Today The Public Interest Registry (“PIR”), the company which runs the .Org registry, announced a Domain “Anti-Abuse Policy”, effective 5 February 2009.
In announcing this policy PIR is taking a strong stand against what is defines as Domain Abuse and it gives itself the right to cancel, any .org, domain registration which is considered to be abusive.
From the announcement:
“”””Abusive use(s) of .ORG domain names should not be tolerated. The nature of such abuses creates security and stability issues for the registry, registrars and registrants, as well as for users of the Internet in general.
The PIR defines abusive use of a domain as the wrong or excessive use of power, position or ability, and includes, without limitation, the following:
· Illegal or fraudulent actions;
· Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;
· Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;
· Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning;
· Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the owner’s informed consent.
Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses;
· Fast flux hosting: Use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of PIR;
· Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or “zombies,” or to direct denial-of-service attacks (DDoS attacks);
· Distribution of child pornography; and
· Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual’s system (often known as “hacking”). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).
PIR reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of PIR, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by PIR or any Registrar in connection with a domain name registration.
PIR also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.”””
Let’s Hope this policy curbs abuses, but that the registry does not use this to cancel any “innocent” domains.
It always worries us, at least a little, when someone sets themselves up to be the complainant, judge and jury.
We are all against Spam, Phishing, Child Porn and the rest, yet one entity having the power to find a domain, determine it violates its policy and take the domain down, without any intervention or right to appeal, is a scary proposition.
We have not gone a day, in the last couple of years, without having one of our domains, or one of our e-mail addresses, used by spammers as a fake header, return e-mail address, removal link address or like purpose.
We are certainly not the only ones who are victimized by this practice.