|
BestPrac.Org
Stop Spam : Best Practice in Email
Spam Prevention and Eradication
Principles of Best Practice -
Domain Name Registrars:
Summary
The overwhelming majority of spams are reliant on registered domain names as part of their operations. These domain names are commonly used either for sending spams from a hosting account, or for receiving responses to their spams via either email or, more commonly, links to a website.
Accordingly, Domain Name Registrars are in a prime position to stop spam or to enable spam. Prudent policies, diligently enforced by Domain Name Registrars can play a key role in stifling the activities of spammers.
|
| Ref # |
Principle or Proposed Principle
|
| DNR001 |
Domain Name Registrars should maintainan an adequately and competently staffed abuse desk on a 24 hour, 365 day per year basis. The contact details for the abuse desk should be readily and easily accessible on the website of the Domain Name Registrar, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| DNR002 |
Domain Name Registrars' Terms of Service / Acceptable Use Policies should include a clause which prohibits the use of a registered domain name in conjunction with unsolicited bulk/commercial emailing. "In conjunction with" should include but not be limited to:
- Sending unsolicited bulk/commercial emails
- Receiving replies from unsolicited bulk/commercial emails
- Promoting website URLs containing the registered domain (or it's IP address or other equivalent) within unsolicited bulk/commercial emails
|
| DNR003 |
In the event of a clear cut violation of Terms of Service / Acceptable Use Policy, the Domain Name Registrar should rescind the DNS pointers to the offending domain, and rescind the name registration, within two (2) hours of an evidenced-based abuse report being received.
In the event of a prima facie violation (such as where a domain is implicated, though the possibility that it has been maliciously implicated exists), appropriate investigations should be conducted, completed and acted upon within 24 hours. In the event that a violation is proven, the Domain Name Registrar should rescind the DNS pointers to the offending domain and rescind the name registration, immediately.
|
| DNR004 |
Domain Name Registrars should make all reasonable efforts to verify the legitimacy of the name of the Registrant, and all other registration and contact details, of all Domain Names about which an abuse report has been lodged. In the event of false or outdated information in a registration, and the Registrant is still contactable, the Registrant should be given no more than five (5) days to correct the details. If the Registration Details are not updated within that time, or if the Registrant is totally uncontactable, the Domain Name Registrar should rescind the DNS pointers to the offending domain and rescind the name registration, forthwith. |
| DNR005 |
Domain Name Registrars should maintain a Privacy Policy, published in a readily accessable and easily found location on their web site, guaranteeing that they will not sell, rent, exchange or otherwise trade their databases of registered domains, or any portion thereof, to any party for any reason (other than as an integral component of the sale of their business as a going concern). |
| DNR006 |
Domain Name Registrars should introduce such technology as appropriate to eliminate any possibility of their "WHOIS" database being crawled, trawled, spidered, data-mined or harvested by automated means, and shall place a realistic limitation on the number of manual queries which may be made by an individual user in a 24 hour period. |
| DNR007 |
Domain Name Registrars should refuse to register, or re-register, domains where the email addresses for domain contacts are free, web-based email accounts. |
| DNR008 |
|
| DNR009 |
|
| DNR010 |
|
| DNR011 |
|
| DNR012 |
|
|
|
|