Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.appTRI Ventures, Inc.litl.comView
We have engaged ARI Registry Services (ARI) to deliver services for this TLD. ARI provide registry services for a number of TLDs including the .au ccTLD. For more background information on ARI please see the attachment ‘Q28 – ARI Background & Roles.pdf’.

As stated in response to Question 18, TRI Ventures’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. TRI Ventures will implement its draft registration policy as means of abuse prevention and mitigation ** (see end of document).



1 INTRODUCTION

The efforts that will be undertaken in this TLD to minimise abusive registrations and other activities that have a negative impact on Internet users are described below. We will be utilising the Anti-Abuse Service of our managed registry service provider, ARI. This service includes the implementation of our comprehensive Anti-Abuse Policy. This policy, developed in consultation with ARI, clearly defines abusive behaviour and identifies particular types of abusive behaviour and the mitigation response to such behaviour.



2 OVERVIEW

We have engaged ARI to deliver registry services for this TLD. ARI will, owing to their extensive industry experience and established anti-abuse operations, implement and manage on our behalf various procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI will forward to us all matters requiring determination by the registry operator which fall beyond the scope of ARI’s Anti-Abuse Service. This is described below in the context of the implementation of our Anti-Abuse Policy.

Despite utilisation of ARI’s Anti-Abuse Service, we are nonetheless cognisant of our responsibility to minimise abusive registrations and other activities that have a negative impact on Internet users in the TLD. In recognition of this responsibility, we will play an instrumental role in overseeing the implementation of the Anti-Abuse Service by ARI. We will also have contractual commitments in the form of SLA’s in place to ensure that ARI’s delivery of the Anti-Abuse Service is aligned with our strong commitment to minimise abuse in our TLD.

That strong commitment is further demonstrated by our adoption of many of the requirements proposed in the ‘2011 Proposed Security, Stability and Resiliency Requirements for Financial TLDs’ (at http:⁄⁄www.icann.org⁄en⁄news⁄correspondence⁄aba-bits-to-beckstrom-crocker-20dec11-en.pdf) (the ‘BITS Requirements). We acknowledge that these requirements were developed by the financial services sector in relation to financial TLDs, but nevertheless believe that their adoption in this TLD (which is not financial-related) results in a more robust approach to combating abuse.

Consistent with Requirement 6 of the BITS Requirements, we will certify to ICANN on an annual basis our compliance with our Registry Agreement.

Please note that the various policies and practices that we have implemented to minimise abusive registrations and other activities that affect the rights of trademark holders are specifically described in our response to Question 29.



3 POLICY

In consultation with ARI we have developed a comprehensive Anti-Abuse Policy, which is the main instrument that captures our strategy in relation to abuse in the TLD.


3.1 DEFINITION OF ABUSE

Abusive behaviour in a TLD may relate to the core domain name-related activities performed by Registrars and registries including, but not limited to:
– The allocation of registered domain names.

– The maintenance of and access to registration information.

– The transfer, deletion, and reallocation of domain names.

– The manner in which the registrant uses the domain name upon creation.


Challenges arise in attempting to define abusive behaviour in the TLD due to its broad scope. Defining abusive behaviour by reference to the stage in the domain name lifecycle in which the behaviour occurs presents difficulty given that a particular type of abuse may occur at various stages of the life cycle.
With this in mind, ARI has fully adopted the definition of abuse developed by the Registration Abuse Policies Working Group (Registration Abuse Policies Working Group Final Report 2010, at http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), which does not focus on any particular stage in the domain name life cycle.


Abusive behaviour in a TLD may be defined as an action that:

– causes actual and substantial harm, or is a material predicate of such harm.

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


In applying this definition the following must be noted:

1. The party or parties harmed, and the severity and immediacy of the abuse, should be identified in relation to the specific alleged abuse.

2. The term ʺharmʺ is not intended to shield a party from fair market competition.

3. A predicate is a related action or enabler. There must be a clear link between the predicate and the abuse, and justification enough to address the abuse by addressing the predicate (enabling action).


For example, WhoIs data can be used in ways that cause harm to domain name registrants, intellectual property (IP) rights holders and Internet users. Harmful actions may include the generation of spam, the abuse of personal data, IP infringement, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences. Examples of predicates to these harmful actions are automated email harvesting, domain name registration by proxy⁄privacy services to aid wrongful activity, support of false or misleading registrant data, and the use of WhoIs data to develop large email lists for commercial purposes. The misuse of WhoIs data is therefore considered abusive because it is contrary to the intention and design of the stated legitimate purpose of WhoIs data.



3.2 AIMS AND OVERVIEW OF OUR ANTI-ABUSE POLICY

Our Anti-Abuse Policy will put registrants on notice of the ways in which we will identify and respond to abuse and serve as a deterrent to those seeking to register and use domain names for abusive purposes. The policy will be made easily accessible on the Abuse page of our registry website which will be accessible and have clear links from the home page along with FAQs and contact information for reporting abuse.


Consistent with Requirements 15 and 16 of the BITS Requirements, our policy:

– Defines abusive behaviour in our TLD.

– Identifies types of actions that constitute abusive behaviour, consistent with our adoption of the RAPWG definition of ‘abuse’.

– Classifies abusive behaviours based on the severity and immediacy of the harm caused.

– Identifies how abusive behaviour can be notified to us and the steps that we will take to determine whether the notified behaviour is abusive.

– Identifies the actions that we may take in response to behaviour determined to be abusive.

Our RRA will oblige all Registrars to do the following in relation to the Anti-Abuse Policy:

– comply with the Anti-Abuse Policy; and

– include in their registration agreement with each registrant an obligation for registrants to comply with the Anti-Abuse Policy and each of the following requirements:

‘operational standards, policies, procedures, and practices for the TLD established from time to time by the registry operator in a non-arbitrary manner and applicable to all Registrars, including affiliates of the registry operator, and consistent with ICANNʹs standards, policies, procedures, and practices and the registry operator’s Registry Agreement with ICANN. Additional or revised registry operator operational standards, policies, procedures, and practices for the TLD shall be effective upon thirty days notice by the registry operator to the Registrar. If there is a discrepancy between the terms required by this Agreement and the terms of the Registrar’s registration agreement, the terms of this Agreement shall supersede those of the Registrar’s registration agreement’.


Our RRA will additionally incorporate the following BITS Requirements:

– Requirement 7: Registrars must certify annually to ICANN and us compliance with ICANN’s Registrar Accreditation Agreement (RAA) our Registry-Registrar Agreement (RRA).

– Requirement 9: Registrars must provide and maintain valid primary contact information (name, email address, and phone number) on their website.

– Requirement 14: Registrars must notify us immediately regarding any investigation or compliance action, including the nature of the investigation or compliance action by ICANN or any outside party (eg law enforcement, etc.) along with the TLD impacted.

– Requirement 19: Registrars must disclose registration requirements on their website.
We will re-validate our RRAs at least annually, consistent with Requirement 10.



3.3 ANTI-ABUSE POLICY

Our Anti-Abuse Policy is as follows:


ANTI-ABUSE POLICY

INTRODUCTION:
The abusive registration and use of domain names in the TLD is not tolerated given that the inherent nature of such abuses creates security and stability issues for all participants in the Internet environment.


Definition of Abusive Behaviour:
Abusive behaviour is an action that:

– causes actual and substantial harm, or is a material predicate of such harm; or

– is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.


A ‘predicate’ is an action or enabler of harm.
‘Material’ means that something is consequential or significant.

Examples of abusive behaviour falling within this definition:

– Spam: the use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.

– Phishing: the use of a fraudulently presented web site to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Pharming: the redirecting of unknowing users to fraudulent web sites or services, typically through DNS hijacking or poisoning, in order to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.

– Wilful distribution of malware: the dissemination of software designed to infiltrate or cause damage to devices or to collect confidential data from users without the owner’s informed consent.

– Fast Flux hosting: the use of DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves in order to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast flux hosting may only be used with prior permission of the registry operator.

– Botnet command and control: the development and use of a command, agent, motor, service or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.

– Distribution of child pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

– Illegal access to other computers or networks: the illegal accessing of computers, accounts, or networks belonging to another party, or attempt to penetrate security measures of another individual’s system (hacking). Also, any activity that might be used as a precursor to an attempted system penetration.



DETECTION OF ABUSIVE BEHAVIOUR:


Abusive behaviour in the TLD may be detected in the following ways:

– By us through our on-going monitoring activities and industry participation.

– By third parties (general public, law enforcement, government agencies, industry partners) through notification submitted to the abuse point of contact on our website, or industry alerts.

Reports of abusive behaviour will be notified immediately to the Registrar of record.



HANDLING OF ABUSIVE BEHAVIOUR:

When abusive behaviour is detected in our TLD through notification by a third party, a preliminary assessment will be performed in order to determine whether the notification is legitimately made. Applying the definitions of types of abusive behaviours identified in this policy, we will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to registrants and Internet users. These categories are provided below and are defined by reference to the action that may be taken by us. The examples of types of abusive behaviour falling within each category are illustrative only.


Category 1:

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware


Mitigation steps:

1. Investigate
2. Notify registrant


Category 2:

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name

2. Investigate

3. Restore or terminate domain name


In the event that we receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, our mitigation steps will be in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, we will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime, eg distribution of child pornography.

Note that these expected actions are intended to provide a guide to our response to abusive behaviour rather than any guarantee that a particular action will be taken.
The identification of abusive behaviour in the TLD, as defined above, shall give us the right, but not the obligation, to take such actions in accordance with the following text in the RRA, which provides that the registry operator:

‘reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, or instruct Registrars to take such an action as we deem necessary in our discretion to;

1. protect the integrity and stability of the registry;

2. comply with any applicable laws, government rules or requirements, requests of law enforcement, or dispute resolution process;

3. avoid any liability, civil or criminal, on the part of the registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees, per the terms of the registration agreement; and

4. correct mistakes made by the registry operator or any Registrar in connection with a domain name registration.


We reserve the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

We also reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrars only and not Resellers may offer proxy registration services to private individuals using the domain name for non-commercial purposes.

We may amend or otherwise modify this policy to keep abreast of changes in consensus policy or new and emerging types of abusive behaviour in the Internet.
Registrar’s failure to comply with this Anti-Abuse Policy shall constitute a material breach of the RRA, and shall give rise to the rights and remedies available to us under the RRA.



4 ABUSE PREVENTION AND MITIGATION

This section describes the implementation of our abuse related processes regarding:

– Building awareness of the Anti-Abuse Policy.

– Mitigating the potential for abusive behaviour.

– Identifying abusive behaviour.

– Handling abusive behaviour.



4.1. AWARENESS OF POLICY

The Anti-Abuse Policy will be published on the Abuse page of our registry website, which will be accessible and have clear links from the home page. In addition, the URL to the Abuse page will be included in all email correspondence to the registrant, thereby placing all registrants on notice of the applicability of the Anti-Abuse Policy to all domain names registered in our TLD. The Abuse page will, consistent with Requirement 8 of the BITS Requirements, provide registry contact information (name, email address, and phone number) to enable the public to communicate with us about TLD policies. The Abuse page will emphasise and evidence our commitment to combating abusive registrations by clearly identifying what our policy on abuse is and what effect our implementation of the policy may have on registrants. We anticipate that this clear message, which communicates our commitment to combating abusive registrations, will serve to minimise abusive registrations in our TLD.



4.2 PRE-EMPTIVE – MITIGATING OF THE POTENTIAL FOR ABUSE

The following practices and procedures will be adopted to mitigate the potential for abusive behaviour in our TLD.



4.2.1 ICANN PRESCRIBED MEASURES

In accordance with our obligations as a registry operator, we will comply with all requirements in the ‘gTLD Applicant Guidebook’. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the TLD:

– DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy-to-use manner in order to facilitate deployment by registrants. DNSSEC deployment is further discussed in the context of our response to Question 43.

– Prohibition on Wild Carding as required by section 2.2 of Specification 6 of the Registry Agreement.

– Removal of Orphan Glue records (discussed below in ‎‘4.2.8 Orphan Glue Record Management’).



4.2.2 INCREASING REGISTRANT SECURITY AWARENESS

In accordance with our commitment to operating a secure and reliable TLD, we will attempt to improve registrant awareness of the threats of domain name hijacking, registrant impersonation and fraud, and emphasise the need for and responsibility of registrants to keep registration (including WhoIs) information accurate. Awareness will be raised by:

– Publishing the necessary information on the Abuse page of our registry website in the form of videos, presentations and FAQ’s.

– Developing and providing to registrants and resellers Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse when the uniqueness property of this domain name password is not preserved.

The increase in awareness renders registrants less susceptible to attacks on their domain names owing to the adoption of the recommended best practices thus serving to mitigate the potential for abuse in the TLD. The clear responsibility on registrants to provide and maintain accurate registration information (including WhoIs) further serves to minimise the potential for abusive registrations in the TLD.



4.2.3 MITIGATING THE POTENTIAL FOR ABUSIVE REGISTRATIONS THAT AFFECT THE LEGAL RIGHTS OF OTHERS

Many of the examples of abusive behaviour identified in our Anti-Abuse Policy may affect the rights of trademark holders. While our Anti-Abuse Policy addresses abusive behaviour in a general sense, we have additionally developed specific policies and procedures to combat behaviours that affect the rights of trademark holders at start-up and on an ongoing basis. These include the implementation of a trademark claims service and a sunrise registration service at start-up and implementation of the UDRP, URS and PDDRP on an ongoing basis. The implementation of these policies and procedures serves to mitigate the potential for abuse in the TLD by ensuring that domain names are allocated to those who hold a corresponding trademark.

These policies and procedures are described in detail in our response to Question 29.


4.2.4 SAFEGUARDS AGAINST ALLOWING FOR UNQUALIFIED REGISTRATIONS

The eligibility restrictions for this TLD are outlined in our response to Question 18.

Eligibility restrictions will be implemented contractually through our RRA, which will require Registrars to include the following in their Registration Agreements:

– Registrant warrants that it satisfies eligibility requirements.

Where applicable, eligibility restrictions will be enforced through the adoption of the Charter Eligibility Dispute Resolution Policy or a similar policy, and Registrars will be obliged to require in their registration agreements that registrants agree to be bound by such policy and acknowledge that a registration may be cancelled in the event that a challenge against it under such policy is successful.

Providing an administrative process for enforcing eligibility criteria and taking action when notified of eligibility violations mitigates the potential for abuse. This is achieved through the risk of cancellation in the event that it is determined in a challenge procedure that eligibility criteria are not satisfied.



4.2.5 REGISTRANT DISQUALIFICATION

As specified in our Anti-Abuse Policy, we reserve the right to deny registration of a domain name to a registrant who has repeatedly engaged in abusive behaviour in our TLD or any other TLD.

Registrants, their agents or affiliates found through the application of our Anti-Abuse Policy to have repeatedly engaged in abusive registration will be disqualified from maintaining any registrations or making future registrations. This will be triggered when our records indicate that a registrant has had action taken against it an unusual number of times through the application of our Anti-Abuse Policy. Registrant disqualification provides an additional disincentive for qualified registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.

In addition, nameservers that are found to be associated only with fraudulent registrations will be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.
The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to partake in such behaviour from registering domain names.



4.2.6 RESTRICTIONS ON PROXY REGISTRATION SERVICES

Whilst it is understood that implementing measures to promote WhoIs accuracy is necessary to ensure that the registrant may be tracked down, it is recognised that some registrants may wish to utilise a proxy registration service to protect their privacy. In the event that Registrars elect to offer such services, the following conditions apply:

– Proxy registration services may only be offered by Registrars and NOT resellers.

– Registrars must ensure that the actual WhoIs data is obtained from the registrant and must maintain accurate records of such data.

– Registrars must provide Law Enforcement Agencies (LEA) with the actual WhoIs data upon receipt of a verified request.

– Proxy registration services may only be made available to private individuals using the domain name for non-commercial purposes.


These conditions will be implemented contractually by inclusion of corresponding clauses in the RRA as well as being published on the Abuse page of our registry website. Individuals and organisations will be encouraged through our Abuse page to report any domain names they believe violate the above restrictions, following which appropriate action may be taken by us. Publication of these conditions on the Abuse page of our registry website ensures that registrants are aware that despite utilisation of a proxy registration service, actual WhoIs information will be provided to LEA upon request in order to hold registrants liable for all actions in relation to their domain name. The certainty that WhoIs information relating to domain names which draw the attention of LEA will be disclosed results in the TLD being less attractive to those seeking to register domain names for abusive purposes, thus mitigating the potential for abuse in the TLD.



4.2.7 REGISTRY LOCK

Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst we will take efforts to promote the awareness of security amongst registrants, it is recognised that an added level of security may be provided to registrants by ‘registry locking’ the domain name thereby prohibiting any updates at the registry operator level. The registry lock service will be offered to all Registrars who may request this service on behalf of their registrants in order to prevent unintentional transfer, modification or deletion of the domain name. This service mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission-critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.


Upon receipt of a list of domain names to be placed on registry lock by an authorised representative from a Registrar, ARI will:

1. Validate that the Registrar is the Registrar of record for the domain names.

2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.

3. Record the status of the domain name in the Shared Registration System (SRS).

4. Provide a monthly report to Registrars indicating the names for which the registry lock service was provided in the previous month.



4.2.8 ORPHAN GLUE RECORD MANAGEMENT

The ARI registry SRS database does not allow orphan records. Glue records are removed when the delegation point NS record is removed. Other domains that need the glue record for correct DNS operation may become unreachable or less reachable depending on their overall DNS service architecture. It is the registrant’s responsibility to ensure that their domain name does not rely on a glue record that has been removed and that it is delegated to a valid nameserver. The removal of glue records upon removal of the delegation point NS record mitigates the potential for use of orphan glue records in an abusive manner.



4.2.9 PROMOTING WHOIS ACCURACY

Inaccurate WhoIs information significantly hampers the ability to enforce policies in relation to abuse in the TLD by allowing the registrant to remain anonymous. In addition, LEAs rely on the integrity and accuracy of WhoIs information in their investigative processes to identify and locate wrongdoers. In recognition of this, we will implement a range of measures to promote the accuracy of WhoIs information in our TLD including:

– Random monthly audits: registrants of randomly selected domain names are contacted by telephone using the provided WhoIs information by a member of the ARI Abuse and Compliance Team in order to verify all WhoIs information. Where the registrant is not contactable by telephone, alternative contact details (email, postal address) will be used to contact the registrant, who must then provide a contact number that is verified by the member of the ARI Policy Compliance team. In the event that the registrant is not able to be contacted by any of the methods provided in WhoIs, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt (based on the premise that a failure to respond is indicative of inaccurate WhoIs information and is grounds for terminating the registration agreement).

– Semi-annual audits: to identify incomplete WhoIs information. Registrants will be contacted using provided WhoIs information and requested to provide missing information. In the event that the registrant fails to provide missing information as requested, the domain name will be cancelled following five contact attempts or one month after the initial contact attempt.

– Email reminders: to update WhoIs information to be sent to registrants every 6 months.

– Reporting system: a web-based submission service for reporting WhoIs accuracy issues available on the Abuse page of our registry website.

– Analysis of registry data: to identify patterns and correlations indicative of inaccurate WhoIs (eg repetitive use of fraudulent details).

Registrants will continually be made aware, through the registry website and email reminders, of their responsibility to provide and maintain accurate WhoIs information and the ramifications of a failure to do so or respond to requests to do so, including termination of the Registration Agreement.

The measures to promote WhoIs accuracy described above strike a balance between the need to maintain the integrity of the WhoIs service, which facilitates the identification of those taking part in illegal or fraudulent behaviour, and the operating practices of the registry operator and Registrars, which aim to offer domain names to registrants in an efficient and timely manner.

Awareness by registrants that we will actively take steps to maintain the accuracy of WhoIs information mitigates the potential for abuse in the TLD by discouraging abusive behaviour given that registrants may be identified, located and held liable for all actions in relation to their domain name.



4.3 REACTIVE – IDENTIFICATION

The methods by which abusive behaviour in our TLD may be identified are described below. These include detection by ARI and notification from third parties. These methods serve to merely identify and not determine whether abuse actually exists. Upon identification of abuse, the behaviour will be handled in accordance with ‘4.4 Abuse Handling’.

Any abusive behaviour identified through one of the methods below will, in accordance with Requirement 13 of the BITS Requirements, be notified immediately to relevant Registrars.



4.3.1 DETECTION – ANALYSIS OF DATA

ARI will routinely analyse registry data in order to identify abusive domain names by searching for behaviours typically indicative of abuse. The following are examples of the data variables that will serve as indicators of a suspicious domain name and may trigger further action by the ARI Abuse and Compliance Team:

– Unusual Domain Name Registration Practices: practices such as registering hundreds of domains at a time, registering domains which are unusually long or complex or include an obvious series of numbers tied to a random word (abuse40, abuse50, abuse60) may, when considered as a whole, be indicative of abuse.

– Domains or IP addresses identified as members of a Fast Flux Service Network (FFSN): ARI uses the formula developed by the University of Mannheim and tested by participants of the Fast Flux PDP WG to determine members of this list. IP addresses appearing within identified FFSN domains, as either NS or A records shall be added to this list.

– An Unusual Number of Changes to the NS record: the use of fast-flux techniques to disguise the location of web sites or other Internet services, to avoid detection and mitigation efforts, or to host illegal activities is considered abusive in the TLD. Fast flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves. As such an unusual number of changes to the NS record may be indicative of the use of fast-flux techniques given that there is little, if any, legitimate need to change the NS record for a domain name more than a few times a month.

– Results of WhoIs audits: The audits conducted to promote WhoIs accuracy described above are not limited to serving that purpose but may also be used to identify abusive behaviour given the strong correlation between inaccurate WhoIs data and abuse.

– Analysis of cross-validation of registrant WhoIs data against WhoIs data known to be fraudulent.

– Analysis of Domain Names belonging to a registrant subject to action under the Anti-Abuse Policy: in cases where action is taken against a registrant through the application of the Anti-Abuse Policy, we will also investigate other domain names by the same registrant (same name, nameserver IP address, email address, postal address etc).



4.3.2 ABUSE REPORTED BY THIRD PARTIES

Whilst we are confident in our abilities to detect abusive behaviour in the TLD owing to our robust ongoing monitoring activities, we recognise the value of notification from third parties to identify abuse. To this end, we will incorporate notifications from the following third parties in our efforts to identify abusive behaviour:

– Industry partners through ARI’s participation in industry forums which facilitate the sharing of information.

– LEA through a single abuse point of contact (our Abuse page on the registry website, as discussed in detail below) and an expedited process (described in detail in ‘4.4 Abuse Handling’) specifically for LEA.

– Members of the general public through a single abuse point of contact (our Abuse page on the registry website).



4.3.2.1 INDUSTRY PARTICIPATION AND INFORMATION SHARING

ARI is a member of the Registry Internet Safety Group (RISG), whose mission is to facilitate data exchange and promulgate best practices to address Internet identity theft, especially phishing and malware distribution. In addition, ARI coordinates with the Anti-Phishing Working Group (APWG) and other DNS abuse organisations and is subscribed to the NXdomain mailing list. ARI’s strong participation in the industry facilitates collaboration with relevant organisations on abuse-related issues and ensures that ARI is responsive to new and emerging domain name abuses.
The information shared as a result of this industry participation will be used to identify domain names registered or used for abusive purposes. Information shared may include a list of registrants known to partake in abusive behaviour in other TLDs. Whilst presence on such lists will not constitute grounds for registrant disqualification, ARI will investigate domain names registered to those listed registrants and take action in accordance with the Anti-Abuse Policy. In addition, information shared regarding practices indicative of abuse will facilitate detection of abuse by our own monitoring activities.



4.3.2.2 SINGLE ABUSE POINT OF CONTACT ON WEBSITE

In accordance with section 4.1 of Specification 6 of the Registry Agreement, we will establish a single abuse point of contact (SAPOC) responsible for addressing and providing a timely response to abuse complaints concerning all names registered in the TLD through all Registrars of record, including those involving a reseller. Complaints may be received from members of the general public, other registries, Registrars, LEA, government and quasi-governmental agencies and recognised members of the anti-abuse community.

The SAPOC’s accurate contact details (email and mailing address as well as a primary contact for handling inquiries related to abuse in the TLD) will be provided to ICANN and published on the Abuse page of our registry website, which will also include:

– All public facing policies in relation to the TLD, including the Anti-Abuse Policy.

– A web-based submission service for reporting inaccuracies in WhoIs information.

– Registrant Best Practices.

– Conditions that apply to proxy registration services and direction to the SAPOC to report domain names that violate the conditions.


As such, the SAPOC may receive complaints regarding a range of matters including but not limited to:

– Violations of the Anti-Abuse Policy.

– Inaccurate WhoIs information.

– Violation of the restriction of proxy registration services to individuals.


The SAPOC will be the primary method by which we will receive notification of abusive behaviour from third parties. It must be emphasised that the SAPOC will be the initial point of contact following which other processes will be triggered depending on the identity of the reporting organisation. Accordingly, separate processes for identifying abuse exist for reports by LEA⁄government and quasi-governmental agencies and members of the general public. These processes will be described in turn below.



4.3.2.2.1 NOTIFICATION BY LEA OF ABUSE

We recognise that LEA, governmental and quasi-governmental agencies may be privy to information beyond the reach of others which may prove critical in the identification of abusive behaviour in our TLD. As such, we will provide an expedited process which serves as a channel of communication for LEA, government and quasi-governmental agencies to, amongst other things, report illegal conduct in connection with the use of the TLD.

The process will involve prioritisation and prompt investigation of reports identifying abuse from those organisations. The steps in the expedited process are summarised as follows:

1. ARI’s Abuse and Compliance Team will identify relevant LEA, government and quasi-governmental agencies who may take part in the expedited process, depending on the mission⁄purpose and jurisdiction of our TLD. A means of verification will be established with each of the identified agencies in order to verify the identity of a reporting agency utilising the expedited process.

2. We will publish contact details on the Abuse page of the registry website for the SAPOC to be utilised by only those taking part in the expedited process.

3. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a ticket in ARI’s case management system (CMS).

4. The identity of the reporting agency will be identified using the established means of verification (ARIʹs Security Policy has strict guidelines regarding the verification of external parties over the telephone). If no means of verification has been established, the report will be immediately escalated to the ARI Abuse and Compliance Team. Results of verification will be recorded against the relevant CMS ticket.

5. Upon verification of the reporting agency, the ARI Service Desk will obtain the details necessary to adequately investigate the report of abusive behaviour in the TLD. This information will be recorded against the relevant CMS ticket.

6. Reports from verified agencies may be provided in the Incident Object Description Exchange Format (IODEF) as defined in RFC 5070. Provision of information in the IODEF will improve our ability to resolve complaints by simplifying collaboration and data sharing.

7. Tickets will then be forwarded to the ARI Abuse and Compliance Team to be dealt with in accordance with ‘4.4 Abuse Handling’.



4.3.2.2.2 NOTIFICATION BY GENERAL PUBLIC OF ABUSE

Abusive behaviour in the TLD may also be identified by members of the general public including but not limited to other registries, Registrars or security researchers. The steps in this notification process are summarised as follows:

1. We will publish contact details on the Abuse page of the registry website for the SAPOC (note that these contact details are not the same as those provided for the expedited process).

2. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a CMS ticket.

3. The details of the report identifying abuse will be documented in the CMS ticket using a standard information gathering template.

4. Tickets will be forwarded to the ARI Abuse and Compliance Team, to be dealt with in accordance with ‎‘4.4 Abuse Handling’.



4.4 ABUSE HANDLING

Upon being made aware of abuse in the TLD, whether by ongoing monitoring activities or notification from third parties, the ARI Abuse and Compliance Team will perform the following functions:



4.4.1 PRELIMINARY ASSESSMENT AND CATEGORISATION

Each report of purported abuse will undergo an initial preliminary assessment by the ARI Abuse and Compliance Team to determine the legitimacy of the report. This step may involve simply visiting the offending website and is intended to weed out spurious reports, and will not involve the in-depth investigation needed to make a determination as to whether the reported behaviour is abusive.
Where the report is assessed as being legitimate, the type of activity reported will be classified as one of the types of abusive behaviour as found in the Anti-Abuse Policy by the application of the definitions provided. In order to make this classification, the ARI Abuse and Compliance Team must establish a clear link between the activity reported and the alleged type of abusive behaviour such that addressing the reported activity will address the abusive behaviour.

While we recognise that each incident of abuse represents a unique security threat and should be mitigated accordingly, we also recognise that prompt action justified by objective criteria are key to ensuring that mitigation efforts are effective. With this in mind, we have categorised the actions that we may take in response to various types of abuse by reference to the severity and immediacy of harm. This categorisation will be applied to each validated report of abuse and actions will be taken in accordance with the table below. It must be emphasised that the actions to mitigate the identified type of abuse in the table are merely intended to provide a rough guideline and may vary upon further investigation.


Category 1

Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Malware

Mitigation steps:

1. Investigate
2. Notify registrant


Category 2

Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control

Mitigation steps:

1. Suspend domain name
2. Investigate
3. Restore or terminate domain name
The mitigation steps for each category will now be described:



4.4.2 INVESTIGATION – CATEGORY 1

Types of abusive behaviour that fall into this category include those that represent a low severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in the dissemination of unsolicited information or the publication of illegitimate information. While undesirable, these activities do not generally present such an immediate threat as to justify suspension of the domain name in question. We will contact the registrant to instruct that the breach of the Anti-Abuse Policy be rectified. If the ARI Abuse and Compliance Team’s investigation reveals that the severity or immediacy of harm is greater than originally anticipated, the abusive behaviour will be escalated to Category 2 and mitigated in accordance with the applicable steps. These are described below. The assessment made and actions taken will be recorded against the relevant CMS ticket.



4.4.3 SUSPENSION – CATEGORY 2

Types of abusive behaviour that fall into this category include those that represent a medium to high severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in intrusion into other computers’ networks and systems or financial gain by fraudulent means. Following notification of the existence of such behaviours, the ARI Abuse and Compliance Team will suspend the domain name pending further investigation to determine whether the domain name should be restored or cancelled. Cancellation will result if, upon further investigation, the behaviour is determined to be one of the types of abuse defined in the Anti-Abuse Policy. Restoration of the domain name will result where further investigation determines that abusive behaviour, as defined by the Anti-Abuse Policy, does not exist. Due to the higher severity or immediacy of harm attributed to types of abusive behaviour in this category, ARI will, in accordance with their contractual commitment to us in the form of SLA’s, carry out the mitigation response within 24 hours by either restoring or cancelling the domain name. The assessment made and actions taken will be recorded against the relevant CMS ticket.

Phishing is considered to be a serious violation of the Anti-Abuse Policy owing to its fraudulent exploitation of consumer vulnerabilities for the purposes of financial gain. Given the direct relationship between phishing uptime and extent of harm caused, we recognise the urgency required to execute processes that handle phish domain termination in a timely and cost effective manner. Accordingly, the ARI Abuse and Compliance Team will prioritise all reports of phishing from brand owners, anti-phishing providers or otherwise and carry out the appropriate mitigation response within 12 hours in accordance with the SLA’s in place between us and ARI. In addition, since a majority of phish domains are subdomains, we believe it is necessary to ensure that subdomains do not represent an unregulated domain space to which phishers are known to gravitate. Regulation of the subdomain space is achieved by holding the registrant of the parent domain liable for any actions that may occur in relation to subdomains. In reality, this means that where a subdomain determined to be used for phishing is identified, the parent domain may be suspended and possibly cancelled, thus effectively neutralising every subdomain hosted on the parent. In our RRA we will require that Registrars ensure that their Registration Agreements reflect our ability to address phish subdomains in this manner.



4.4.4 EXECUTING LEA INSTRUCTIONS

We understand the importance of our role as a registry operator in addressing consumer vulnerabilities and are cognisant of our obligations to assist LEAs, government and quasi-governmental agencies in the execution of their responsibilities. As such, we will make all reasonable efforts to ensure the integration of these agencies into our processes for the identification and handling of abuse by, amongst other things:

1. Providing expedited channels of communication (discussed above).

2. Notifying LEA of abusive behaviour believed to constitute evidence of a commission of a crime eg distribution of child pornography.

3. Sharing all available information upon request from LEA utilising the expedited process, including results of our investigation.

4. Providing bulk WhoIs information upon request from LEA utilising the expedited process.

5. Acting on instructions from a verified reporting agency.
It is anticipated that these actions will assist agencies in the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties. The relevant agencies are not limited to those enforcing criminal matters but may also include those enforcing civil matters in order to eliminate consumer vulnerabilities.


Upon notification of abusive behaviour by LEA, government or quasi– governmental agencies through the expedited process and verification of the reporting agency, a matter will be immediately communicated to us for our consideration. If we do not instruct ARI to refer the matter to us for our resolution, the CMS ticket will be forwarded to the ARI Abuse and Compliance Team, which will take one of the following actions:

1. The reported behaviour will be subject to preliminary assessment and categorisation as described above. The reported behaviour will then be mitigated based on the results of the categorisation. A report describing the manner in which the notification from the agency was handled will be provided to the agency within 24 hours. This report will be recorded against the relevant CMS ticket.
OR

2. Where specific instructions are received from the reporting agency in the required format, ARI will act in accordance with those instructions provided that they do not result in the contravention of applicable law. ARI will, in accordance with their contractual commitment to us in the form of SLA’s, execute such instructions within 12 hours. The following criteria must be satisfied by the reporting agency at this stage:
a. The request must be made in writing to ARI using a Pro Forma document on the agency’s letterhead. The Pro Forma document will be sent to the verified agency upon request.
b. The Pro Forma document must be delivered to ARI by fax.
c. The Pro Forma document must:
i. Describe in sufficient detail the actions the agency seeks ARI to take.
ii. Provide the domain name⁄s affected.
iii. Certify that the agency is an ‘enforcement body’ for the purposes of the Privacy Act 1988 (Cth) or local equivalent.
iv. Certify that the requested actions are required for the investigation and⁄or enforcement of relevant legislation which must be specified.
v. Certify that the requested actions are necessary for the agency to effectively carry out its functions.

Following prompt execution of the request, a report will be provided to the agency in a timely manner. This report will be recorded against the relevant CMS ticket.
Finally, whilst we do not anticipate the occurrence of a security situation owing to our robust systems and processes deployed to combat abuse, we are aware of the availability of the Expedited Registry Security Request Process to inform ICANN of a present or imminent security situation and to request a contractual waiver for actions we might take or have taken to mitigate or eliminate the security concern.



5 RESOURCES

This function will be performed by ARI. Abuse services are supported by the following departments:

– Abuse and Compliance Team (6 staff)

– Development Team (11 staff)

– Service Desk (14 staff)


A detailed list of the departments, roles and responsibilities in ARI is provided as attachment ‘Q28 – ARI Background & Roles.pdf’. This attachment describes the functions of the above teams and the exact number and nature of staff within.
The number of resources required to design, build, operate and support the SRS does not vary significantly with, and is not linearly proportional to, the number or size of TLDs that ARI provides registry services to.

ARI provides registry backend services to 5 TLDs and has a wealth of experience in estimating the number of resources required to support a registry system.
Based on past experience ARI estimates that the existing staff is adequate to support a registry system that supports in excess of 50M domains. Since this TLD projects 3,664 domains, 0.01% of these resources are allocated to this TLD. See attachment ‘Q28 – Registry Scale Estimates & Resource Allocation.xlsx’ for more information.

ARI protects against loss of critical staff by employing multiple people in each role. Staff members have a primary role plus a secondary role for protection against personnel absence. Additionally ARI can scale resources as required.

ARI’s Anti-Abuse Service serves to prevent and mitigate abusive behaviour in the TLD as well as activities that may infringe trademarks. These responsibilities will be undertaken by three teams. ARI’s Development Team will be responsible for developing the technical platforms and meeting technical requirements needed to implement the procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI’s Abuse and Compliance Team will be responsible for the ongoing implementation of measures to minimise abusive registrations and other activities that have a negative impact on Internet users. ARI’s Service Desk will be responsible for responding to reports of abuse received through the abuse point of contact on the registry’s website and logging these in a ticket in ARI’s case management system.

The responsibilities of these teams relevant to the initial implementation and ongoing maintenance of our measures to minimise abusive registrations and other activities that affect the rights of trademark holders are described in our response to Question 29.

All of the responsibilities undertaken by ARI’s Development Team, Abuse and Compliance Team, and Service Desk are inclusive in ARI’s Managed TLD Registry services fee, which is accounted for as an outsourcing cost in our response to Question 47. The resources needs of these teams have been determined by applying the conservative growth projections for our TLD (which are identified in our response to Question 48) to the team’s responsibilities at start-up and on an ongoing basis.



5.1 ARI DEVELOPMENT TEAM

All tools and systems needed to support the initial and ongoing implementation of measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse will be developed and maintained by ARI. ARI has a software development department dedicated to this purpose which will ensure that the tools are fit for purpose and adjusted as requirements change.

ARI’s Development Team participate actively in the industry; this facilitates collaboration with relevant organisations on abuse related issues and ensures that the ARI Development Team is responsive to new and emerging domain name abuses and the tools and systems required to be built to address these abuses. This team consists of:

– 1 Development Manager

– 2 Business Analysts

– 6 Developers

– 2 Quality Analysts



5.2 ARI ABUSE AND COMPLIANCE TEAM

ARI’s Abuse and Compliance Team will be staffed by six full-time equivalent positions. These roles will entail the following:

Policy Compliance Officers: A principal responsibility of the Policy Compliance Officers will be handling notifications of abuse through the SAPOC. This will involve managing the expedited process, identifying and categorising suspected abuse according to our Anti-Abuse Policy, and carrying out the appropriate mitigation response for all categorised abuses. When abuse is identified, Policy Compliance Officers will investigate other domain names held by a registrant whose domain name is subject to a mitigation response. They will maintain a list of and disqualify registrants found to have repeatedly engaged in abusive behaviour. They will also be responsible for analysing registry data in search of behaviours indicative of abuse, reviewing industry lists in search of data that may identify abuse in the TLD.

Another key responsibility of Policy Compliance Officers will be implementing measures to promote WhoIs accuracy (including managing and addressing all reports of inaccurate WhoIs information received from the web submission service) and verifying the physical address provided by a registrant against various databases for format and content requirements for the region.

Policy Compliance Officers will act on the instructions of verified LEA and Dispute Resolution Providers and participate in ICANN and industry groups involved in the promulgation of policies and best practices to address abusive behaviour. They will escalate complaints and issues to the Legal Manager when necessary and communicate with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. This role will be provided on a 24⁄7 basis, supported outside of ordinary business hours by ARI’s Service Desk.

Policy Compliance Officers will be required to have the following skills⁄qualifications: customer service⁄fault handling experience, comprehensive knowledge of abusive behaviour in a TLD and related policies, Internet industry knowledge, relevant post-secondary qualification, excellent communication and professional skills, accurate data entry skills, high-level problem solving skills, and high-level computer skills.

Legal Manager: The Legal Manager will be responsible for handling all potential disputes arising in connection with the implementation of ARI’s Anti-Abuse service and related policies. This will involve assessing escalated complaints and issues, liaising with Legal Counsel and the registry operator, resolving disputes and communicating with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. The Legal Manager will be responsible for forwarding all matters requiring determination by the registry operator which fall outside the scope of ARI’s Anti-Abuse functions. The Legal Manager will be required to have the following skills⁄qualifications: legal background (in particular, intellectual property⁄information technology law) or experience with relevant tertiary or post-graduate qualifications, dispute resolution experience, Internet industry experience, strong negotiation skills, excellent communication and professional skills, good computer skills, high-level problem solving skills.

Legal Counsel: A qualified lawyer who will be responsible for all in-house legal advice, including responding to LEA and dealing with abusive behaviour.

The team consists of:

– 4 Policy Compliance Officers

– 1 Legal Manager

– 1 Legal Counsel



5.3 ARI SERVICE DESK

ARI’s Service Desk will be staffed by 14 full-time equivalent positions. Responsibilities of Service Desk relevant to ARI’s Anti-Abuse Service include the following: responding to notifications of abuse through the abuse point of contact and expedited process for LEA, logging notifications as a ticket in ARI’s case management system, notifying us of a report received through the expedited process for LEA, government and quasi-governmental agencies, and forwarding tickets to ARI’s Abuse and Compliance team for resolution in accordance with the Anti-Abuse Policy.

For more information on the skills and responsibilities of these roles please see the in-depth resources section in response to Question 31.

Based on the projections and the experience of ARI, the resources described here are more than sufficient to accommodate the needs of this TLD.

The use of these resources and the services they enable is included in the fees paid to ARI which are described in the financial responses.






** TRI Ventures’ draft registration policy


1. DOMAIN NAME LICENCES

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.



2. SELECTION OF REGISTRARS

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with
clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of TRI Ventures;

(iv) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(v) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(vi) provide multi-language support for the registration of IDNs;

(vii) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(viii) meet applicable technical requirements of TRI Ventures; and

(ix) comply with all conditions, dependencies, policies and other requirements reasonably imposed by TRI Ventures, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.



3. ELIGIBLE REGISTRANTS

Entities and persons with an interest in software applications (apps) may register Domain Names in the .app gTLD.



4. REQUIRED CRITERIA FOR DOMAIN NAME REGISTRATION

An application for Domain Name registration must meet all the following criteria:

(i) availability;

a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements.

(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry; and
c. any additional technical requirements as required by the Registry from time to time.

(iii) the use of the Domain Name must be consistent with the mission and purposes of the gTLD and consistent with the Domain Name registration policy of TRI Ventures, and include but not be limited to:
a. software application name;
b. application software development service name;
c. software application marketing term; or
d. any relevant name or term to the mission and purpose of the TLD

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.



5. OBLIGATION OF REGISTRANTS

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.


The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.



6. REGISTRANT CONTACT INFORMATION

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:
a. name of a company or organisation;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.


7. REVOCATION OF DOMAIN NAMES

The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials, except for when such speech or material are part of an art object itself;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.

(iv) in order to protect the integrity and stability of the domain name system and the Registry;

(v) where such Domain Name is placed under reserved names list at any time;

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services; and

(vii) where the use of the domain name is not consistent with the mission and purpose of the gTLD.


8. USE OF SECOND OR THIRD LEVEL IDNS IF AND WHEN PROVIDED BY TRI VENTURES

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the Registry.


9. USE OF GEOGRAPHIC NAMES

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.

Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with TRI Ventures’ response to Question 22 Geographic Names.


10. RESERVED NAMES

The Registry may place certain names in its reserved list from time to time where:

(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or

(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.

Reserved Names for TRI Ventures:
The Registry will prepare and publish a list of reserved names prior to the launch of the TLD.


11. ALLOCATION OF DOMAIN NAME

The Registry will register Domain Names on a first-come, first-served basis in accordance with the Registry Rules. The Registry does not provide pre-registration or reservation of Domain Names.


12. LIMITATION ON REGISTRATION ⁄ DOMAIN NAME LICENCES

There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.


13. PROTECTION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS

The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).


14. TERM OF REGISTRATION ⁄ RENEWAL

Initial term of registration:
A Domain Name can be registered for a period between one (1) to ten (10) years.


Renewal of registration:
(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.


Cancellation of registration:
The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.


Auto-renewal:
Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.


15. TRANSFER OF DOMAIN NAMES BETWEEN REGISTRANTS

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .app gTLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the Registry to approve such transfer.


16. CHANGE OF REGISTRAR

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.


17. PRIVACY AND DATA PROTECTION

By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .app gTLD. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.

The Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.


18. WHOIS

The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:

(i) the WHOIS database is provided for information purposes only; and

(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.


19. PRICING ⁄ PAYMENT

The standard fee charged to Registrars will be determined by TRI Ventures prior to launch of the .app gTLD. Such fees will include those relevant to new registrations and renewal of domain names within the .app gTLD.

The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.


20. DISPUTE RESOLUTION

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.


21. Compliance with Consensus and Temporary Policies
The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.


22. DEFINITIONS

Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:
(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or
(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or
(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

Domain Name means a domain name registered directly under the .app gTLD or for which a request or application for registration has been filed with the Registry;

ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).

Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;

Registry means TRI Ventures Inc. (TRI Ventures);

Registry Agreement means the agreement between TRI Ventures and ICANN;

Registry Rules mean:
(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and
(ii) Registration policies provided and amended by the Registry from time to time.

Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.
gTLDFull Legal NameE-mail suffixDetail
.bridgestoneBridgestone Corporationbrights.jpView
We have engaged ARI Registry Services (ARI) to provide registry services for this TLD. ARI provide registry services for a number of TLDs including the .au ccTLD. For more background information on ARI please see the attachment ‘Q28 – ARI Background & Roles.pdf’.

We have engaged ARI Registry Services (ARI) to deliver registry services for this TLD. This response describes the efforts that will be undertaken in this TLD by the registry operator and ARI to minimize abusive registrations and other activities that have a negative impact on Internet users.

1 INTRODUCTION

Abuse minimization efforts are aimed at mitigating the negative effects of any abuse in the TLD, if any. This includes a discussion of the registry operator’s internal processes as well as aspects of the ARI Managed Registry Service as they relate to Abuse Prevention and Mitigation.
The TLD is intended to be operated as a “Single Registrant” TLD within the meaning of the Registry Agreement, Specification 9. All domain name registrations in the TLD are intended to be registered to and maintained by us in our capacity as the registry operator, for our own exclusive use.
For clarification and to reflect the unique roles of the stakeholders in our TLD, the following terms, where used in this response, have the following meaning:
“Registry operator” means the entity submitting an application to ICANN for the operation and management of a TLD. All references to “us”, “we” or “our” are to be taken as references to the registry operator.
“Affiliate” means, as defined in Clause 2.9(c) of the Registry Agreement, “a person or entity that, directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, the person or entity specified, and (ii) ‘control’ (including the terms ‘controlled by’ and ‘under common control with’) means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of a person or entity, whether through the ownership of securities, as trustee or executor, by serving as an employee or a member of a board of directors or equivalent governing body, by contract, by credit arrangement or otherwise.”
“Registrant” means the registry operator, as it is intended to be the only registrant of domain names in the TLD, within the meaning of Specification 9 of the Registry Agreement.
As the sole registrant in our TLD, efforts to minimise abusive registrations and other activities that have a negative impact on Internet users will be targeted at abusive behavior both by others and by ourselves. Efforts will focus on the registry operator’s internal processes, which are built on the control inherent in such an arrangement, that mitigate the potential for and identify abuse from within the registry operator’s organisation. Efforts will also focus on monitoring the use of domain names within the TLD once they are registered. ARI’s processes to identify and handle abuse are included as part of the Anti-Abuse service we will utilise. The Acceptable Registration and Use Policy, developed in consultation with ARI, clearly defines abusive behaviour, identifies particular types of abusive behaviour and the mitigation response that ARI will initiate when abusive behaviour is determined. ARI will, owing to their extensive industry experience and established Anti-Abuse operations, implement and manage on our behalf various procedures and measures adopted through this policy. This robust policy and procedure framework, which will be continually improved, updated and rigidly enforced, will preclude abusive registrations from being made.
Despite utilisation of the ARI anti-abuse service we are nonetheless cognisant of our responsibility to minimise abusive registrations, and other activities that have a negative impact on Internet users in our TLD. In recognition of this responsibility, we will play an instrumental role in overseeing the implementation of the anti-abuse service by ARI. As well as having contractual commitments in the form of SLA’s in place to ensure that ARI’s delivery of the anti-abuse service is aligned with our strong commitment to minimise abuse in our TLD.

Please note that the various policies and practices that we will implement to minimise abusive registrations and other activities that affect the rights of trademark holders, are specifically described in the response to Question 29.

2 ACCEPTABLE REGISTRATION AND USE POLICY

In consultation with ARI we have developed a comprehensive Acceptable Registration and Use Policy, which is a primary instrument in identifying and handling any abuse in our TLD. Because all domain names will be registered to and maintained by us in our capacity as the registry operator, the Acceptable Registration and Use Policy applies primarily to us. However, there also is possibility for outside actors to gain control of domain registrations and⁄or the content hosted at any domain, perhaps through breach of company policy, and⁄or through other illegal methods. Any breach of the Acceptable Registration and Use Policy may be considered a material breach of company policy, which may lead to termination of employment of any persons responsible for any breach.

2.1 Definition of Abuse
Defining abusive behaviour by reference to the stage in the domain name lifecycle in which the behaviour occurs presents difficulty because a particular type of abuse may occur at various stages of the life cycle.
With this in mind, we have fully adopted the definition of abuse developed by the Registration Abuse Policies Working Group (Registration Abuse Policies Working Group Final Report 2010, at http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), which does not focus on any particular stage in the domain name life cycle.
Abusive behaviour in a TLD may be defined as an action that:
– Causes actual and substantial harm, or is a material predicate of such harm; or
– Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.
In applying this definition the following must be noted:
(1) The party or parties harmed, and the severity and immediacy of the abuse, should be identified in relation to the specific alleged abuse.
(2) The term ʺharmʺ is not intended to shield a party from fair market competition.
(3) A predicate is a related action or enabler. There must be a clear link between the predicate and the abuse, and justification enough to address the abuse by addressing the predicate (enabling action).
For example, WhoIs data can be used in ways that cause harm to domain name registrants, intellectual property (IP) rights holders and Internet users. Harmful actions may include the generation of spam, the abuse of personal data, IP infringement, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences. Examples of predicates to these harmful actions are automated email harvesting, domain name registration by proxy⁄privacy services to aid wrongful activity, support of false or misleading registrant data, and the use of WhoIs data to develop large email lists for commercial purposes. The misuse of WhoIs data is therefore considered abusive because it is contrary to the intention and design of the stated legitimate purpose of WhoIs data.
It should be noted that this definition of abuse serves to inform us and clarify certain behaviours, specific to domain names that may cause harm. However malicious conduct of any kind relating to the use of IT resources, which includes the TLD, is strictly against company policy and does not rely on the wording contained herein. Put simply, an abusive or malicious act is against our organisation’s documented acceptable behaviour and will be dealt with technically within the registry and directly with any employee or affiliate found to be responsible for any breach of policy.

2.2 Aims and Overview of the Acceptable Registration and Use Policy
Our Acceptable Registration and Use Policy will put those registering and using domain names on notice of the ways in which abuse will be identified and responded to, and serve as a deterrent to those seeking to register and use domain names for abusive purposes.
Our policy:
– Defines abusive behaviour in our TLD.
– Identifies types of actions that constitute abusive behaviour consistent with our adoption of the RAPWG definition of “abuse”.
– Classifies abusive behaviours based on the severity and immediacy of the harm caused.
– Identifies how abusive behaviour can be notified to ARI and the steps that ARI will take to determine whether the notified behaviour is abusive.
– Identifies how use of registered domains will be monitored.
– Identifies the actions that may be taken in response to behaviour determined to be abusive.
The planned single registrant⁄single user model of this TLD will enable a close working relationship between registry operator and Registrar and full Registrar awareness of and compliance with our Acceptable Registration and Use Policy. This will be contractually enforceable through our RRA, which will oblige all Registrars to comply with the Acceptable Registration and Use Policy.

2.3 Acceptable Registration and Use Policy
Our Acceptable Registration and Use Policy is as follows:

Acceptable Registration and Use Policy

Introduction:
The abusive registration and use of domain names in the TLD is not tolerated given that the inherent nature of such abuses creates security and stability issues for all participants in the Internet environment, and thus could create negative association with our brand.

Definition of Abusive Behaviour:
Abusive behaviour is an action that:
– Causes actual and substantial harm, or is a material predicate of such harm; or
– Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of the mission⁄purpose of the TLD.
A ‘predicate’ is an action or enabler of a harm.
‘Material’ means that something is consequential or significant.

Examples of abusive behaviour falling within this definition:
– Spam: the use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks.
– Phishing: the use of a fraudulently presented web site to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.
– Pharming: the redirecting of unknowing users to fraudulent websites or services, typically through DNS hijacking or poisoning, in order to deceive Internet users into divulging sensitive information such as usernames, passwords or financial data.
– Wilful distribution of malware: the dissemination of software designed to infiltrate or cause damage to devices or to collect confidential data from users without the owner’s informed consent.
– Fast Flux hosting: the use of DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves in order to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast flux hosting may only be used with prior permission of the registry operator.
– Botnet command and control: the development and use of a command, agent, motor, service or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.
– Distribution of pornography: the storage, publication, display and⁄or dissemination of pornographic materials.
– Illegal access to other computers or networks: the illegal accessing of computers, accounts, or networks belonging to another party, or attempt to penetrate security measures of another individual’s system (hacking). Also, any activity that might be used as a precursor to an attempted system penetration.

Detection of Abusive Behaviour:
Although we do not anticipate abusive behaviour in the TLD, it may be detected in the following ways:
- By the department, within the registry operator, overseeing the .BRIDGESTONE TLD through ongoing monitoring of all domain name transactions.
- By ARI through their on-going monitoring activities and industry participation.
- By third parties (general public, law enforcement, government agencies, industry partners) through notification submitted to the abuse point of contact on our website or industry alerts.
Reports of abusive behaviour will be notified immediately to the Registrar of record.

Handling of Abusive Behaviour:
When ARI detects or receives notification of abusive behaviour by the registry operator or a third party, a preliminary assessment will be performed to determine whether the notification is legitimately made. Applying the definitions of types of abusive behaviours identified in this policy, ARI will classify each incidence of legitimately reported abuse into one of two categories based on the probable severity and immediacy of harm to registrants and Internet users. These categories are provided below and are defined by reference to the action that may be taken, by ARI. The examples of types of abusive behaviour falling within each category are illustrative only.

Category 1:
Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Prohibited Content
Mitigation steps:
1. Investigate
2. Notify registry operator
3. Take any appropriate action

Category 2:
Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting (unless pre-authorized by registry operator), Phishing, Malware, Illegal Access to other Computers or Networks, Pharming, Botnet command and control
Mitigation steps:
1. Suspend domain name
2. Notify registry operator
3. Investigate and consult with registry operator
3. Take any appropriate action directed by registry operator
In the event that ARI or registry operator receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, mitigation steps will be taken in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, ARI and registry operator will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime of which we have a duty to report, e.g., distribution of child pornography.
Note that these expected actions are intended to provide a guide to our response to abusive behaviour rather than any guarantee that a particular action will be taken.
The identification of abusive behaviour in the TLD, as defined above, shall give the registry operator and⁄or ARI the right, but not the obligation, to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, deemed necessary in either company’s discretion to:
1. Protect the integrity and stability of the registry.
2. Comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process.
3. Avoid any liability, civil or criminal, on the part of the registry operator and⁄or ARI, as well as their affiliates, subsidiaries, officers, directors, and employees.
4. Correct mistakes made by the registry operator or any Registrar in connection with a domain name registration.
We reserve the right to place upon Registry Lock, Hold or similar status a domain name during resolution of a dispute. We may amend or otherwise modify this policy to keep abreast of changes in consensus policy, industry best practices, and⁄or new and emerging types of abusive behaviour in the Internet.

3 ABUSE PREVENTION AND MITIGATION BY THE REGISTRY OPERATOR

This section of the response describes abuse related processes implemented by the registry operator regarding:
– Building awareness of the Acceptable Registration and Use Policy
– Mitigating the potential for abusive behaviour
– Identifying abusive behaviour
Due to the complete control of all registrations made in the TLD that is provided by an exemption to clause 1b of the Registry Operator Code of Conduct, these processes are anticipated to will form the bulk of our efforts to minimise abusive registrations, as they function to control the behaviour of those in a position to engage in such behaviour.

3.1 Awareness of the Acceptable Registration and Use Policy
As mentioned above, the Acceptable Registration and Use Policy will govern the manner in which domain names may be used. Efforts will be undertaken to ensure that all those registering and using .BRIDGESTONE domain names within the registry operator’s organisation are made aware of the Acceptable Registration and Use Policy. Awareness will be generated by requiring the relevant employees of the registry operator to review and understand the Acceptable Registration and Use Policy, the ramifications of breaching the policy, and the steps to be taken to minimize any negative effects of any abuse. These employees will be required to execute documentation which states that the employee has read, acknowledged and understood the policy. The Acceptable Registration and Use Policy will be published on the registry operator’s intranet and the abuse page of our registry website, which will be accessible and have clear links from the home page.
It is anticipated that these efforts will place all relevant employees and Affiliates on notice of the applicability of the Acceptable Registration and Use Policy to all .BRIDGESTONE domain names and furthermore emphasise and evidence our commitment to combating abusive registrations by clearly identifying what our policy on abuse is, and what effect our implementation of the policy may have on those registering and using domain names. We anticipate that the clear message, which communicates our commitment to combating abusive registrations, will serve to minimise abusive registrations in our TLD.

3.2 Pre-emptive – Mitigating the Potential for Abuse
The following practices and procedures will be adopted by the registry operator to mitigate the potential for abusive behaviour in the TLD.

3.2.1 Mitigating the Potential for Abusive Registrations that Affect the Legal Rights of Others
Many of the examples of abusive behaviour identified in our Acceptable Registration and Use Policy may affect the rights of trademark holders. While our Acceptable Registration and Use Policy addresses abusive behaviour in a general sense, we have additionally developed specific policies and procedures to combat behaviours that affect the rights of trademark holders at start-up and on an ongoing basis. These include the implementation of a trademark claims service and a sunrise registration service at start-up and implementation of the UDRP, URS and PDDRP on an ongoing basis. Additionally, our registration policy will involve internal procedures to identify and address potential conflicts with others’ trademarks before such names are registered. The implementation of these policies and procedures serves to mitigate the potential for abuse in the TLD by ensuring that domain names are allocated to those who hold a corresponding trademark. These policies and procedures are described in detail in our response to Question 29.

3.2.2 Increasing Security Awareness
In accordance with our commitment to operating a secure and reliable TLD, we will attempt to improve awareness amongst those registering and using domain names of the threats of domain name hijacking, registrant impersonation and fraud, and emphasise the need to keep registration information accurate. Awareness will be raised by:
– Publishing relevant information on our intranet in the form of videos, presentations and FAQ’s.
– Developing and providing to those registering and using domains in this TLD Best Common Practices that describe appropriate use and assignment of domain auth Info codes and risks of misuse.
The increase in awareness renders us, as the only eligible registrant in the TLD, less susceptible to attacks on our domain names owing to the adoption of the recommended best practices that mitigate the potential for abuse in the TLD.

3.2.3 Registry Operator’s Internal Processes that Mitigate the Potential for Abuse
Eligibility, naming and use restrictions will be imposed in this TLD as outlined in response to Question 18 and detailed elsewhere. These policies will be enforced through internal processes that require approvals within established reporting lines and the use of username and password to verify eligibility to register domain names.
This arrangement grants utmost control to the registry operator and facilitates the implementation of measures to minimise abuse by significantly decreasing the number of individuals capable of registering and using a domain name and thus having the potential to engage in abusive behaviour. This is in contrast to the inherent decrease in control associated with granting multiple and varied individuals the capability to register and use domain names as demonstrated by most existing TLDs. This arrangement precludes the abusive registration and use of .BRIDGESTONE domain names by unauthorised individuals not within the registry operator’s organisation whilst also providing no incentive for those within the registry operator’s organisation to engage in abusive behaviour given that registry operator’s brand is inherently intertwined with all uses of .BRIDGESTONE domain names. Nonetheless the registry operator’s internal processes regarding the registration and use of .BRIDGESTONE domain names are aimed at maintaining the integrity of this arrangement by ensuring that the registration and use of .BRIDGESTONE domain names is restricted to authorised individuals whose use complies with the Acceptable Registration and Use Policy. These internal processes which include safeguards against allowing for unqualified registration and use of .BRIDGESTONE domain names are described below.

The primary safeguard against allowing for registrations in violation of eligibility restrictions is the technical incapability of those not authorised by the registry operator to register domain names in the TLD. The registry operator will only authorise the department overseeing the .BRIDGESTONE TLD to be or designate who can be the Administrative Contact and the Technical Contact for all .BRIDGESTONE domain names. The registry operator will provide the contact details of the department overseeing the .BRIDGESTONE TLD and the department designated as Domain Administrator to the Registrar who will grant these individuals access to an authenticated web portal to register and manage domain names in the TLD. Individual credentials for accessing this portal will be provided to the management of the department overseeing the .BRIDGESTONE TLD and the management of the department designated as Domain Administrator by the Registrar via alternative sources. In the event that these credentials are compromised, direct communication with the account manager on the Registrar’s end is available. Various security measures will be implemented to ensure that only those personnel authorised to register and update domain names have access to the web portal. These measures are further described in our response to Question 30.
The registry operator will review the level of access that personnel have to the web portal, ensuring account permissions are relevant to the employee’s role as well as removing permissions of an employee promptly upon termination of employment. All domain name registrations will require the approval of the management of the department overseeing the .BRIDGESTONE TLD who will ensure that the department designated as Domain Administrator is authorised to create the domain name. In addition, the management of the department overseeing the .BRIDGESTONE TLD will perform a monthly audit of all domain name transactions to verify that they were authorised and that the use of the domain name complies with the Acceptable Registration and Use Policy.
This arrangement effectively mitigates the potential for abuse by restricting the capability to register domain names to a small number of trusted and authorised people, and establishing various controls to that effect.

3.2.4 Promoting WhoIs Accuracy
Inaccurate WhoIs information significantly hampers the ability to enforce policies in relation to abuse in the TLD by allowing the registrant to remain anonymous. In addition, LEA’s rely on the integrity and accuracy of WhoIs information in their investigative processes to identify and locate wrongdoers. Restricting the ability to register and use domain names to the department overseeing the .BRIDGESTONE TLD and the department designated as Domain Administrator means that a domain’s contacts are well known and accessible by clear and reliable contact details. There can only be two parties responsible for malicious breaches of policy or law, thus identifying them will require little effort from LEA and the ARI Anti-Abuse & Compliance Team. ARI will maintain correspondence with multiple points of contact within the registry operator’s organisation including but not limited to the department overseeing the .BRIDGESTONE TLD, the department designated as Domain Administrator and Legal Counsel in order to ensure that all relevant stakeholders are keep abreast of important issues as they occur. Published WhoIs information will reflect the current contact details for the registry operator.
In addition, the department overseeing the .BRIDGESTONE TLD will perform a monthly audit of all domain names registered in the TLD to ensure WhoIs information is complete and accurate.

3.2.5 Prompt Notification following Mitigation of Abuse
Our contractual arrangement with ARI dictates that in the unlikely event that a domain name is suspended or cancelled due to the implementation of the Acceptable Registration and Use Policy, ARI will promptly notify us. Both ARI and we will investigate and take appropriate responsive actions. We then may proactively amend internal processes to prevent such behaviour from re-occurring. We will continually focus effort to mitigate the potential for abuse by ensuring that we are responsive to internal breaches of the Acceptable Registration and Use Policy whilst simultaneously putting employees on notice of the ramifications of breach.

3.3 Identification of Abusive Behaviour
Although we do not anticipate the identification of abusive behavior, owing to our internal processes to mitigate the potential for abuse, we will rely on the monthly audit of all domain name transactions as well as notification of abuse to the department overseeing the .BRIDGESTONE TLD by third parties through alternate communication channels to identify abusive behaviour in our TLD. In the event that we or ARI discovers an unauthorised domain name transaction or other behaviour indicative of abuse, we will investigate, consult, and then take the appropriate mitigation response described below.

4 ABUSE PREVENTION AND MITIGATION BY ARI

This section of the response includes ARI’s description of the abuse related processes they will implement regarding:
– Mitigating the potential for abusive behaviour
– Identifying abusive behaviour
– Handling abusive behaviour
These processes form part of ARI’s standard anti-abuse service and are designed with a multi-registrant model in mind. We have elected to utilise ARI’s anti-abuse service to comply with the requirements of Question 28 and do not anticipate relying strongly on these processes owing to our effective internal abuse prevention and mitigation processes described above.

4.1 Pre-emptive – Mitigating the Potential for Abuse
The following practices and procedures will be adopted by ARI to mitigate the potential for abusive behaviour in our TLD.

4.1.1 Registry Lock
Certain mission-critical domain names such as transactional sites, email systems and site supporting applications may warrant a higher level of security. Whilst we will take efforts to promote the awareness of security amongst those authorised to register domain names, it is recognised that an added level of security may be provided by ‘registry locking’ the domain name and prohibiting updates thereby preventing unintentional transfer, modification or deletion of the domain name. This service mitigates the potential for abuse by prohibiting any unauthorised updates that may be associated with fraudulent behaviour. For example, an attacker may update nameservers of a mission critical domain name, thereby redirecting customers to an illegitimate website without actually transferring control of the domain name.
Upon receipt of a list of domain names to be placed on Registry Lock by an authorised representative of the registry operator, ARI will:
1. Verify the identity of the authorised representative.
2. Set or modify the status codes for the names submitted to serverUpdateProhibited, serverDeleteProhibited and⁄or serverTransferProhibited depending on the request.
3. Record the status of the domain name in the Shared Registration System (SRS).
4. Provide a monthly report to the registry operator indicating the names for which the Registry Lock service was provided in the previous month.

4.1.2 ICANN Prescribed Measures
In accordance with our obligations as a registry operator we will comply with all requirements in the Registry Agreement. In particular, we will comply with the following measures prescribed by ICANN which serve to mitigate the potential for abuse in the TLD:
– DNSSEC deployment, which reduces the opportunity for pharming and other man-in-the-middle attacks. We will encourage Registrars and Internet Service Providers to deploy DNSSEC capable resolvers in addition to encouraging DNS hosting providers to deploy DNSSEC in an easy to use manner in order to facilitate deployment by registrants. DNSSEC deployment is further discussed in the context of our response to Question 43.
– Prohibition on Wild Carding as required by section 2.2 of specification 6 of the Registry Agreement.
– Removal of Orphan Glue records (discussed below in section 4.1.3).

4.1.3 Orphan Glue Record Management
The ARI registry SRS database does not allow orphan records. Glue records are removed when the delegation point NS record is removed. Other domains that need the glue record for correct DNS operation may become unreachable or less reachable depending on their overall DNS service architecture. It is the registrant’s responsibility to ensure that their domain name does not rely on a glue record that has been removed and that it is delegated to a valid nameserver. The removal of glue records upon removal of the delegation point NS record mitigates the potential for use of orphan glue records in an abusive manner.

4.2 Reactive – Identification
The methods by which abusive behaviour in our TLD may be identified are described below. These include detection by ARI and notification from third parties. These methods serve to merely identify and not determine whether abuse actually exists. Upon identification of abuse the behaviour will be handled in accordance with section 4.3 – Abuse Handling.
Any abusive behaviour identified through one of the methods below will be notified immediately to relevant Registrars.

4.2.1 Detection – Analysis of Data
ARI will routinely analyse registry data in order to identify abusive domain names by searching for behaviours typically indicative of abuse. The following are examples of the data variables that will serve as indicators of a suspicious domain name and may trigger further action by the ARI Abuse and Compliance Team:
– Unusual Domain Name Registration Practices: practices such as registering hundreds of domains at a time, registering domains which are unusually long or complex or include an obvious series of numbers tied to a random word (abuse40, abuse50, abuse60) may when considered as a whole be indicative of abuse.
– Domains or IP addresses identified as members of a Fast Flux Service Network (FFSN): ARI uses the formula developed by the University of Mannheim and tested by participants of the Fast Flux PDP WG to determine members of this list. IP addresses appearing within identified FFSN domains, as either NS or A records shall be added to this list.
– An Unusual Number of Changes to the NS record: the use of fast-flux techniques to disguise the location of web sites or other Internet services, to avoid detection and mitigation efforts, or to host illegal activities is considered abusive in the TLD. Fast flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or nameserver resolves. As such an unusual number of changes to the NS record may be indicative of the use of fast-flux techniques given that there is little, if any, legitimate need to change the NS record for a domain name more than a few times a month.

4.2.2 Abuse Reported by Third Parties
Whilst ARI are confident in their abilities to detect abusive behaviour in the TLD owing to our robust ongoing monitoring activities, we recognise the value of notification from third parties to identify abuse. To this end, we will incorporate notifications from the following third parties in our efforts to identify abusive behaviour:
– Industry partners through ARI’s participation in industry forums which facilitate the sharing of information.
– Law enforcement agencies (LEA) through a single abuse point of contact (our Abuse page on the registry website, as discussed in detail in ‘4.3 Abuse Handling’) and an expedited process for LEA.
– Members of the general public through a single abuse point of contact (our Abuse page on the registry website).

4.2.2.1 Industry Participation and Information Sharing
ARI is a member of the Registry Internet Safety Group (RISG), whose mission is to facilitate data exchange and promulgate best practices to address internet identity theft, especially phishing and malware distribution. In addition, ARI coordinates with the Anti-Phishing Working Group (APWG) and other DNS abuse organisations and is subscribed to the NXdomain mailing list. ARI’s strong participation in the industry facilitates collaboration with relevant organisations on abuse related issues and ensures that ARI is responsive to new and emerging domain name abuses.
The information shared as a result of this industry participation will be used to identify domain names registered or used for abusive purposes. ARI will investigate domain names identified as potentially problematic, and take appropriate action. In addition, information shared regarding practices indicative of abuse will facilitate detection of abuse by our own monitoring activities.

4.2.2.2 Single Abuse Point of Contact on Website
In accordance with section 4.1 of specification 6 of the Registry Agreement, we will establish a single abuse point of contact (“SAPOC”) responsible for addressing and providing a timely response to abuse complaints concerning all names registered in the TLD. Complaints may be received from members of the general public, other registries, Registrars, LEA, government and quasi-governmental agencies and recognized members of the anti-abuse community.
The SAPOC’s accurate contact details (email and mailing address as well as a primary contact for handling inquiries related to abuse in our TLD) will be provided to ICANN and published on the Abuse page of our registry website, which will also include:
– All policies in relation to the TLD including the Acceptable Registration and Use Policy.
– Registrant Best Practices.
As such, the SAPOC may receive complaints regarding a range of matters including but not limited to violations of the Acceptable Registration and Use Policy.
The SAPOC will be the primary method by which ARI and the registry operator will receive notification of abusive behaviour from third parties. It must be emphasised that the SAPOC will be the initial point of contact following which other processes will be triggered depending on the identity of the reporting organisation. Accordingly, separate processes for identifying abuse exist for reports by LEA⁄government and quasi-governmental agencies and members of the general public. These processes will be described in turn below.

4.2.2.2.1 Notification by Agencies of Abuse
We recognise that LEA, governmental and quasi-governmental agencies may be privy to information beyond the reach of others which may prove critical in the identification of abusive behaviour in our TLD. As such, we will provide an expedited process which serves as a direct channel of communication with the registry operator for LEA, government and quasi-governmental agencies to, amongst other things, report illegal conduct in connection with the use of the TLD.
The process will involve prioritisation and prompt investigation of reports identifying abuse from those organisations. The steps in the expedited process are summarised as follows:
1. We will publish contact details on the Abuse page of the registry website for the SAPOC to be utilised by only those taking part in the expedited process;
2. All calls to this number will be responded to by the registry operator’s Legal Counsel within 24 hours and handled according to the process outlined in 4.3.4 below;
3. Should ARI be notified by LEA of abuse, ARI will request that the notifying agency contact directly the registry operator’s Legal Counsel. ARI will promptly notify the registry operator’s Legal Counsel of its having been contacted by LEA regarding abuse.

4.2.2.2.2 Notification by General Public of Abuse
Abusive behaviour in the TLD may also be identified by members of the general public including but not limited to other registries, Registrars or security researchers. The steps in this notification process are summarised as follows:
1. We will publish contact details on the Abuse page of the registry website for the SAPOC (note that these contact details are not the same as those provided for the expedited process).
2. All calls to this number will be responded to by the ARI Service Desk on a 24⁄7 basis. All calls will result in the generation of a ticket in ARI’s case management system (CMS).
3. The details of the report identifying abuse will be documented in the CMS ticket using a standard information gathering template.
4. Tickets will be forwarded to ARI’s Abuse and Compliance Team to be dealt with in accordance with section 4.3 – Abuse Handling.

4.2.2.2.3 Notification by the department overseeing the .BRIDGESTONE TLD
Notification by the department overseeing the .BRIDGESTONE TLD of abuse or potential abuse will serve as another method by which ARI identifies abuse in the TLD. In the event that the monthly audit of domain name transactions reveals an unauthorised domain name transaction or other behaviour indicative of abuse, the registry operator will notify ARI’s Service Desk. All such calls will result in the generation of a CMS ticket, which will be forwarded to ARI’s Abuse and Compliance team to be dealt with in accordance with section 4.3 – Abuse Handling, below.

4.3 Abuse Handling
Although we do not anticipate the occurrence of abusive behaviour in our TLD owing to the high degree of control inherent in restricting domain name registrations to authorised employees within our organisation, ARI has processes in place to handle abuse once identified. Upon being made aware of abuse in the TLD, whether by ongoing monitoring activities or notification from third parties, ARI’s Abuse and Compliance Team will perform the following functions.

4.3.1 Preliminary Assessment and Categorisation
Each report of purported abuse will undergo an initial preliminary assessment by ARI’s Abuse and Compliance Team to determine the legitimacy of the report. This step may involve simply visiting the offending website and is intended to weed out spurious reports. This will not at this stage involve the in-depth investigation needed to make a determination as to whether the reported behaviour is abusive.
Where the report is assessed as being legitimate, the type of activity reported will be classified as one of the types of abusive behaviour falling within the scope of the Acceptable Registration and Use Policy by the application of the definitions provided in that policy. In order to make this classification, ARI’s Abuse and Compliance Team must establish a clear link between the activity reported and the alleged type of abusive behaviour such that addressing the reported activity will address the abusive behaviour.
While we recognise that each incident of abuse represents a unique security threat and should be mitigated accordingly, we also recognise that prompt action justified by objective criteria are key to ensuring that mitigation efforts are effective. With this in mind, we have categorised the actions that ARI may take on our behalf in response to various types of abuse by reference to the severity and immediacy of harm. This categorisation will be applied to each validated report of abuse and actions will be taken in accordance with the table below. It must be emphasised that the actions to mitigate the identified type of abuse in the table are merely intended to provide a rough guideline and may vary upon further investigation.

Category 1:
Probable Severity or Immediacy of Harm: Low
Examples of types of abusive behaviour: Spam, Prohibited Content
Mitigation steps:
1. Investigate
2. Notify registry operator
3. Take any appropriate action directed by registry operator

Category 2:
Probable Severity or Immediacy of Harm: Medium to High
Examples of types of abusive behaviour: Fast Flux Hosting (unless previously authorized by registry operator), Malware, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control
Mitigation steps:
1. Suspend domain name
2. Notify registry operator
3. Investigate and consult with registry operator
4. Take any appropriate action directed by registry operator
In the event that ARI or registry operator receive specific instructions regarding a domain name from a law enforcement agency, government or quasi-governmental agency utilising the expedited process for such agencies, mitigation steps will be taken in accordance with those instructions provided that they do not result in the contravention of applicable law. In addition, ARI and registry operator will take all reasonable efforts to notify law enforcement agencies of abusive behaviour in our TLD which we believe may constitute evidence of a commission of a crime of which we have a duty to report, e.g., distribution of child pornography.
The mitigation steps for each category will now be described.

4.3.2 Investigation – Category 1
Types of abusive behaviour that fall into this category include those that represent a low severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in the dissemination of unsolicited information or the publication of illegitimate information. While undesirable, these activities do not generally present such an immediate threat as to justify suspension of the domain name in question. We will contact the department overseeing the .BRIDGESTONE TLD, the department designated as Domain Administrator and Legal Counsel of the registry operator’s organisation to instruct that the breach of the Acceptable Registration and Use Policy be rectified. If the investigation by ARI’s Abuse and Compliance Team reveals that the severity or immediacy of harm is greater than originally anticipated, the abusive behaviour will be escalated to Category 2 and mitigated in accordance with the applicable steps. These are described below. The assessment made and actions taken will be recorded against the relevant CMS ticket.

4.3.3 Suspension – Category 2
Types of abusive behaviour that fall into this category include those that represent a medium to high severity or immediacy of harm to registrants and Internet users. These generally include behaviours that result in intrusion into other computers’ networks and systems or financial gain by fraudulent means. Following notification of the existence of such behaviours, ARI’s Abuse and Compliance Team will suspend the domain name pending further investigation to determine whether the domain name should be restored or cancelled. Cancellation will result if upon further investigation the behaviour is determined to be one of the types of abuse defined in the Acceptable Registration and Use Policy. Restoration of the domain name will result where further investigation determines that abusive behaviour, as defined by the Acceptable Registration and Use Policy, does not exist. Due to the higher severity or immediacy of harm attributed to types of abusive behaviour in this category, ARI will, in accordance with their contractual commitment to us in the form of SLA’s, carry out the mitigation response within 24 hours by either restoring or cancelling the domain name. The assessment made and actions taken will be recorded against the relevant CMS ticket.
Phishing is considered to be a serious violation of the Acceptable Registration and Use Policy owing to its fraudulent exploitation of consumer vulnerabilities for the purposes of financial gain. Given the direct relationship between phishing uptime and extent of harm caused, we recognise the urgency required to execute processes that handle phish domain termination in a timely and cost effective manner. Accordingly, ARI’s Abuse and Compliance Team will prioritise all reports of phishing from brand owners, anti-phishing providers or otherwise and carry out the appropriate mitigation response within 12 hours in accordance with the SLA’s in place between us and ARI.

4.3.4 Executing Agency Instructions
We understand the importance of our role as a registry operator in addressing consumer vulnerabilities and we are cognisant of our obligations to assist law enforcement, government and quasi– governmental agencies in the execution of their responsibilities. As such, we will make all reasonable efforts to ensure the integration of these agencies into our processes for the identification and handling of abuse by, amongst other things:
1. Providing expedited channels of communication (discussed above).
2. Notifying LEA of abusive behaviour believed to constitute evidence of a commission of a crime of which we have a duty to report e.g. distribution of child pornography.
3. Sharing all available information upon request from LEA utilising the expedited process, including results of our investigation.
4. Acting on instructions by the agency.
It is anticipated that these actions will assist agencies in the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties. The relevant agencies are not limited to those enforcing criminal matters, but may also include those enforcing civil matters in order to eliminate consumer vulnerabilities.
Upon notification of abusive behaviour by LEA, government or quasi-governmental agencies through the expedited process described in 4.2.2.2.1 above, one of the following may occur:
1. The reported behaviour will be notified to ARI and subjected to a preliminary assessment and categorisation by ARI, as described in 4.3.1 above. The reported behaviour will then be mitigated based on the results of the categorisation. A report describing the manner in which the notification from the notifying agency was handled will be provided to us by ARI within 24 hours, for provision to the notifying agency by us. This report will also be recorded against the relevant CMS ticket.
OR
2. Where specific instructions are received from the notifying agency in a format acceptable, the registry operator and⁄or ARI will act in accordance with those instructions provided that they do not result in the contravention of applicable law. The registry operator and⁄or ARI will execute the instructions of the notifying agency within 12 hours. Following prompt execution of the request, a report will be provided to the agency in a timely manner.
Finally, whilst we do not anticipate the occurrence of a security situation owing to ARI’s robust systems and processes deployed to combat abuse, we are aware of the availability of the Expedited Registry Security Request Process to inform ICANN of a present or imminent security situation and to request a contractual waiver for actions we might take or have taken to mitigate or eliminate the security concern.

5 RESOURCING

The efforts to minimise abusive registrations and other activities that have a negative impact on Internet users in this TLD will be undertaken jointly by employees of the registry operator and ARI.

5.1 ARI
This function will be performed by ARI. Abuse services are supported by the following departments:

– Abuse and Compliance Team (6 staff)
– Development Team (11 staff)
– Service Desk (14 staff)

A detailed list of the departments, roles and responsibilities in ARI is provided as attachment ‘Q28 – ARI Background & Roles.pdf’. This attachment describes the functions of the above teams and the exact number and nature of staff within.
The number of resources required to design, build, operate and support the SRS does not vary significantly with, and is not linearly proportional to, the number or size of TLDs that ARI provides registry services to.
ARI provides registry backend services to 5 TLDs and has a wealth of experience in estimating the number of resources required to support a registry system.
Based on past experience ARI estimates that the existing staff is adequate to support a registry system that supports in excess of 50M domains. Since this TLD projects 300 domains, 0.0006% of these resources are allocated to this TLD. See attachment ‘Q28 – Registry Scale Estimates & Resource Allocation_bridgestone.xlsx’ for more information.
ARI protects against loss of critical staff by employing multiple people in each role. Staff members have a primary role plus a secondary role for protection against personnel absence. Additionally ARI can scale resources as required. Additional trained resources can be added to any of the above teams with a 2 month lead time.
ARI’s anti-abuse service serves to prevent and mitigate abusive behaviour in the TLD as well as activities that may infringe trademarks. These responsibilities will be undertaken by three teams. ARI’s Development Team will be responsible for developing the technical platforms and meeting technical requirements needed to implement the procedures and measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse. ARI’s Abuse and Compliance Team will be responsible for the ongoing implementation of measures to minimise abusive registrations and other activities that have a negative impact on Internet users. ARI’s Service Desk will be responsible for responding to reports of abuse received through the abuse point of contact on the registry’s website and logging these in a ticket in ARI’s case management system.
The responsibilities of these teams relevant to the initial implementation and ongoing maintenance for our measures to minimise abusive registrations and other activities that affect the rights of trademark holders are described in our response to Question 29 – Rights Protection Mechanisms.
All of the responsibilities undertaken by ARI’s Development Team, Abuse and Compliance Team, and Service Desk are inclusive in ARI’s Managed Registry Services fee, which is accounted for as an outsourcing cost and explained in our responses to Question 47. The resourcing needs of these teams have been determined by applying the conservative growth projections for our TLD (which are identified in our answer to Question 48) to the team’s responsibilities at start-up and on an ongoing basis.

5.1.1 ARI Development Team
All tools and systems needed to support the initial and ongoing implementation of measures adopted to mitigate the potential for abuse, identify abuse and handle identified abuse will be developed and maintained by ARI. ARI has a software development department dedicated to this purpose which will ensure that the tools are fit for purpose and adjusted as requirements change.
ARI’s Development Team participate actively in the industry; this facilitates collaboration with relevant organisations on abuse related issues and ensures that the ARI Development Team is responsive to new and emerging domain name abuses and the tools and systems required to be built to address these abuses. This team consists of:
– 1 Development Manager
– 2 Business Analysts
– 6 Developers
– 2 Quality Analysts

5.1.2 ARI Abuse and Compliance Team
ARI’s Abuse and Compliance Team will be staffed by four full-time equivalent Policy Compliance Officers. These roles will entail the following:
A principal responsibility of the Policy Compliance Officers will be handling notifications of abuse through the SAPOC. This will involve identifying and categorising suspected abuse according to our Acceptable Registration and Use Policy and carrying out the appropriate mitigation response for all categorised abuses. Policy Compliance Officers will also be responsible for analysing registry data in search of behaviours indicative of abuse and reviewing industry lists in search of data that may identify abuse in the TLD. Furthermore, Policy Compliance Officers will provide training to the department overseeing the .BRIDGESTONE TLD of the registry operator’s organisation regarding abuse prevention and mitigation in order to enable the department overseeing the .BRIDGESTONE TLD to competently manage the registration and use of domain names and conduct information sessions which highlight the application of the Acceptable Registration and Use Policy.
Policy Compliance Officers will act on the instructions of verified agencies or dispute resolution providers and participate in ICANN and industry groups involved in the promulgation of policies and best practices to address abusive behaviour. They will escalate complaints and issues to the registry operator’s Legal Counsel when necessary and communicate with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities. This role will be provided on a 24⁄7 basis, supported outside of ordinary business hours by ARI’s Service Desk.

Policy Compliance Officers will be required to have the following skills⁄qualifications: customer service⁄fault handling experience, comprehensive knowledge of abusive behaviour in a TLD and related policies, Internet industry knowledge, relevant post-secondary qualification, excellent communication and professional skills, accurate data entry skills, high-level problem solving skills, and high-level computer skills.

5.1.3 ARI Service Desk
ARI’s Service Desk will be staffed by 14 full-time equivalent positions. Responsibilities of Service Desk relevant to ARI’s Anti-Abuse Service include the following: responding to notifications of abuse through the abuse point of contact and expedited process for LEA, logging notifications as a ticket in ARI’s case management system, notifying us of a report received through the expedited process for LEA, government and quasi-governmental agencies, and forwarding tickets to ARI’s Abuse and Compliance team for resolution in accordance with the Acceptable Registration and Use Policy.

For more information on the skills and responsibilities of these roles, please see the in-depth resource section in answer to Question 31.

5.2 Registry Operator
The following is a description of the resources that are allocated to performing the tasks required by the registry operator. These tasks will be absorbed by the individuals currently performing the following roles within the registry operator’s organisation.

5.2.1 The department overseeing the .BRIDGESTONE TLD
In the context of operating this TLD the registry operator’s department overseeing the .BRIDGESTONE TLD will be responsible for managing the creation of all .BRIDGESTONE domain names. The department overseeing the .BRIDGESTONE TLD must pre-approve all requests to create and⁄or update domain names by the department designated as the Domain Administrator. In addition, the department overseeing the .BRIDGESTONE TLD will review ARI’s monthly audit of all domain name transactions to verify that they were authorised and that the use of the domain name complies with the Acceptable Registration and Use Policy. The department overseeing the .BRIDGESTONE TLD will review the level of access that personnel have to the web portal, ensuring account permissions are relevant to the employee’s role as well as removing permissions of an employee promptly upon termination of employment. Finally the department overseeing the .BRIDGESTONE TLD will ensure dissemination and acknowledgment of information intended to improve awareness amongst those registering domain names of the threat of domain name hijacking and fraud, as well as raising awareness of the Acceptable Registration and Use Policy.

5.2.2 The department designated as Domain Administrator
The registry operator’s department designated as Domain Administrator will be responsible for managing the registry operator’s domain name portfolio, which will involve creating, updating and maintaining all .BRIDGESTONE domain names in the name of and for the exclusive use of the registry operator.

5.2.3 Legal Counsel
The registry operator’s existing Legal Counsel will be responsible for responding to all reports and requests by LEA and managing the expedited process for those agencies and handling all escalated complaints and potential disputes arising in connection with the implementation of ARI’s anti-abuse service and related policies. This will involve assessing escalated complaints and issues, resolving disputes and liaising with all relevant stakeholders (Registrars, registrants, LEA, general public) as needed in fulfilling these responsibilities.
Based on the projections and the experience of ARI, the resources described here are more than sufficient to accommodate the needs of this TLD.