqualification provides an additional disincentive for qualified registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.

In addition, nameservers that are found to be associated only with fraudulent registrations will be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.
The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to partake in such behaviour from registering domain names.



4.2.6 RESTRICTIONS ON PROXY REGISTRATION SERVICES

Whilst it is understood that implementing measures to promote WhoIs accuracy is necessary to ensure that the registrant may be tracked down, it is recognised that some registrants may wish to utilise a proxy registration service to protect their privacy. In the event that Registrars elect to offer such services, the following conditions apply:

– Proxy registration services may only be offered by Registrars and NOT resellers.

– Registrars must ensure that the actual WhoIs data is obtained from the registrant and must maintain accurate records of such data.

– Registrars must provide Law Enforcement Agencies (LEA) with the actual WhoIs data upon receipt of a verified request.

– Proxy registration services may only be made available to private individuals using the domain name for non-commercial purposes.


These conditions will be implemented contractually by inclusion of corresponding clauses in the RRA as well as being published on the Abuse page of our registry website. Individuals and organisations will be encouraged through our Abuse page to report any domain names they believe violate the above restrictions, following which appropriate action may be taken by us. Publication of these conditions on the Abuse page of our registry website ensures that registrants are aware that despite utilisation of a proxy registration service, actual WhoIs information will be provided to LEA upon request in order to hold registrants liable for all actions in relation to their domain name. The certainty that WhoIs information relating to domain names which draw the attention of LEA will be disclosed results in the TLD being less attractive to those seeking to register domain names for abusive purposes, thus mitigating the potential for abuse in the TLD.



4.2.7 REGISTRY LOCK

Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst we will take efforts to promote the awareness of security amongst registrants, it is recognised that an added level of security may be provided to registrants by ‘registry locking’ the domain name thereby prohibiting any updates at the registry operator level. The registry lock service will be offered to all Registrars who may request this service on behalf of their registrants in order to prevent unintentional transfer, modification or deletion of the domain name. This service mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission-critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.


Upon receipt of a list of domain names to be placed on registry lock by an authorised representative from a Registrar, ARI will:

1. Validate that the Registrar is the Registrar of record for the domain names.

2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.

3. Record the status of the domain name in the Shared Registration System (SRS).

4. Provide a monthly report to Registrars indicating the names for which the registry lock service was provided in the previous month.



4.2.8 ORPHAN GLUE RECORD MANAGEMENT

The ARI registry SRS database does not allow orphan records. Glue records are removed when the delegation point NS record is removed. Other domains that need the glue record for correct DNS operation may become unreachable or less reachable depending on their overall DNS service architecture. It is the registrant’s responsibility to ensure that their domain name does not rely on a glue record that has been removed and that it is delegated to a valid nameserver. The removal of glue records upon removal of the delegation point NS record mitigates the potential for use of orphan glue records in an abusive manner.



4.2.9 PROMOTING WHOIS ACCURACY

Inaccurate WhoIs information significantly hampers the ability to enforce policies in relation to abuse in the TLD by allowing the registrant to remain anonymous. In addition, LEAs rely on the integrity and accuracy of WhoIs information in their investigative processes to identify and locate wrongdoers. In recognition of this, we will implement a range of measures to promote the accuracy of WhoIs information in our TLD including:

– Random monthly audits: registrants of randomly selected domain names are contacted by telephone using the provided WhoIs information by a member of the ARI Abuse and Compliance Team in order to verify all WhoIs information. Where the registrant is not contactable by telephone, alternative contact details (email, postal address) will be used to contact the registrant, who must then provide a contact number that is verified by the member of the ARI Policy Compliance team. In the event that the registrant is not able to be contacted by any of the methods provided in WhoIs, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt (based on the premise that a failure to respond is indicative of inaccurate WhoIs information and is grounds for terminating the registration agreement).

– Semi-annual audits: to identify incomplete WhoIs information. Registrants will be contacted using provided WhoIs information and requested to provide missing information. In the event that the registrant fails to provide missing information as requested, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt.

– Email reminders: to update WhoIs information to be sent to registrants every 6 months.

– Reporting system: a web-based submission service for reporting WhoIs accuracy issues available on the Abuse page of our registry website.

– Analysis of registry data: to identify patterns and correlations indicative of inaccurate WhoIs (eg repetitive use of fraudulent details).

Registrants will continually be made aware, through the registry website and email reminders, of their responsibility to provide and maintain accurate WhoIs information and the ramifications of a failure to do so or respond to requests to do so, including termination of the Registration Agreement.

The measures to promote WhoIs accuracy described above strike a balance between the need to maintain the integrity of the WhoIs service, which facilitates the identification of those taking part in illegal or fraudulent behaviour, and the operating practices of the registry operator and Registrars, which aim to offer domain names to registrants in an efficient and timely manner.

Awareness by registrants that we will actively take steps to maintain the accuracy of WhoIs information mitigates the potential for abuse in the TLD by discouraging abusive behaviour given that registrants may be identified, located and held liable for all actions in relation to their domain name.



4.3 REACTIVE – IDENTIFICATION

The methods by which abusive behaviour in our TLD may be identified are described below. These include detection by ARI and notification from third parties. These methods serve to merely identify and not determine whether abuse actually exists. Upon identification of abuse, the behaviour will be handled in accordance with ‘4.4 Abuse Handling’.

Any abusive behaviour identified through one of the methods below will, in accordance with Requirement 13 of the BITS Requirements, be notified immediately to relevant Registrars.



4.3.1 DETECTION – ANALYSIS OF DATA

ARI will routinely analyse registry data in order to identify abusive domain names by searching for behaviours typically indicative of abuse. The following are examples of the data variables that will serve as indicators of a suspicious domain name and may trigger further action by the ARI Abuse and Compliance Team:

– Unusual Domain Name Registration Practices: practices such as registering hundreds of domains at a time, registering domains which are unusually long or complex or include an obvious series of numbers tied to a random word (abuse40, abuse50, abuse60) may, when considered as a whole, be indicative of abuse.

– Domains or IP addresses identified as members of a Fast Flux Service Network (FFSN): ARI uses the formula developed by the University of Mannheim and tested by participants of the Fast Flux PDP WG to determine members of this list. IP addresses appearing within identified FFSN domains, as either NS or A records shall be added to this list.

– An Unusual Number of Changes to the NS record: the use of fast-flux techniques to disguise the location of web sites or other Internet services, to avoid detection and mitigation efforts, or to host illegal activities is considered abusive in the TLD. Fast flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves. As such an unusual number of changes to the NS record may be indicative of the use of fast-flux techniques given that there is little, if any, legitimate need to change the NS record for a domain name more than a few times a month.

– Results of WhoIs audits: The audits conducted to promote WhoIs accuracy described above are not limited to serving that purpose but may also be used to identify abusive behaviour given the strong correlation between inaccurate WhoIs data and abuse.

– Analysis of cross-validation of registrant WhoIs data against WhoIs data known to be fraudulent.

– Analysis of Domain Names belonging to a registrant subject to action under the Anti-Abuse Policy: in cases where action is taken against a registrant through the application of the Anti-Abuse Policy, we will also investigate other domain names by the same registrant (same name, nameserver IP address, email address, postal address etc).



4.3.2 ABUSE REPORTED BY THIRD PARTIES

Whilst we are confident in our abilities to detect abusive behaviour in the TLD owing to our robust ongoing monitoring activities, we recognise the value of notification from third parties to identify abuse. To this end, we will incorporate notifications from the following third parties in our efforts to identify abusive behaviour:

– Industry partners through ARI’s participation in industry forums which facilitate the sharing of information.

– LEA through a single abuse point of contact (our Abuse page on the registry website, as discussed in detail below) and an expedited process (described in detail in ‘4.4 Abuse Handling’) specifically for LEA.

– Members of the general public through a single abuse point of contact (our Abuse page on the registry website).



4.3.2.1 INDUSTRY PARTICIPATION AND INFORMATION SHARING

ARI is a member of the Registry Internet Safety Group (RISG), whose mission is to facilitate data exchange and promulgate best practices to address Internet identity theft, especially phishing and malware distribution. In addition, ARI coordinates with the Anti-Phishing Working Group (APWG) and other DNS abuse organisations and is subscribed to the NXdomain mailing list. ARI’s strong participation in the industry facilitates collaboration with relevant organisations on abuse-related issues and ensures that ARI is responsive to new and emerging domain name abuses.
The information shared as a result of this industry participation will be used to identify domain names registered or used for abusive purposes. Information shared may include a list of registrants known to partake in abusive behaviour in other TLDs. Whilst presence on such lists will not constitute grounds for registrant disqualification, ARI will investigate domain names registered to those listed registrants and take action in accordance with the Anti-Abuse Policy. In addition, information shared regarding practices indicative of abuse will facilitate detection of abuse by our own monitoring activities.



4.3.2.2 SINGLE ABUSE POINT OF CONTACT ON WEBSITE

In accordance with section 4.1 of Specification 6 of the Registry Agreement, we will establish a single abuse point of contact (SAPOC) responsible for addressing and providing a timely response to abuse complaints concerning all names registered in the TLD through all Registrars of record, including those involving a reseller. Complaints may be received from members of the general public, other registries, Registrars, LEA, government and quasi-governmental agencies and recognised members of the anti-abuse community.

The SAPOC’s accurate contact details (email and mailing address as well as a primary contact for handling inquiries related to abuse in the TLD) will be provided to ICANN and published on the Abuse page of our registry website, which will also include:

– All public facing policies in relation to the TLD, including the Anti-Abuse Policy.

– A web-based submission service for reporting inaccuracies in WhoIs information.

– Registrant Best Practices.

– Conditions that apply to proxy registration services and direction to the SAPOC to report domain names that violate the conditions.


As such, the SAPOC may receive complaints regarding a range of matters including but not limited to:

– Violations of the Anti-Abuse Policy.

– Inaccurate WhoIs information.

– Violation of the restriction of proxy registration services to individuals.


The SAPOC will be the primary method by which we will receive notification of abusive behaviour from third parties. It must be emphasised that the SAPOC will be the initial point of contact following which other processes will be triggered depending on the identity of the reporting organisation. Accordingly, separate processes for identifying abuse exist for reports by LEA⁄government and quasi-governmental agencies and members of the general public. These processes will be described in turn below.



4.3.2.2.1 NOTIFICATION BY LEA OF ABUSE

We recognise that LEA, governmental and quasi-governmental agencies may be privy to information beyond the reach of others which may prove critical in the identification of abusive behaviour in our TLD. As such, we will provide an expedited process which serves as a channel of communication for LEA, government and quasi-governmental agencies to, amongst other things, report illegal conduct in connection with the use of the TLD.

The process will involve prioritisation and prompt investigation of reports identifying abuse from those organisations. The steps in the expedited process are summarised as follows:

1. ARI’s Abuse and Compliance Team will identify relevant LEA, government and quasi-governmental agencies who may take part in the expedited process, depending on the mission⁄purpose and jurisdiction of our TLD. A means of verification will be established with each of the identified agencies in order to verify the identity of a reporting agency utilising the expedited process.

2. We will publish contact details on the Abuse page of the registry website for the SAPOC to be utilised by only those taking part in the expedited process.

3. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a ticket in ARI’s case management system (CMS).

4. The identity of the reporting agency will be identified using the established means of verification (ARIʹs Security Policy has strict guidelines regarding the verification of external parties over the telephone). If no means of verification has been established, the report will be immediately escalated to the ARI Abuse and Compliance Team. Results of verification will be recorded against the relevant CMS ticket.

5. Upon verification of the reporting agency, the ARI Service Desk will obtain the details necessary to adequately investigate the report of abusive behaviour in the TLD. This information will be recorded against the relevant CMS ticket.

6. Reports from verified agencies may be provided in the Incident Object Description Exchange Format (IODEF) as defined in RFC 5070. Provision of information in the IODEF will improve our ability to resolve complaints by simplifying collaboration and data sharing.

7. Tickets will then be forwarded to the ARI Abuse and Compliance Team to be dealt with in accordance with ‘4.4 Abuse Handling’.



4.3.2.2.2 NOTIFICATION BY GENERAL PUBLIC OF ABUSE

Abusive behaviour in the TLD may also be identified by members of the general public including but not limited to other registries, Registrars or security researchers. The steps in this notification process are summarised as follows:

1. We will publish contact details on the Abuse page of the registry website for the SAPOC (note that these contact details are not the same as those provided for the expedited process).

2. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a CMS ticket.

3. The details of the report identifying abuse will be documented in the CMS ticket using a standard information gathering template.

4. Tickets will be forwarded to the ARI Abuse and Compliance Team, to be dealt with in accordance with ‎‘4.4 Abuse Handling’.



4.4 ABUSE HANDLING

Upon being made aware of abuse in the TLD, whether by ongoing monitoring activities or notification from third parties, the ARI Abuse and Compliance Team will perform the following functions:



4.4.1 PRELIMINARY ASSESSMENT AND CATEGORISATION

Each report of purported abuse will undergo an initial preliminary assessment by the ARI Abuse and Compliance Team to determine the legitimacy of the report. This step may involve simply visiting the offending website and is intended to weed out spurious reports, and will not involve the in-depth investigation needed to make a determination as to whether the reported behaviour is abusive.
Where the report is assessed as being legitimate, the type of activity reported will be classified as one of the types of abusive behaviour as found in the Anti-Abuse Policy by the application of the definitions provided. In order to make this classification, the ARI Abuse and Compliance Team must establish a clear link between the activity reported and the alleged type of abusive behaviour such that addressing the reported activity will address the abusive behaviour.

While we recognise that each incident of abuse represents a unique security threat and should be mitigated accordingly, we also recognise that prompt action justified by objective criteria are key to ensuring that mitigation efforts are effective. With this in mind, we have categorised the actions that we may take in response to various types of abuse by reference to the severity and immediacy of harm. This categorisation will be applied to each validated report of abuse and actions will be taken in accordance with the table below. It must be emphasised that the actions to mitigate the identified type of abuse in the table are merely intended to provide a rough guideline and may vary upon further investigation.


Category 1

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware

Mitigation steps:

1. Investigate
2. Notify registrant


Category 2

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name
2. Investigate
3. Restore or terminate domain name
The mitigation steps for each category will now be described:



4.4.2 INVESTIGATION – CATEGORY 1

Types of abusive behaviour that fall into this category include those that represent a low severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in the dissemination of unsolicited information or the publication of illegitimate information. While undesirable, these activities do not generally present such an immediate threat as to justify suspension of the domain name in question. We will contact the registrant to instruct that the breach of the Anti-Abuse Policy be rectified. If the ARI Abuse and Compliance Team’s investigation reveals that the severity or immediacy of harm is greater than originally anticipated, the abusive behaviour will be escalated to Category 2 and mitigated in accordance with the applicable steps. These are described below. The assessment made and actions taken will be recorded against the relevant CMS ticket.



4.4.3 SUSPENSION – CATEGORY 2

Types of abusive behaviour that fall into this category include those that represent a medium to high severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in intrusion into other computers’ networks and systems or financial gain by fraudulent means. Following notification of the existence of such behaviours, the ARI Abuse and Compliance Team will suspend the domain name pending further investigation to determine whether the domain name should be restored or cancelled. Cancellation will result if, upon further investigation, the behaviour is determined to be one of the types of abuse defined in the Anti-Abuse Policy. Restoration of the domain name will result where further investigation determines that abusive behaviour, as defined by the Anti-Abuse Policy, does not exist. Due to the higher severity or immediacy of harm attributed to types of abusive behaviour in this category, ARI will, in accordance with their contractual commitment to us in the form of SLA’s, carry out the mitigation response within 24 hours by either restoring or cancelling the domain name. The assessment made and actions taken will be recorded against the relevant CMS ticket.

Phishing is considered to be a serious violation of the Anti-Abuse Policy owing to its fraudulent exploitation of consumer vulnerabilities for the purposes of financial gain. Given the direct relationship between phishing uptime and extent of harm caused, we recognise the urgency required to execute processes that handle phish domain termination in a timely and cost effective manner. Accordingly, the ARI Abuse and Compliance Team will prioritise all reports of phishing from brand owners, anti-phishing providers or otherwise and carry out the appropriate mitigation response within 12 hours in accordance with the SLA’s in place between us and ARI. In addition, since a majority of phish domains are subdomains, we believe it is necessary to ensure that subdomains do not represent an unregulated domain space to which phishers are known to gravitate. Regulation of the subdomain space is achieved by holding the registrant of the parent domain liable for any actions that may occur in relation to subdomains. In reality, this means that where a subdomain determined to be used for phishing is identified, the parent domain may be suspended and possibly cancelled, thus effectively neutralising every subdomain hosted on the parent. In our RRA we will require that Registrars ensure that their Registration Agreements reflect our ability to address phish subdomains in this manner.



4.4.4 EXECUTING LEA INSTRUCTIONS

We understand the importance of our role as a registry operator in addressing consumer vulnerabilities and are cognisant of our obligations to assist LEAs, government and quasi-governmental agencies in the execution of their responsibilities. As such, we will make all reasonable efforts to ensure the integration of these agencies into our processes for the identification and handling of abuse by, amongst other things:

1. Providing expedited channels of communication (discussed above).

2. Notifying LEA of abusive behaviour believed to constitute evidence of a commission of a crime eg distribution of child pornography.

3. Sharing all available information upon request from LEA utilising the expedited process, including results of our investigation.

4. Providing bulk WhoIs information upon request from LEA utilising the expedited process.

5. Acting on instructions from a verified reporting agency.
It is anticipated that these actions will assist agencies in the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties. The relevant agencies are not limited to those enforcing criminal matters but may also include those enforcing civil matters in order to eliminate consumer vulnerabilities.


Upon notification of abusive behaviour by LEA, government or quasi– governmental agencies through the expedited process and verification of the reporting agency, a matter will be immediately communicated to us for our consideration. If we do not instruct ARI to refer the matter to us for our resolution, the CMS ticket will be forwarded to the ARI Abuse and Compliance Team, which will take one of the following actions:

1. The reported behaviour will be subject to preliminary assessment and categorisation as described above. The reported behaviour will then be mitigated based on the results of the categorisation. A report describing the manner in which the notification from the agency was handled will be provided to the agency within 24 hours. This report will be recorded against the relevant CMS ticket.
OR

2. Where specific instructions are received from the reporting agency in the required format, ARI will act in accordance with those instructions provided that they do not result in the contravention of applicable law. ARI will, in accordance with their contractual commitment to us in the form of SLA’s, execute such instructions within 12 hours. The following criteria must be satisfied by the reporting agency at this stage:
a. The request must be made in writing to ARI using a Pro Forma document on the agency’s letterhead. The Pro Forma document will be sent to the verified agency upon request.
b. The Pro Forma document must be delivered to ARI by fax.
c. The Pro Forma document must:
i. Describe in sufficient detail the actions the agency seeks ARI to take.
ii. Provide the domain name⁄s affected.
iii. Certify that the agency is an ‘enforcement body’ for the purposes of the Privacy Act 1988 (Cth) or local equivalent.
iv. Certify that the requested actions are required for the investigation and⁄or enforcement of relevant legislation which must be specified.
v. Certify that the requested actions are necessary for the agency to effectively carry out its functions.

Following prompt execution of the request, a report will be provided to the agency in a timely manner. This report will be recorded against the relevant CMS ticket.
Finally, whilst we do not anticipate the occurrence of a security situation owing to our robust systems and processes deployed to combat abuse, we are aware of the availability of the Expedited Registry Security Request Process to inform ICANN of a present or imminent security situation and to request a contractual waiver for actions we might take or have taken to mitigate or eliminate the security concern.



5 RESOURCES

This function will be performed by ARI. Abuse services are supported by the following departments:

– Abuse and Compliance Team (6 staff)

– Development Team (11 staff)

– Service Desk (14 staff)


A detailed list of the departments, roles and responsibilities in ARI is provided as attachment ‘Q28 – ARI Background & Roles.pdf’. This attachment describes the functions of the above teams and the exact number and nature of staff within.
The number of resources required to design, build, operate and support the SRS does not vary significantly with, and is not linearly proportional to, the number or size of TLDs that ARI provides registry services to.

ARI provides registry backend services to 5 TLDs and has a wealth of experience in estimating the number of resources required to support a registry system.
Based on past experience ARI estimates that the existing staff is adequate to support a registry system that supports in excess of 50M domains. Since this TLD projects 3,664 domains, 0.01% of these resources are allocated to this TLD. See attachment ‘Q28 – Registry Scale Estimates & Resource Allocation.xlsx’ for more information.

ARI protects against loss of critical staff by employing multiple people in each role. Staff members have a primary role plus a secondary role for protection against personnel absence. Additionally ARI can scale resources as required.

ARI’s Anti-Abuse Service serves to prevent and mitigate abusive behaviour in the TLD as well as activities that may infringe trademarks. These responsibilities will be undertaken by three teams. ARI’s Development Team will be responsible for developing the technical platforms and meeting technical requirements needed to implement the procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI’s Abuse and Compliance Team will be responsible for the ongoing implementation of measures to minimise abusive registrations and other activities that have a negative impact on Internet users. ARI’s Service Desk will be responsible for responding to reports of abuse received through the abuse point of contact on the registry’s website and logging these in a ticket in ARI’s case management system.

The responsibilities of these teams relevant to the initial implementation and ongoing maintenance of our measures to minimise abusive registrations and other activities that affect the rights of trademark holders are described in our response to Question 29.

All of the responsibilities undertaken by ARI’s Development Team, Abuse and Compliance Team, and Service Desk are inclusive in ARI’s Managed TLD Registry services fee, which is accounted for as an outsourcing cost in our response to Question 47. The resources needs of these teams have been determined by applying the conservative growth projections for our TLD (which are identified in our response to Question 48) to the team’s responsibilities at start-up and on an ongoing basis.



5.1 ARI DEVELOPMENT TEAM

All tools and systems needed to support the initial and ongoing implementation of measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse will be developed and maintained by ARI. ARI has a software development department dedicated to this purpose which will ensure that the tools are fit for purpose and adjusted as requirements change.

ARI’s Development Team participate actively in the industry; this facilitates collaboration with relevant organisations on abuse related issues and ensures that the ARI Development Team is responsive to new and emerging domain name abuses and the tools and systems required to be built to address these abuses. This team consists of:

– 1 Development Manager

– 2 Business Analysts

– 6 Developers

– 2 Quality Analysts



5.2 ARI ABUSE AND COMPLIANCE TEAM

ARI’s Abuse and Compliance Team will be staffed by six full-time equivalent positions. These roles will entail the following:

Policy Compliance Officers: A principal responsibility of the Policy Compliance Officers will be handling notifications of abuse through the SAPOC. This will involve managing the expedited process, identifying and categorising suspected abuse according to our Anti-Abuse Policy, and carrying out the appropriate mitigation response for all categorised abuses. When abuse is identified, Policy Compliance Officers will investigate other domain names held by a registrant whose domain name is subject to a mitigation response. They will maintain a list of and disqualify registrants found to have repeatedly engaged in abusive behaviour. They will also be responsible for analysing registry data in search of behaviours indicative of abuse, reviewing industry lists in search of data that may identify abuse in the TLD.

Another key responsibility of Policy Compliance Officers will be implementing measures to promote WhoIs accuracy (including managing and addressing all reports of inaccurate WhoIs information received from the web submission service) and verifying the physical address provided by a registrant against various databases for format and content requirements for the region.

Policy Compliance Officers will act on the instructions of verified LEA and Dispute Resolution Providers and participate in ICANN and industry groups involved in the promulgation of policies and best practices to address abusive behaviour. They will escalate complaints and issues to the Legal Manager when necessary and communicate with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. This role will be provided on a 24⁄7 basis, supported outside of ordinary business hours by ARI’s Service Desk.

Policy Compliance Officers will be required to have the following skills⁄qualifications: customer service⁄fault handling experience, comprehensive knowledge of abusive behaviour in a TLD and related policies, Internet industry knowledge, relevant post-secondary qualification, excellent communication and professional skills, accurate data entry skills, high-level problem solving skills, and high-level computer skills.

Legal Manager: The Legal Manager will be responsible for handling all potential disputes arising in connection with the implementation of ARI’s Anti-Abuse service and related policies. This will involve assessing escalated complaints and issues, liaising with Legal Counsel and the registry operator, resolving disputes and communicating with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. The Legal Manager will be responsible for forwarding all matters requiring determination by the registry operator which fall outside the scope of ARI’s Anti-Abuse functions. The Legal Manager will be required to have the following skills⁄qualifications: legal background (in particular, intellectual property⁄information technology law) or experience with relevant tertiary or post-graduate qualifications, dispute resolution experience, Internet industry experience, strong negotiation skills, excellent communication and professional skills, good computer skills, high-level problem solving skills.

Legal Counsel: A qualified lawyer who will be responsible for all in-house legal advice, including responding to LEA and dealing with abusive behaviour.

The team consists of:

– 4 Policy Compliance Officers

– 1 Legal Manager

– 1 Legal Counsel



5.3 ARI SERVICE DESK

ARI’s Service Desk will be staffed by 14 full-time equivalent positions. Responsibilities of Service Desk relevant to ARI’s Anti-Abuse Service include the following: responding to notifications of abuse through the abuse point of contact and expedited process for LEA, logging notifications as a ticket in ARI’s case management system, notifying us of a report received through the expedited process for LEA, government and quasi-governmental agencies, and forwarding tickets to ARI’s Abuse and Compliance team for resolution in accordance with the Anti-Abuse Policy.

For more information on the skills and responsibilities of these roles please see the in-depth resources section in response to Question 31.

Based on the projections and the experience of ARI, the resources described here are more than sufficient to accommodate the needs of this TLD.

The use of these resources and the services they enable is included in the fees paid to ARI which are described in the financial responses.






** TRI Ventures’ draft registration policy


1. DOMAIN NAME LICENCES

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.



2. SELECTION OF REGISTRARS

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with
clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of TRI Ventures;

(iv) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(v) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(vi) provide multi-language support for the registration of IDNs;

(vii) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(viii) meet applicable technical requirements of TRI Ventures; and

(ix) comply with all conditions, dependencies, policies and other requirements reasonably imposed by TRI Ventures, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.



3. ELIGIBLE REGISTRANTS

Entities and persons with an interest in software applications (apps) may register Domain Names in the .app gTLD.



4. REQUIRED CRITERIA FOR DOMAIN NAME REGISTRATION

An application for Domain Name registration must meet all the following criteria:

(i) availability;

a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements.

(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry; and
c. any additional technical requirements as required by the Registry from time to time.

(iii) the use of the Domain Name must be consistent with the mission and purposes of the gTLD and consistent with the Domain Name registration policy of TRI Ventures, and include but not be limited to:
a. software application name;
b. application software development service name;
c. software application marketing term; or
d. any relevant name or term to the mission and purpose of the TLD

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.



5. OBLIGATION OF REGISTRANTS

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.


The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.



6. REGISTRANT CONTACT INFORMATION

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:
a. name of a company or organisation;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.


7. REVOCATION OF DOMAIN NAMES

The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials, except for when such speech or material are part of an art object itself;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.

(iv) in order to protect the integrity and stability of the domain name system and the Registry;

(v) where such Domain Name is placed under reserved names list at any time;

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services; and

(vii) where the use of the domain name is not consistent with the mission and purpose of the gTLD.


8. USE OF SECOND OR THIRD LEVEL IDNS IF AND WHEN PROVIDED BY TRI VENTURES

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the Registry.


9. USE OF GEOGRAPHIC NAMES

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.

Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with TRI Ventures’ response to Question 22 Geographic Names.


10. RESERVED NAMES

The Registry may place certain names in its reserved list from time to time where:

(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or

(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.

Reserved Names for TRI Ventures:
The Registry will prepare and publish a list of reserved names prior to the launch of the TLD.


11. ALLOCATION OF DOMAIN NAME

The Registry will register Domain Names on a first-come, first-served basis in accordance with the Registry Rules. The Registry does not provide pre-registration or reservation of Domain Names.


12. LIMITATION ON REGISTRATION ⁄ DOMAIN NAME LICENCES

There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.


13. PROTECTION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS

The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).


14. TERM OF REGISTRATION ⁄ RENEWAL

Initial term of registration:
A Domain Name can be registered for a period between one (1) to ten (10) years.


Renewal of registration:
(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.


Cancellation of registration:
The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.


Auto-renewal:
Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.


15. TRANSFER OF DOMAIN NAMES BETWEEN REGISTRANTS

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .app gTLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the Registry to approve such transfer.


16. CHANGE OF REGISTRAR

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.


17. PRIVACY AND DATA PROTECTION

By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .app gTLD. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.

The Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.


18. WHOIS

The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:

(i) the WHOIS database is provided for information purposes only; and

(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.


19. PRICING ⁄ PAYMENT

The standard fee charged to Registrars will be determined by TRI Ventures prior to launch of the .app gTLD. Such fees will include those relevant to new registrations and renewal of domain names within the .app gTLD.

The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.


20. DISPUTE RESOLUTION

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.


21. Compliance with Consensus and Temporary Policies
The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.


22. DEFINITIONS

Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:
(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or
(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or
(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

Domain Name means a domain name registered directly under the .app gTLD or for which a request or application for registration has been filed with the Registry;

ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).

Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;

Registry means TRI Ventures Inc. (TRI Ventures);

Registry Agreement means the agreement between TRI Ventures and ICANN;

Registry Rules mean:
(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and
(ii) Registration policies provided and amended by the Registry from time to time.

Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.
gTLDFull Legal NameE-mail suffixDetail
.winedot Wine Limitedfamousfourmedia.comView
Q28
The Applicant’s core mission and purpose is to create an environment where individuals and companies can interact and express themselves in ways never before seen on the Internet, in a more targeted, secure and stable environment. To achieve this goal the Applicant will be implementing a range of Abuse Prevention and Mitigation policies and procedures. The following is an overview of initiatives undertaken by the Applicant:

1. gTLD Abuse Prevention and Mitigation Implementation Plan
2. Policies and Procedures to Minimize Abusive Registrations
2.1. Implementation plan for Abuse Point of Contact
2.2. Policies for Handling Complaints Regarding the Abuse Policies
2.3. Proposed Measures for Removal of Orphan Glue Records
2.4. Resourcing plans for the initial implementation of, and ongoing maintenance of, the Abuse Prevention and Mitigation initiatives
3. Measures to promote WHOIS accuracy both directly by the Registry and by Registrars via requirements in the Registry-Registrar Agreement (“RRA”)):
3.1. Regular monitoring of registration data for accuracy and completeness
3.2. Registrar WHOIS policy self-certification and authentication
3.3. WHOIS data reminder process
3.4. Establishing policies and procedures to ensure Registrar compliance with WHOIS policies, which may include audits, financial incentives, penalties, or other means
3.5. Registry semi-annual WHOIS verification
3.6. Registrar semi-annual verification of WHOIS
4. Policies and procedures that define malicious or abusive behaviour
4.1. Service Level Requirements for resolution
4.2. Service Level Requirements for Law enforcement requests
4.3. Coordination with sector Groups and Law Enforcement
4.4. Rapid takedown and suspension
5. Controls to Ensure Proper Access to Domain Functions:
5.1. Enabling two-factor authentication from Registrants to process update, transfer, and deletion requests;
5.2. Enabling multiple, unique points of contact to request and⁄or approve update, transfer, and deletion requests;
5.3. Enabling the notification of multiple, unique points of contact when a domain has been updated, transferred, or deleted
6. Additional Abuse Prevention and Mitigation initiatives
6.1. Additional Mechanism for Protection of Capital City Names
6.2. Additional Mechanisms to Protect and Reserve IGO Names
6.3. Abuse Prevention and Mitigation Seal
6.4. Governance Council
7. Resource Planning
7.1. Resource Planning Specific to Backend Registry Activities
7.2. Administrative Services Provider – Famous Four Media Limited
8. ICANN Prescribed Measures
9. Increasing Registrant Security Awareness
10. Registrant Disqualification
11. Restrictions on Proxy Registration Services
12. Registry Lock
13. Scope⁄Scale Consistency
13.1 Scope⁄Scale Consistency Specific to Backend Registry Activities
14. Acceptable Use Policy (“AUP”)
15. Abuse Response Process


1 gTLD Abuse Prevention and Mitigation Implementation Plan
The Applicant will be implementing a thorough and extensive Abuse Prevention and Mitigation plan, designed to minimise abusive registrations and other detrimental activities that may negatively impact internet users. This plan includes the establishment of a single abuse point of contact, responsible for addressing matters requiring expedited attention and providing a timely response to abuse complaints concerning all names registered in the gTLD through all Registrars of record, including those involving a reseller. Details of this point of contact will be clearly published on the Applicant’s website.
Strong abuse prevention for a new gTLD is an important benefit to the internet community. The Applicant and its backend services provider agree that a Registry must not only aim for the highest standards of technical and operational competence, but also needs to act as a steward of the space on behalf of the Internet community and ICANN in promoting the Registry’s stakeholders’ interest. The Applicant’s Backend Services Provider brings extensive experience establishing and implementing registration policies. This experience will be leveraged to help the Applicant combat abusive and malicious domain activity within the new gTLD space.
One of the key functions of a responsible domain name Registry includes working towards the eradication of domain name abuse including, but not limited to, those resulting from:

- Illegal or fraudulent actions
- Spam
- Phishing
- Pharming
- Distribution of malware
- Fast flux hosting
- Botnets
- Illegal distribution of copyrighted material
- Distribution of child pornography
- Online sale or distribution of illegal pharmaceuticals.

Further explanation of behaviour considered to be abusive can be found in the Acceptable Use Policy (“AUP”) below. Any second-level domain found to be facilitating such behaviours, either upon registration or subsequently, will be subject to rapid compliance action as per the policies outlined below.
The Applicant believes that the success of the gTLD will be determined largely by the sectorʹs broad-spectrum of key stakeholders, who operate globally. The Applicant believes that these stakeholders will be motivated to protect the sector from detrimental practices. The Applicant further believes that sector stakeholders should be afforded the opportunity to influence the manner in which the gTLD is governed, including its abuse prevention policies where appropriate. Accordingly, the Applicant is establishing a Governance Council, to be comprised of key sector stakeholders that will serve as an advisory body. The Governance Council will elect its own Board of Directors, which will be responsible for self-governance, the recommendation of sector-specific policies, and the formulation of guidance on other best practices related to the gTLD. The Applicant aims to develop an Abuse Prevention and Mitigation Working Group in conjunction with the GC. It will give the Applicant’s team advice on abuse preventions and mitigation and how this may effect registration policies. The group will meet to regularly discuss the latest trends in domain name abuse and the most effective way to prevent and remedy them. Registrants, Registrars and the Registry will all be involved in this working group.This will likely prove important as the battle with abusive behaviour online must continuously evolve given that abusive behaviour itself mutates and changes. The Governance Council will offer significantly greater opportunities to identify emerging threats and rapidly establish procedures to deal with them than might have been possible simply with a Registry perspective.


2 Policies and Procedures to Minimize Abusive Registrations

Regardless of how well intentioned its user-base is, a Registry must have the policies, resources, personnel, and expertise in place to combat abusive DNS practices. The Applicantʹs Registry Backend Services Provider is at the forefront of the prevention of such abusive practices. We also believe that a strong program is essential given that Registrants have a reasonable expectation that they are in control of the data associated with their domains, especially its presence in the DNS zone. Because domain names are sometimes used as a mechanism to enable various illegitimate activities on the Internet, often the best preventative measure to thwart these attacks is to remove the names completely from the DNS before they can impart harm, not only to the domain name Registrant, but also to millions of unsuspecting Internet users.
Removing the domain name from the zone has the effect of shutting down all activity associated with the domain name, including the use of all websites and e-mail. The use of this technique should not be entered into lightly. The Applicant has an extensive, defined, and documented process for taking the necessary action of removing a domain from the zone when its presence in the zone poses a threat to the security and stability of the infrastructure of the Internet or the Registry.

Coalition for Online Accountability (“COA”) Recommendations
The Applicant will further structure its policies around the COA Recommendations where relevant to this gTLD. The Applicant’s goal is to provide a safe and secure browsing experience for consumers of this gTLD. A domain within this gTLD that is owned, operated by or compromised by a malicious party could cause harm to consumers, to the gTLDʹs reputation and to the reputation of the Internet itself. As such, additional controls are in place relating to the validity of registrations, as well as additional measures to ensure the correct identity of both Registrants and Registrars relating to changes made within the SRS, and to protecting the integrity of the DNS service as a whole.
The Coalition for Online Accountability have drafted a set of policy recommendations, also endorsed by many other international organizations representing the creative industries, that should be applied to entertainment gTLDs - especially those dependent on copyright protection. The policy is comprised of a set of 7 recommendations that should be adopted by ICANN in evaluating any applicant for an entertainment-based gTLD. The recommendations were posted by COA in the form of a letter to ICANN at http:⁄⁄bit.ly⁄HuHtmq. We welcome the recommendations from the COA and will strongly consider the recommendations relating to the implementation of this gTLD where considered relevant.

BITS Recommendations
The Applicant will further structure its policies around the BITS Recommendations where relevant to this gTLD. The Applicantʹs goal is to provide a safe and secure browsing experience for consumers of this gTLD. A domain within this gTLD that is owned, operated by or compromised by a malicious party could cause harm to consumers, to the gTLD’s reputation and to the reputation of the Internet itself. As such, additional controls are in place relating to the validity of registrations, as well as additional measures to ensure the correct identity of both Registrants and Registrars relating to changes made within the SRS, and to protecting the integrity of the DNS service as a whole.
The Security Standards Working Group (SSWG) formed by BITS drafted a set of policy recommendations that should be applied to financial gTLDs. The policy is comprised of a set of 31 recommendations that should be adopted by ICANN in evaluating any applicant of a financial gTLD. The recommendations were posted by BITS in the form of a letter to ICANN at [http:⁄⁄www.icann.org⁄en⁄correspondence⁄aba-bits-to-beckstrom-crocker-20dec11-en.pdf]. We welcome the recommendations from SSWG and will strongly consider the recommendations relating to the implementation of this gTLD where considered relevant.


2.1 Implementation plan for Abuse Point of Contact

As required by the Registry Agreement, The Applicant will establish and publish on its website a single abuse point of contact responsible for addressing inquiries from law enforcement and the public related to malicious and abusive matters requiring expedited attention. The Applicant will provide a timely response to abuse complaints concerning all names registered in the gTLD by registrars and their resellers. The Applicant will also provide such information to ICANN prior to the delegation of any domain names in the gTLD. This information shall consist of, at a minimum, a valid name, e-mail address dedicated solely to the handling of malicious conduct complaints and a telephone number and mailing address for the primary contact. The Applicant will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made. In addition, with respect to inquiries from ICANN-Accredited Registrars, the Applicant’s Registry Backend Services Provider shall have an additional point of contact, as it does today, handling requests by Registrars related to abusive domain name practices.

2.2 Policies for Handling Complaints Regarding the Abuse Policies

In order to operate under the new gTLD, Registrants must accept the Acceptable Use Policy. The new gTLD Registry’s Acceptable Use Policy clearly delineates the types of activities that constitute “abuse” and the repercussions associated with an abusive domain name registration. In addition, the policy will be incorporated into the applicable Registry-Registrar Agreement (“RRA”) and reserve the right for the Registry to take the appropriate actions based on the type of abuse. This will include locking down the domain name preventing any changes to the contact and name server information associated with the domain name, placing the domain name “on hold” rendering the domain name non-resolvable, transferring the domain name to another Registrar, and⁄or in cases in which the domain name is associated with an existing law enforcement investigation, substituting name servers to collect information about the DNS queries to assist the investigation. When appropriate, the Applicant will also share information with law enforcement. Each ICANN and gTLD accredited Registrar must agree to pass the Acceptable Use Policy on to its Resellers (if applicable) and ultimately to the gTLD Registrants. The Registry’s initial Acceptable Use Policy that the Applicant will use in connection with the gTLD is outlined in a section below.

2.3 Proposed Measures for Removal of Orphan Glue Records

As the Security and Stability Advisory Committee of ICANN (“SSAC”) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the “dominant use of orphaned glue supports the correct and ordinary operation of the DNS.” See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.
While orphan glue records often support the correct and ordinary operation of the DNS, we understand that such glue records can be used maliciously to point to name servers that host domains used in illegal phishing, botnets, malware, and other abusive behaviours. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in DNS.
Thus, the Registry Operator will remove orphan glue records (as defined at the above link) when provided with evidence in written form that such records are present in connection with malicious conduct. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain.
To prevent orphan glue records, the Registry Backend Services Provider performs the following checks before removing a domain or name server:

Checks during domain delete:
- Parent domain delete is not allowed if any other domain in the zone refers to the child name server.
- If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone.
Check during explicit name server delete:
- The Registry Backend Services Provider confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server.
Zone-file impact:
- If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not.
- If no domains reference a name server, then the glue record is removed from the zone file.

2.4 Resourcing plans for the initial implementation of, and ongoing maintenance of, the Abuse Prevention and Mitigation initiatives

Details related to resourcing plans for the initial implementation and ongoing maintenance of the Applicant’s abuse plan are provided in Section 7 of this response.


3 Measures to promote WHOIS accuracy both directly by the Registry and by Registrars via requirements in the Registry-Registrar Agreement (“RRA”):


The Applicant acknowledges that ICANN has developed a number of mechanisms over the past decades that are intended to address the issue of inaccurate WHOIS information. Such measures alone have not proven to be sufficient and the Applicant will offer a mechanism whereby third parties can submit complaints directly to the Applicant about inaccurate or incomplete WHOIS data. Such information shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their Registrants. Thirty days after forwarding the complaint to the Registrar, the Applicant will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or any other action was taken. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, the Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies. Further efforts to pre-empt inaccurate WHOIS data made by the Applicant will include:

1) The Applicant will in general discourage the use of proxy registration services. The Applicant understands that there are instances when proxy registrations may be required and will develop best practices for when these instances occur.
2) The Applicant will maintain a web-based form for third parties to submit claims regarding false and⁄or inaccurate WHOIS data and the Applicant will forward credible claims to the Registrar for investigation⁄resolution. The Applicant will follow up to verify that the claim has been satisfactorily resolved. Failure of the Registrar or the Registrant to resolve the problem may result in the Applicant placing the domain name on hold, except in extraordinary circumstances.
3) The Applicantʹs Registry Backend Services Provider will regularly remind Registrars of their obligation to comply with ICANN’s WHOIS Data Reminder Policy. This policy requires Registrars to validate the WHOIS information provided during the registration process, to investigate claims of fraudulent WHOIS information, and to cancel domain name registrations for which WHOIS information is determined to be invalid.
4) WHOIS Verification by Registrars. As part of their Registry-Registrar Agreement all accredited Registrars will be required to revalidate WHOIS data for each record they have registered in the gTLD. The Applicant will leave the ultimate determination of how this procedure takes place to the Registrar, but it must include one of the following approved methods. (1) Email notification (2) Outbound telemarketing effort to the individual listed as the administrative contact for the domain.

3.1 Regular monitoring of registration data for accuracy and completeness

As part of their Registry-Registrar Agreement, all of the Applicant’s Registrars will be required to revalidate WHOIS data for each record they have registered on a bi-annual basis. This revalidation will require the Registrar to notify its Registrants in the gTLD about this requirement. While the Applicant reserves the right to suspend domain names that are not verified in a timely manner, the Applicant will engage in other outreach to the Registrant prior to suspending any domain name. As part of the gTLD Abuse reporting system, users can report missing or incomplete WHOIS data via the Registry website. The Applicant will also perform randomized audits of verified WHOIS information to ensure compliance and accuracy.
The Applicant’s selected Registry Backend Services Provider has established policies and procedures to encourage Registrar compliance with ICANN’s WHOIS accuracy requirements..


3.2 Registrar WHOIS policy self-certification and authentication

The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited Registrars for the gTLD and is conducted from time to time throughout the year. Process steps are as follows:
The Registry Backend Services Provider sends an email notification to the ICANN primary Registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification.
When the form is submitted, the Registry Backend Services Provider sends the Registrar an automated email confirming that the form was successfully submitted.
The Registry Backend Services Provider reviews the submitted form to ensure the certifications are compliant.
The Registry Backend Services Provider sends the Registrar an email notification if the Registrar is found to be compliant in all areas.
If a review of the response indicates that the Registrar is out of compliance or if the Registry Backend Services Provider has follow-up questions, the Registrar has 10 days to respond to the inquiry.
If the Registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, the Registry Backend Services Provider sends the Registrar a Breach Notice and gives the Registrar 30 days to cure the breach.
If the Registrar does not cure the breach, the Registry Backend Services Provider may terminate the Registry-Registrar Agreement (RRA).

3.3 WHOIS data reminder process.

The Registry Backend Services Provider regularly reminds Registrars of their obligation to comply with ICANN’s WHOIS Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003 (http:⁄⁄www.icann.org⁄en⁄Registrars⁄wdrp.htm). The Registry Backend Services Provider sends a notice to all Registrars once a year reminding them of their obligation to be diligent in validating the WHOIS information provided during the registration process, to investigate claims of fraudulent WHOIS information, and to cancel domain name registrations for which WHOIS information is determined to be invalid.


3.4 Establishing policies and procedures to ensure Registrar compliance with policies, which may include audits, financial incentives, penalties, or other means.

The Applicant will require as part of the RRA obligations that all accredited Registrars for the gTLD participate in the abuse prevention and mitigation procedures and policies, as well as efforts to improve the accuracy and completeness of WHOIS data. In addition, the Applicant will work to develop an economic incentive program, such as Market Development Funds for Registrars who meet certain SLAs for performance in this area.

3.5 Registry bi-annual WHOIS verification

Additionally, the Applicant will, of its own volition and no less than twice per year, perform a manual review of a random sampling of gTLD domain names in its Registry to test the accuracy of the WHOIS information. Although this will not include verifying the actual information in the WHOIS record, the Applicant will be examining the WHOIS data for prima facie evidence of inaccuracies. In the event that such evidence exists, it shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their Registrants. Thirty days (30) after forwarding the complaint to the Registrar, the Applicant will reexamine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or some other action was taken. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, The Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.

3.6 Registrar bi-annual verification of WHOIS

The Applicant will require in the Registry-Registrar Agreement that all accredited Registrars in this gTLD will be obliged to verify WHOIS data for each record they have registered in the gTLD twice a year. Verification can take place via email, phone or any other method to confirm the accuracy of the WHOIS data associated with the domain name. The Applicant will randomly audit WHOIS records to ensure compliance and accuracy. As part of the gTLD Abuse reporting system, users can report missing or incomplete WHOIS data via the Registry website.

4 Policies and procedures that define malicious or abusive behaviour

The applicant has developed policies and procedures that define malicious and abusive behaviour. More information on these policies and procedures can be found in section 14 - Acceptable Use Policy.

4.1 Service Level Requirements for resolution of APM related activities

As pertains to the Applicant’s service level requirements for resolution, we aim to address and potentially rectify the issue as it pertains to all forms of abuse and fraud within 24 hours. Once abusive behaviour is detected or reported, the Applicant’s Customer Service center immediately creates a support ticket in order to monitor and track the issue through resolution. This support team is operational 24⁄7⁄365. A preliminary assessment will be performed in order to determine whether the abuse claim is legitimate. We will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to Registrants and Internet users.

Category 1:
- Probable Severity or Immediacy of Harm: Low
- Examples of types of abusive behaviour: Spam, Malware
- Mitigation steps:
- Investigate
- Notify Registrant
- Response times – up to 3 days depending on severity.

Category 2:

- Probable Severity or Immediacy of Harm: Medium to High
- Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control
- Mitigation steps:
- Suspend domain name
- Investigate
- Restore or terminate domain name
- Response times - up to 1 day.

4.2 Service Level Requirements and Coordination regarding Law enforcement APM requests

With the assistance of its Registry Backend Services Provider, the Applicant will meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the gTLD. The Registry will respond to legitimate law enforcement inquiries within one business day from receiving the request. Such a response shall include, at a minimum, an acknowledgement of receipt of the request, questions or comments concerning the request, and an outline of the next steps to be taken by the Applicant for rapid resolution of the request.
In the event such request involves any of the activities which can be validated by the Registry and involves the type of activity set forth in the Acceptable Use Policy, the sponsoring Registrar is then given 24 hours to investigate the activity further and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the Registry to keep the name in the zone. If the Registrar has not taken the requested action after the 24-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry may place the domain on “ServerHold”.

4.3 Coordination with sector Groups and Law Enforcement

One of the reasons for which the Registry Backend Services Provider was selected to serve as the Registry Backend Services Provider by the Applicant is the Registry Backend Services Provider’s extensive experience and its close working relationship with a number of law enforcement agencies.
The Registry Backend Services Provider is also a participant in a number of sector groups aimed at sharing information amongst key sector players about the abusive registration and use of domain names. Through these organizations the Registry Backend Services Provider shares information with other registries, Registrars, ccTLDs, law enforcement, security professionals, etc. Not only on abusive domain name registrations within its own gTLDs, but also provides information uncovered with respect to domain names in other registries. The Registry Backend Services Provider has often found that rarely are abuses found only in the gTLDs which it manages, but also within other gTLDs. The Registry Backend Services Provider routinely provides this information to the other registries so that it can take the appropriate action.
When executed in accordance with the Registry Agreement, plans will result in compliance with contractual requirements.
The Applicant believes that the proposed collection of protections that involve both proactive and reactive mechanisms outlined above will provide an unmatched level of security and anti-abuse activity within the gTLD. These mechanisms will be part of both the Registry-Registrar Agreement as well as the Registrant Registration Agreement.

4.4 Rapid takedown and suspension system

The Applicant is committed to ensuring that the use of the internet within its Registry is compliant with all relevant laws and legal directions.
The Applicant notes that its role as the Registry operator is not one of judge and jury in all jurisdictions and as such shall direct all complainants to the legal process in the relevant jurisdiction. Upon receiving a valid and enforceable legal judgment or direction it shall comply forthright with the appropriate action which shall include rapid takedown and⁄or suspension.

5 Controls to Ensure Proper Access to Domain Functions

5.1 Enabling two-factor authentication from Registrants to process update, transfers, and deletion requests;

To ensure proper and secure access to domain functions, the Applicant will develop best practices for its Registrars relating to enabling its Registrants to utilize two factor authentication in its interaction with their Registrar and ultimately the Registry.
The goal of these best practices is to improve domain name security and assist Registrars in protecting the accounts they manage by providing another level of assurance that only authorized registrants can communicate through the registrar with the Registry.

5.2 Enabling multiple, unique points of contact to request and⁄or approve update, transfer, and deletion requests;

The Applicant will investigate the costs and benefits for introducing a service whereby a Registrant can elect to designate multiple points of contact for each domain registered to approve changes to a domain before they are effectuated. The Applicant is of the opinion that these additional checks could improve the security of each domain and will look for ways to deploy them in the most cost-effective and user-friendly manner possible.

5.3 Enabling the notification of multiple, unique points of contact when a domain has been updated, transferred, or deleted

The Applicant will investigate the costs and benefits for introducing a service where by a Registrant can elect to designate multiple points of contact for each domain registered to receive notification of changes to a domain when they are effectuated. The Applicant is of the opinion that these additional checks could improve the security of each domain and will look for ways to deploy them in the most cost-effective and user-friendly manner possible.


6. Additional Abuse Prevention and Mitigation initiatives

6.1 Additional Mechanism for Protection of Capital City Names

In parallel with the Landrush Period defined in the answer to question 18, the Applicant will implement a Capital City Claim (“CCC”) service whereby additional protection will be granted to the capital city names of a country or territory listed in the ISO 3166-1 standard. The CCC process is as follows:

1. Any prospective domain name Registrant applying to register a domain name identical to the capital city name of a country or territory listed in the ISO 3166-1 standard will receive from the Applicant a CCC notification highlighting the fact that the applied-for domain name corresponds to a capital city name of a country or territory listed in the ISO 3166-1 standard.
2. A potential domain name Registrant receiving a CCC notification will have to send a response to the Applicant whereby it will unconditionally comply with the requirements as to representations and warranties required by the Applicant. This will protect the reputation of the capital city as well as any further relevant terms and conditions provided.
3. Unconditional acceptance of the warranties set out in the CCC notification will be a material requirement for a prospective Registrant to be eligible to register the domain name in question should said prospective Registrant be successful in the Landrush period.
4. Upon registration during the Landrush period of a domain name identical to a capital city name of a country or territory listed in the ISO 3166-1 standard, the Applicant will send a notification in writing to the ICANN Government Advisory Committee (ʺGACʺ) Chair.

6.2 Additional Mechanisms to Protect and Reserve IGO Names
The Applicant considers the Protection of Intergovernmental Organization (ʺIGOʺ) names to be very important. The Applicant will use strings registered as second level domains in the .int gTLD as the basis for this protection. To register in the .int domain, the Registrants must be an IGO that meets the requirements found in RFC 1591. The .int domain is used for registering organizations established by international treaties between or among national governments and which are widely considered to have independent international legal personality. Thus, the names of these organizations, as with geographic names, can lend an official imprimatur, and if misused, be a source of public confusion or deception.

Reservation of IGO names:

In addition to the mandated and additional reservation of geographic names as provided for in response to Question 22, the Applicant will reserve, and thereby prevent registration of, all names that are registered as second level domains in the most recent .int zone as of 1st November 2012. By doing so, the Applicant will extend additional protection to IGOs that comply with the current eligibility requirements for the .int gTLD as defined at http:⁄⁄www.iana.org⁄domains⁄int⁄policy⁄, and that have obtained a second-level registration in the .int zone.

Release of IGO names:

In the future, should any of the IGOs wish to make use of the protected strings, the Registry will release and assign the domain to the respective IGOs using the following process:

a) The IGO submits a request to the Applicant in the hope of the reserved name being assigned to themselves and provides the necessary documentation and details of the proposed registrant entity for the domain name registration.
b) The Applicant will validate and authenticate the request to establish that it is a genuine bona fide request.
c) Once the request has been approved the Applicant will notify the requesting IGO as well as ICANN and the GAC of the approval for the assignment of the domain name.
d) The Applicant will issue a unique authorization code to the proposed IGO registrant.
e) The proposed IGO registrant will then be able to request that the assignment of the domain name is given to them using the authorization code with an ICANN and gTLD accredited Registrar of their choice.

6.3 Abuse Prevention and Mitigation Seal

The Applicant intends to further augment the security and stability of its gTLD by implementing the Abuse Prevention and Mitigation Seal (the “APM Seal”). The APM Seal will provide users and stakeholders in the sector with a one-click mechanism for how to access relevant Abuse Prevention and Mitigation processes. Registrants on the gTLD will be required to implement an APM Seal on their web pages that users can click-on and be taken to a web resource detailing the relevant mechanisms for how to report and address abuse on the gTLD. The Applicant will in cooperation with the Governance Council for the sector establish relevant procedures and processes that will be presented to stakeholders with potential grievances.
The APM Seal will operate as follows:

1. Registrant will be required to agree to the Registry’s “Abuse and Rights Protection” Terms and Conditions as part of the Registration process for the second-level domain including clauses relating to the APM Seal.
2. The Terms and Conditions will require the Registrant to include the APM Seal in a prominent place on its website.
3. Following the registration, the Registry will automatically email the Registrant’s Administrative, Technical, and Billing contacts with an additional notification that the APM Seal needs to be included on the Registrant’s homepage. The Registrant has 120 days from the date of registration (the “Grace Period”) to effectuate the fixing of the APM seal.
4. During the Grace Period, the domain registration will be flagged in WHOIS or a linked system as being in the APM Seal Grace Period.
5. When the APM Seal has been activated, the second-level domain will have the APM Seal marked as active in WHOIS or a linked system.
6. If the Registrant does not activate the APM Seal before the Grace Period expires, the site will be flagged as being out of the Grace Period for the APM Seal activation and the Registry will notify the Registrant’s Administrative, Technical, and Billing contacts with an additional notification that this APM Seal activation is out of its Grace Period. The contacts will further be notified that the APM Seal must be included on the page and that the Registrant is granted a further 30 days before the site is flagged as being in breach of the Registration terms.
7. Should the Registrant fail to comply and activate the APM Seal within the period specified in the Acceptable Use Policy, the Registry will conduct an investigation on that domain. If after the investigation it is determined that the domain is in breach of the Acceptable Use Policy the Registry reserves the right to suspend and cancel the domain.
8. Exceptions: if a Registrant has a second-level domain that is:
(a) Used for forwarding to another domain
(b) The domain is not used for a website
(c) The domain is currently not in use, or
(d) There is another reason why the seal cannot technically be included

Should the domain be in any of the aforementioned states then the Registrant can activate the APM Seal stating that the domain is one of the exceptions (as listed above) and therefore does not need to include the APM Seal. If a site is listed to be in any of these exception states and then the use of the domain changes to a state that would require the APM Seal, the Registrant must then change the domains status to comply with Acceptable Use Policy. The Registry will conduct an investigation on that domain. If after the investigation it is determined that the domain is in breach of the Acceptable Use Policy the Registry reserves the right to suspend and cancel the domain.

6.4 Governance Council

The Applicant believes that the success of the gTLD will be determined in large by the gTLD’s stakeholders. Not only will these stakeholders have the primary interest of registering domains on the gTLD, but they will also be motivated to protect the sector from practices that would negatively impact the sector overall. The Applicant further believes that sector stakeholders should be afforded the opportunity to influence the manner in which the gTLD is governed. Accordingly, the Applicant is establishing a Governance Council (the “GC”), to be comprised of key sector stakeholders that will serve as an advisory body.

The GC will elect its own Board of Directors, which will be responsible for self-governance, the recommendation of sector-specific policies, and the formulation of guidance on intellectual property and other best practices related to the gTLD. This will lead the policy development process of defining how the APM Reporting Website should best reflect the options users, rights holders, etc., have for addressing infringing content or other issues.


7. Resource Planning

7.1 Resource Planning Specific to Backend Registry Activities

Responsibility for abuse mitigation rests with a variety of functional groups. The Abuse Monitoring team is primarily responsible for providing analysis and conducting investigations of reports of abuse. The customer service team also plays an important role in assisting with the investigations, responding to customers, and notifying Registrars of abusive domains. Finally, the Policy⁄Legal team is responsible for developing the relevant policies and procedures.
The necessary resources will be pulled from the pool of available resources described in detail in the response to Question 31. The following resources are available from those teams globally distributed:

Customer Support – 12 people
Policy⁄Legal – 2 people
The resources are more than adequate to support the abuse mitigation procedures of the Registry.

7.2 Administrative Services Provider – Famous Four Media Limited

In addition to those resources set out above provided by the Registry’s backend services provider the Applicant‘s Administration Services Provider shall provide the following extra resources:

- Sunrise Validation Team - This shall comprise of 11 employees of which at least one shall be a qualified lawyer specializing in intellectual property law.
- Ongoing Rights Protection Team - This shall comprise of 11 employees of which at least one shall be a qualified lawyer specializing in intellectual property law.

The two key objectives of the Sunrise Validation Team and the Ongoing rights Protection Team (together the “Rights Team”) is to:

a. Prevent abusive registrations; and
b. Identify and address the abusive use of registered names on an ongoing basis
Because rights protection is a fundamental core objective of the Applicant it has contracted with its Registry Administration Services Provider that the number of full time personnel made available to the Applicant will be 125% of the estimated requirement to ensure that at all times the Applicant is over resourced in this area. In addition the Applicant shall instruct outside Counsel in any relevant jurisdiction on all matters that are unable to be adequately dealt with by the Sunrise Validation Team or the Ongoing Rights Protection Team.

8. ICANN Prescribed Measures

In accordance with its obligations as a Registry operator, the Applicant will comply with all requirements in the ‘gTLD Applicant Guidebook’. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the gTLD:

- DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy-to-use manner in order to facilitate deployment by Registrants. Prohibition on Wild Carding as required by section 2.2 of Specification 6 of the Registry Agreement.
- Removal of Orphan Glue records (discussed above in section 4).


9. Increasing Registrant Security Awareness

In order to operate a secure and reliable gTLD, the Applicant will attempt to improve Registrant awareness of the threats of domain name hijacking, Registrant impersonation and fraud, and emphasise the need for and responsibility of Registrants to keep registration (including WHOIS) information accurate. Awareness will be raised by:
- Publishing the necessary information on the Abuse page of our Registry website in the form of presentations and FAQ’s.
- Developing and providing to Registrants and resellers Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse when the uniqueness property of this domain name password is not preserved.
The increase in awareness renders Registrants less susceptible to attacks on their domain names owing to the adoption of the recommended best practices thus serving to mitigate the potential for abuse in the gTLD. The clear responsibility on Registrants to provide and maintain accurate registration information (including WHOIS) further serves to minimise the potential for abusive registrations in the gTLD.


10. Registrant Disqualification

Registrants, their agents or affiliates found through the application of the AUP to have repeatedly engaged in abusive registration may be disqualified from maintaining any registrations or making future registrations. This will be triggered when the Registry Backend Services Provider’s records indicate that a Registrant has had action taken against it an unusual number of times through the application of our Anti-Abuse Policy. Registrant disqualification provides an additional disincentive for qualified Registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.
In addition, name servers that are found to be associated only with fraudulent registrations will be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.
The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to partake in such behaviour from registering domain names.
For a Registrant to be placed on a list of bad actors, the Applicant will examine the factors noted above, and such determination shall be made by the Applicant at its sole discretion. Once the Applicant determines that a Registrant should be placed onto the list of bad actors, the Applicant will notify its Registry Backend Services Provider, who will be instructed to cause all of the Registrant’s second-level domains in the gTLD to resolve to a page which notes that the domain has been disabled for abuse-related reasons. The second-level domains at issue will remain in this state until the expiration of the Registrant’s registration term or a decision from a UDRP panel or court of competent jurisdiction requires the transfer or cancellation of such domains.


11. Restrictions on Proxy Registration Services

The Applicant will in general discourage the use of proxy registration services. The Applicant further understands that there are instances when proxy registrations may be required and will develop best practices when these instances occur. Whilst it is understood that implementing measures to promote WHOIS accuracy is necessary to ensure that the Registrant may be tracked down, it is recognised that some Registrants may wish to utilise a proxy registration service to protect their privacy. In the event that Registrars elect to offer such services, the following conditions apply:

- Registrars should take the best practice guidance developed by the Applicant and the Governance Council for the gTLD into account when making Proxy registration services available to its Registrants.
- Registrars must ensure that the actual WHOIS data is obtained from the Registrant and must maintain accurate records of such data.
- Registrars must provide Law Enforcement Agencies (“LEA”) with the actual WHOIS data upon receipt of a verified request.

These conditions will be implemented contractually by inclusion of corresponding clauses in the RRA as well as being published on the Abuse page of the Registry website. Individuals and organisations will be encouraged through the Abuse page to report any domain names they believe violate the above restrictions, following which appropriate action may be taken by the Registry Backend Services Provider. Publication of these conditions on the Abuse page of the Registry website ensures that Registrants are aware that despite utilisation of a proxy registration service, actual WHOIS information will be provided to LEA upon request in order to hold Registrants liable for all actions in relation to their domain name.
The certainty that WHOIS information relating to domain names which draw the attention of LEA will be disclosed results in the gTLD being less attractive to those seeking to register domain names for abusive purposes, thus mitigating the potential for abuse in the gTLD.


12. Registry Lock

Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst the Applicant will take efforts to promote the awareness of security amongst Registrants, it is recognised that an added level of security may be provided to Registrants by ‘Registry locking’ the domain name and thereby prohibiting any updates at the Registry operator level. The Registry lock facility will be offered to all Registrars who may request this service on behalf of their Registrants in order to prevent unintentional transfer, modification or deletion of the domain name. This facility mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission-critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.
Upon receipt of a list of domain names to be placed on Registry lock by an authorised representative from a Registrar, the Registry Backend Services Provider will:

1. Validate that the Registrar is the Registrar of record for the domain names.
2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.
3. Record the status of the domain name in the Shared Registration System (SRS).
4. Provide a monthly report to Registrars indicating the names for which the Registry lock service was provided in the previous month.


13. Scope⁄Scale Consistency

The Applicant believes that the proposed collection of protections that involve both proactive and reactive mechanisms outlined above will provide an unmatched level of security and anti-abuse activity within the gTLD and is appropriate for the size and scale of the gTLD.

13.1 Scope⁄Scale Consistency Specific to Backend Registry Activities

The Registry Backend Services Provider is an experienced backend Registry provider that has developed and uses proprietary system scaling models to guide the growth of its gTLD supporting infrastructure. These models direct the Registry Backend Services Provider’s infrastructure scaling to include, but not be limited to, server capacity, data storage volume, and network throughput that are aligned to projected demand and usage patterns. The Registry Backend Services Provider periodically updates these models to account for the adoption of more capable and cost-effective technologies.
The Registry Backend Services Provider’s scaling models are proven predictors of needed capacity and related cost. As such, they provide the means to link the projected infrastructure needs of the gTLD with necessary implementation and sustainment cost. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its scaling models, The Registry Backend Services Provider derived the necessary infrastructure required to implement and sustain this gTLD and its APM policies.

14. Acceptable Use Policy

This Acceptable Use Policy gives the Registry the ability to quickly lock, cancel, transfer or take ownership of any domain name, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its Registrar partners and⁄or that may put the safety and security of any Registrant or user at risk. The process also allows the Registry to take preventive measures to avoid any such criminal or security threats.
The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring by the Registry or its partners. In all cases, the Registry or its designees will alert the Registry’s Registrar partners about any identified threats, and will work closely with them to bring offending sites into compliance.
The following are some (but not all) activities that may be subject to rapid domain compliance:

- Phishing; a criminal activity employing tactics to defraud and defame Internet users via sensitive information with the intent to steal or expose credentials, money or identities. A phishing attack often begins with a spoofed email posing as a trustworthy electronic correspondence that contains hijacked brand names e.g.(financial institutions, credit card companies, e-commerce sites). The language of a phishing email is misleading and persuasive by generating either fear and⁄or excitement to ultimately lure the recipient to a fraudulent Web site. It is paramount for both the phishing email and Web site to appear credible in order for the attack to influence the recipient. As with the spoofed email, phishers aim to make the associated phishing Web site appear credible. The legitimate target Web site is mirrored to make the fraudulent site look professionally designed. Fake third-party security endorsements, spoofed address bars, and spoofed padlock icons falsely lend credibility to fraudulent sites as well. The persuasive inflammatory language of the email combined with a legitimate looking Web site is used to convince recipients to disclose sensitive information such as passwords, usernames, credit card numbers, social security numbers, account numbers, and mother’s maiden name.
- Malware; malicious software that was intentionally developed to infiltrate or damage a computer, mobile device, software and⁄or operating infrastructure or website without the consent of the owner or authorized party. This includes, amongst others, Viruses, Trojan horses, and worms.
- Domain Name or Domain Theft; the act of changing the registration of a domain name without the permission of its original Registrant.
- Botnet Command and Control; Services run on a domain name that is used to control a collection of compromised computers or “zombies,” or to direct Distributed Denial of Service attacks (“DDoS attacks”)
- Distribution of Malware; The intentional creation and intentional or unintentional distribution of “malicious” software designed to infiltrate a computer system without the owner’s consent, including, without limitation, computer viruses, worms, keyloggers, and Trojans.
- Fast Flux Attacks⁄Hosting; A technique used to shelter Phishing, Pharming, and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP addresses associated with fraudulent sites are changed rapidly so as to make the true location of the sites difficult to find.
- Hacking; the attempt to gain unauthorized access (or exceed the level of authorized access) to a computer, information system, user account or profile, database, or security system.
- Pharming; The redirecting of unknown users to fraudulent sites or services, typically through, but not limited to, DNS hijacking or poisoning;
- Spam; The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and spamming of websites and Internet forums.
- Child Pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the legal age in the relevant jurisdiction.
- Further abusive behaviours include, but are not limited to; Cybersquatting,Front-Running,Gripe Sites, Deceptive and⁄or Offensive Domain Names, Fake Renewal Notices,Cross-gTLD Registration Scam, Name Spinning, Pay-per-Click, Traffic Diversion, False Affiliation, Domain Kiting ⁄ Tasting, fast-flux and 419 scams.

The Registry reserves the right, at its sole discretion, to take any administrative and operational actions necessary, including the use of computer forensics and information security technological services, among other things, in order to implement the Acceptable Use Policy. In addition, the Registry reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on Registry lock, hold or similar status, that it deems necessary, to its discretion; (1) to protect the integrity and stability of the Registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of the Registry as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by the Registry or any Registrar in connection with a domain name registration. The Registry also reserves the right to place upon Registry lock, hold or similar status a domain name during resolution of a dispute.
Registrants must also agree that they will not use their domain for any purposes which are prohibited by the laws of the jurisdiction(s) in which they do business or any other applicable law. You may not use your domain for any purposes or in any manner which violate a statute, rule or law governing use of the Internet and⁄or electronic commerce, including those statutes related to gaming and⁄or online gambling.
In addition, The Applicant reserves the right to deny attempted registrations from repeat violators of the Registry’s Acceptable Use Policy. The Registry’s Acceptable Use Policy will incorporate a certification by the Registrant that the domain will be used only for licensed, legitimate activities, and not to facilitate piracy or infringements. The Registrant will be required to accept these terms as part of its registration agreement. The Applicant reserves the right to suspend or cancel a domain for violation of the Registry’s Acceptable Use Policy.

15. Abuse Response Process

The Registry is committed to ensuring that those domain names associated with abuse or malicious conduct in violation of the Acceptable Use Policy are dealt with in a timely and decisive manner. These include taking action against those domain names that are being used to threaten the stability and security of the gTLD, or are part of a real-time investigation by law enforcement.
Once a complaint is received from a trusted source, third-party, or detected by the Registry, the Registry will use commercially reasonable efforts to verify the information in the complaint. If that information can be verified to the best of the ability of the Registry, the sponsoring Registrar will be notified and be given 48 hours to investigate the activity. This will result in either the take down of the domain name by placing the domain name on hold or the deletion of the domain name in its entirety or providing a compelling argument to the Registry to keep the name in the zone. If the Registrar has not taken the requested action after the 48-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry may place the domain on “ServerHold”. Although this action removes the domain name from the gTLD zone, the domain name record still appears in the gTLD WHOIS database so that the name and entities can be investigated by law enforcement should they desire to get involved.

Additionally, the Applicant will require Registrars to adhere to the following abuse-prevention procedures:

- Each new gTLD accredited Registrar must provide and maintain a valid primary point of contact for abuse complaints. The Applicant will require this as part of the new gTLD RRA.
- The Applicant will explicitly define for Registrars what constitutes abusive behaviour including but not limited to, malicious, negligent, and reckless behaviour. The definition of abusive behaviour will be contained in the AUP and the Applicant will require this as part of the new gTLD RRA.
- Registrars must notify the Registry Operator immediately regarding any investigation or compliance action including the nature of the investigation or compliance action by ICANN or any outside party (e.g., law enforcement, etc.), along with the gTLD impacted. This will be required as part of the new gTLD RRA.
- The Applicant will initiate an Abuse Prevention and Mitigation Working Group. This group will be developed in conjunction with the gTLD Governance Council mentioned above. Its aim will be to give the Applicant’s team alternate perspectives about handling incidents of abuse and ways to mitigate them. The group will meet regularly to discuss the latest trends in domain name abuse and the most effective way to prevent and remedy them for the gTLD.
-end-