Background and Scope
Public Interest Registry’s (“PIR”) nonprofit mission requires that we serve as an exemplary domain name registry and strive to be an industry thought leader. In accordance with that nonprofit mission, PIR has promulgated our Anti-Abuse Principles to build a cleaner, safer, more trusted .ORG namespace and to inform how we approach questions of abuse. These cornerstone principles include a commitment to due process, weighing the risk of collateral damage caused by our mitigation against the scale of harms potentially caused by the abuse, and transparency in how we conduct our anti-abuse efforts.
Those principles serve as the foundation for this Anti-Abuse Policy and guide our decisions in how this Policy is applied. These notions are also incorporated into the Framework to Address Abuse, which PIR co-authored.
This Policy is established for all TLDs for which PIR serves as the Registry Operator (collectively, the “PIR TLDs”). This Policy focuses on technical abuses of the Domain Name System (DNS) (“DNS Abuse”) but also includes limited instances of abuses related to website content (“Website Content Abuse”), consistent with our Anti-Abuse Principles.
Technical Abuses of the DNS
DNS Abuse causes security and stability issues for PIR, its registrars and registrants, as well as for users of the Internet as a whole. This Policy prohibits the following technical abuses in all PIR TLDs:
- Malware is malicious software, installed on a device without the user’s consent, which disrupts the device’s operations, gathers sensitive information, and/or gains access to private computer systems. Malware includes viruses, spyware, ransomware, and other unwanted software.
- Botnets are collections of Internet-connected computers that have been infected with malware and commanded to perform activities under the control of a remote administrator.
- Phishing occurs when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g., account numbers, login IDs, passwords), whether through fraudulent or ‘look-alike’ emails, or luring end users to copycat websites. Some phishing campaigns aim to persuade the user to install software, which is in fact malware.
- Spam is unsolicited bulk email, where the recipient has not granted permission for the message to be sent, and where the message was sent as part of a larger collection of messages, all having substantively identical content.
- Other technical abuses of the DNS that may reasonably be perceived to impact the stability or security of the DNS or the PIR TLDs (e.g., pharming, fast flux hosting, and illegal access to other computers or networks).
Limited Categories of Website Content Abuse
Using the DNS to address Website Content Abuse is typically a disproportionate remedy that could cause significant collateral damage. Unlike a hosting provider, PIR as a registry can’t remove individual pieces of content on a website. Instead, we can only suspend the entire domain name, which renders any and all postings, threads, third-level domains, email, and all other content associated with the website attendant to the domain inaccessible via the DNS. Accordingly, PIR typically requires and will abide by orders from courts of competent jurisdiction in order for us to suspend, delete, lock, or transfer a domain name for most matters regarding Website Content Abuse.
However, there are categories of Website Content Abuse where the scale of harms is so great that we elect to take action on a domain name even without a court order. These limited instances of Website Content Abuses violate this Anti-Abuse Policy and PIR may take action to address:
- Distribution of Child Sexual Abuse Materials (“CSAM”) and other sites dedicated to non-consensual sexual imagery;
- Sites dedicated to distribution of illegal opioids and narcotics;
- Sites dedicated to patently illegal or patently fraudulent activity;
- Credible and specific incitements to violence; and
- Credible threats to human health or safety.
Actions under this Policy
PIR reserves the right to take appropriate action for any domain it determines violates this Policy, including the right to deny, cancel, or transfer any registration or transaction, or place any domain name on registry lock, hold, or similar status, that it deems necessary in its discretion:
- That violates the terms of this Policy;
- To protect the integrity and stability of any PIR TLD;
- To comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;
- To avoid any liability, civil or criminal, on the part of PIR, its affiliates, subsidiaries, officers, directors, and employees;
- To comply with the terms of the registration agreement, Registry-Registrar Agreement, policies or requirements of the Internet Corporation for Assigned Names and Numbers (ICANN), or other PIR policies; or
- To correct mistakes made by PIR or any Registrar in connection with a domain name registration.
For most forms of abuse under this Policy, PIR will first notify the sponsoring registrar of the abuse, since the registrar maintains the direct relationship with the registrant. For example, registrars are in the best position to address compromised domains, where a domain is being used for abusive purposes unbeknownst to the underlying registrant. We may also contact law enforcement regarding domains that may be engaged in patently illegal activity, either from a DNS Abuse perspective (e.g., a DDOS attack) or due to a Website Content Abuse concern (e.g., specific and credible incitement to violence or distribution of CSAM online).
Due Process and Transparency
Our Anti-Abuse Principles state unequivocally that due process must be observed in each decision, which includes having a publicly available appeal process. Registrants in all PIR TLDs have the right to appeal any decision taken to mitigate abuse under this Policy. This right includes both an informal review by PIR of its decision as well as the right to appeal to a neutral third party. Information regarding that process is available at www.thenew.org/abuse.
Our principles also require us to act transparently with regards to Abuse. Accordingly, we will publish metrics on our actions taken under this Policy, including actions taken pursuant to requests from law enforcement and court orders at www.pir.org/transparency. These metrics will be updated regularly.