|
Summary
The overwhelming majority of spams are
reliant on registered domain names as part of their operations. These
domain names are commonly used either for sending spams from a hosting
account, or for receiving responses to their spams via either email or,
more commonly, links to a website.
Accordingly, Domain Name Registrars are in a
prime position to stop spam or to enable spam. Prudent policies,
diligently enforced by Domain Name Registrars can play a key role in
stifling the activities of spammers.
|
| Ref # |
Principle or Proposed Principle
|
| DNR001 |
Domain Name Registrars should maintainan an
adequately and competently staffed abuse desk on a 24 hour, 365 day per
year basis. The contact details for the abuse desk should be readily
and easily accessible on the website of the Domain Name Registrar, and
also listed with the Network Abuse Clearinghouse at http://abuse.net |
| DNR002 |
Domain Name Registrars' Terms of Service /
Acceptable Use Policies should include a clause which prohibits the use
of a registered domain name in conjunction with unsolicited
bulk/commercial emailing. "In conjunction with" should include but not
be limited to:
- Sending unsolicited bulk/commercial
emails
- Receiving replies from unsolicited
bulk/commercial emails
- Promoting website URLs containing the
registered domain (or it's IP address or other equivalent) within
unsolicited bulk/commercial emails
|
| DNR003 |
In the event of a clear cut violation of
Terms of Service / Acceptable Use Policy, the Domain Name Registrar
should rescind the DNS pointers to the offending domain, and rescind
the name registration, within two (2) hours of an evidenced-based abuse
report being received. In the event of a prima facie violation (such as
where a domain is implicated, though the possibility that it has been
maliciously implicated exists), appropriate investigations should be
conducted, completed and acted upon within 24 hours. In the event that
a violation is proven, the Domain Name Registrar should rescind the DNS
pointers to the offending domain and rescind the name registration,
immediately. |
| DNR004 |
Domain Name Registrars should make all
reasonable efforts to verify the legitimacy of the name of the
Registrant, and all other registration and contact details, of all
Domain Names about which an abuse report has been lodged. In the event
of false or outdated information in a registration, and the Registrant
is still contactable, the Registrant should be given no more than five
(5) days to correct the details. If the Registration Details are not
updated within that time, or if the Registrant is totally
uncontactable, the Domain Name Registrar should rescind the DNS
pointers to the offending domain and rescind the name registration,
forthwith. |
| DNR005 |
Domain Name Registrars should maintain a
Privacy Policy, published in a readily accessable and easily found
location on their web site, guaranteeing that they will not sell, rent,
exchange or otherwise trade their databases of registered domains, or
any portion thereof, to any party for any reason (other than as an
integral component of the sale of their business as a going concern). |
| DNR006 |
Domain Name Registrars should introduce
such technology as appropriate to eliminate any possibility of their
"WHOIS" database being crawled, trawled, spidered, data-mined or
harvested by automated means, and shall place a realistic limitation on
the number of manual queries which may be made by an individual user in
a 24 hour period. |
| DNR007 |
Domain Name Registrars should refuse to
register, or re-register, domains where the email addresses for domain
contacts are free, web-based email accounts. |
| DNR008 |
|
| DNR009 |
|
| DNR010 |
|
| DNR011 |
|
| DNR012 |
|
|
