.ORG, The Public Interest Registry

2 Proprietary & Confidential What is Domain Security? Domain security is: 1) Responsibility. Any TLD should have a response capability to defend itself against attacks on the TLD infrastructure or wide-scale abuse of its domains. 2) A commitment and service to the registrant and user community

3 Proprietary & Confidential The.ORG Abuse Policy GOALS »Phishing: Reduce average up-time of phish in.ORG. –Reduce maliciously registered domains. –Reduce total number of phish live in the.ORG zone »Fast-flux: Keep the.ORG zone free of fast-flux domains »Child Pornography: Eliminate all.ORG domains hosting child pornography »Spam: Prevent spam levels from increasing. Spam to be measured by number of.ORG domains on standard blacklists »Malware: difficult to quantify; Biggest wins come in taking down malicious domains that are distributing malware (as opposed to domains that are compromised/infected); Protect innocent registrants.

4 Proprietary & Confidential Pursuant to Section of the RRA, PIR reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;

5 Proprietary & Confidential Defining Abuse Illegal or fraudulent actions Spam Phishing Pharming Willful distribution of malware Fast flux hosting Botnet command and control Distribution of child pornography Illegal Access to Other Computers or Networks

6 Proprietary & Confidential How does.ORG make sure innocent registrants are protected? »Each suspected abusive domain is closely examined and all abuse will be double verified to ensure as close to 100% accuracy as possible. »First attempt to notify Registrar and provide reasonable time to remedy. »If it appears a website has been “hacked or compromised” and an innocent registrant’s domain is being abused, PIR will take steps to help and prevent further harm to the innocent victim and never suspend the site at Regsitry level. »Child Porn verified by Law Enforcement & NCMEC (under 14 years old known victims) »Audit of.Org abuse policy by 3 rd party to ensure compliance.

7 Proprietary & Confidential Does this policy prevent brand abuse? »This policy is not a replacement for the UDRP. UDRP »This policy is aimed at criminal activity, and is not a substitute for the current, effective policies and legal recourses that registrants may use to settle intellectual property disputes involving domain names.

8 Proprietary & Confidential What about a mistake? »All domains suspected of abuse on hold and not immediately deleted them. »In the extremely rare case that an innocent domain is suspended, it can quickly be restored.

9 Proprietary & Confidential

10 Proprietary & Confidential Success! »Spam: On a typical day, less than 100.ORG domains out of 7.5 million+ are involved in spamming NOTE:.ORG is an open global gTLD (no residency requirements and subject to ICANN’s open equal access Registrar policy »Since February we have been blocking about 55 Conficker domains a day. For 2009, that will be about 18,000 domains. »Since July over 3,100 abusive domains successfully addressed

11 Proprietary & Confidential Adam Palmer, Law & Policy Counsel The Public Interest Registry 1775 Wiehle Avenue, Suite 200 Reston, VA USA