Upload File

dna healthy practices outline (clean)

21
DNA HEALTHY DOMAINS INITIATIVE REGISTRY / REGISTRAR HEALTHY PRACTICES I. Introduction and Context Introduction This document is part of the Domain Name Association’s (DNA) Healthy Domains Initiative (HDI), which has the following objectives: Establish a network of industry partners that communicate and collaborate with one another to support a healthy domain name ecosystem. Identify and/or develop industry-accepted healthy practices and specific programs that provide tangible ways of promoting standards for healthy domains. Demonstrate to the community our desire to implement best practices and otherwise fulfill our stewardship obligations Purpose of this Healthy Practices Document The purpose of this document is to present a set of prioritized healthy practices and programs for the domain name community that would result in: Presentation of a more vibrant namespace to end-users Identification of additional voluntary steps to address abuse and illegal activity The document is meant to be collaborative among all interested parties. It is anticipated that this set of draft principles and operational programs will continually evolve. This document is not meant to create new requirements for registries and registrars; it is a representation of existing and proposed practices that, voluntarily adopted, can further the healthy development of the domain name system.

Upload: others

Post on 10-Nov-2021

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: DNA Healthy Practices Outline (Clean)

DNAHEALTHYDOMAINSINITIATIVE

REGISTRY/REGISTRARHEALTHYPRACTICESI.IntroductionandContextIntroduction

ThisdocumentispartoftheDomainNameAssociation’s(DNA)HealthyDomainsInitiative(HDI),whichhasthefollowingobjectives:

● Establishanetworkofindustrypartnersthatcommunicateandcollaboratewithoneanothertosupportahealthydomainnameecosystem.

● Identifyand/ordevelopindustry-acceptedhealthypracticesandspecificprogramsthatprovidetangiblewaysofpromotingstandardsforhealthydomains.

● Demonstratetothecommunityourdesiretoimplementbestpracticesandotherwisefulfillourstewardshipobligations

PurposeofthisHealthyPracticesDocumentThepurposeofthisdocumentistopresentasetofprioritizedhealthypracticesandprogramsforthedomainnamecommunitythatwouldresultin:

● Presentationofamorevibrantnamespacetoend-users● Identificationofadditionalvoluntarystepstoaddressabuseandillegalactivity

Thedocumentismeanttobecollaborativeamongallinterestedparties.Itisanticipatedthatthissetofdraftprinciplesandoperationalprogramswillcontinuallyevolve.

Thisdocumentisnotmeanttocreatenewrequirementsforregistriesandregistrars;itisarepresentationofexistingandproposedpracticesthat,voluntarilyadopted,canfurtherthehealthydevelopmentofthedomainnamesystem.

Page 2: DNA Healthy Practices Outline (Clean)

Context:EvolutionofHealthyDomainsInitiative

TheHealthyDomainsInitiativeisaprojectundertheDNA’sumbrella.TheDNAassumedmanagementoftheconceptin2015andestablishedacommitteedevotedtoHDI.

Astheconcepttookshape,theHDIcommitteeentertainedideasforregistryandregistraroperationsthat,ifimplemented,wouldhelptoaddressvariouschallengesinthedomainnamesystem.Suchideaswerepresentedanddiscussedbymultiplepartiesinthegreatercommunityattheinitiative’sfirstHDIsummit,heldinSeattleinFebruary2016.TheSeattlemeetingfurtherbuiltouttheseambitiousideas.

DuringtheICANNmeetinginMarrakechinMarch2016,partiesinterestedinHDImettofurtherreviewanddiscusstheseideas.ItwasagreedinthatmeetingthatthenextbestoutputfortheHDIeffortwastoputforthasetofoperationalprinciplestowhichcontractedpartiescouldreasonablyadhere.HDIleadersthusfocusedonsuchadocumentasthefirstdeliverableintheHDIeffort.

Next,togetasenseofwhatalreadywasinplaceinthemarket,andtomeasureprioritiesforpotentialpractices,theDNAconductedasurveyofmembers—theresultsofthesurveyidentifiedareaswherecontractedpartiesalreadyhadputstrongoperationalpracticesintoplace,andwheretherewasroomforadditionalexpansion.Theresultsofthatsurveyarebelowinthispaper,embodiedasaprioritizedlistofaspirationalpractices.

AfterconferringontheseproposalsduringtheICANNmeetinginHelsinkiinJune2016,theHDIcommitteeidentifiedseveralthatshouldbeprioritized,developedandimplemented.Theseare:

1. Addressingonlinesecurityabuse(e.g.,malware,phishing,pharming)2. Enhancingchildabusemitigationsystems3. Complainthandlingfromillegalor“rogue”onlinepharmacies4. Voluntarythirdpartyhandlingofcopyrightinfringement

Eachoftheseareasisnowheadedby1-2HDIcommitteevolunteers,whowilldirectsubteamsindevelopingimplementationplansforeach.

Baseline:IndustryRespondentsDetailCurrentHealthyPractices

TheDNAsurveyeditsmembershiponwhat,ifany,healthypracticesalreadyareemployedbycontractedparties,andfurther,regardingtheappealofproposednewpractices.

Animpressive78%ofrespondentssaidthattheircompaniesalreadyemployedhealthypracticesoutsidethescopeoftheircontractswithICANN.

89%ofrespondentssaidtheyintendtoexpandthislisttoincludeadditionalpractices.Theconclusionofthesurvey,agreedtobymostinvolvedinHDI,isthatthereexistsanopportunitytoexpandpracticeideas,andcontractedpartiesarereceptivetodoingso.

Page 3: DNA Healthy Practices Outline (Clean)

II.HealthyPracticePriorityAreas

A. Addressingonlinesecurityabuse(e.g.,malware,phishing,pharming)Forafullreviewofproposedhealthypracticesaddressingthisarea,pleaseseethesub-team’sdetaileddocumentinAppendixA.OverviewTheobjectiveofthiseffortistofurtherreducesecurityabuseintheDNS.TacticsandgoalsThiseffortwillconsolidaterecommendedpracticesforregistriesandregistrarsrespondingtosecurityabusesidentifiedintheirTLDsdescribedinpastworkbygroupsinthesecurityspace.Inidentifyingrecommendedpractices,weconsultedpastpracticesrecommendationsdevelopedbytheSecurityandStabilityAdvisoryCommittee(SSAC);Anti-PhishingWorkingGroup(APWG);StopBadware;theMessaging,Malware,andMobileAnti-AbuseWorkingGroup(M3AAWG)astheyappliedtotheregistryandregistrarcontext.Ourgoalsinthisareaarethreefold:

● Tooutlinesomeofthechallengesandconsiderationsaffectinghowregistriesandregistrarsrespondtoidentifiedsecuritythreats;

● Toidentifyofpracticesforregistriesandregistrarstoimproveresponsestosecuritythreatsthroughindividualpractice,collectiveaction,andinformationsharing;and

● Toidentifyameansforregistriesandregistrarstostrengthentheirrelationshipswithkeygroupsinthesecurityspacetoimproveandevolvesecurity-relatedabusehandling.

Relevantprinciples

Principle1: Focusactionondomainsthatareprimarilymalicious. Principle2: Considertheimpactofmitigationmechanisms,particularlyonthirdparties,

andwhetheranotherproviderisabletomitigatetheabusethroughnarrower,lessdisruptivemeans.

RecommendedpracticesThissub-grouphasidentifiedatotalof20practicesforregistrarsandregistriestoemployasmeansforcombatingDNSabuse.Thespecificrecommendationsareconsolidatedaroundfourcoreareaswhereregistriesandregistrarscanexercisestrongsecuritypractices:

● Measurestoimprovecredentialmanagementontheirplatformsandminimizetherisksassociatedwithcompromiseddomains;

● Measurestodetectandmitigatepossibleabuseatthepointofregistration;● Measurestoidentifyandmitigatepotentialabuseonanongoingbasis;and● Measuresforreceivingandhandlingabusereports.

Wedonotintendtoproposeaone-size-fits-allmodelforsecurityabusehandling.Theidealpackageofsecurityimprovementsmaydependonregistrar’scustomerbaseandbusinessmodel.SpecificconsiderationsandrecommendationsforeachofthesefourareasareidentifiedinAppendixA.

Page 4: DNA Healthy Practices Outline (Clean)

B. EnhancingchildabusemitigationsystemsForafullreviewofproposedhealthypracticesaddressingthisarea,pleaseseethesub-team’sdetaileddocumentinAppendixB.OverviewTheobjectiveofthispracticeistofurtherexpandexisting—butnotyetuniversal—methodsforaddressingimagesandcontentrelatedtochildabuse,aswellasprovidingeducationandresourcesforregistriesandregistrarstocombatchildabuse.TacticsandgoalsTheprimaryrecommendedpracticesherearetwofold:

● Establishasystemforimageryhandlingo Participatingregistryoperatorsandregistrarsrequireintheirregistry

–registraragreements/registrantagreementatermthatprohibitschildabusecontentandpermitstheregistryoperator/registrartosuspendordeletedomainnamesthatviolatethisterm.

o Eachalsomayestablishaninternalpolicy/protocoladvisingstafftoforwardtheURL/domainname/websiteinquestiontotheorganization’sLegalorComplianceDepartment.

o Thenextstepisanexpeditiousreportofthesituationtoachildprotectionhotline.

● Establishatrustednotifiersystem

o “Trustednotifier”isapartythatispre-vetted(e.g.,NCMEC,IWF,INHOPE)andrecognizedbythecontractedpartyascapableofprovidingtherelevantandcompleteevidenceneededtotakeactionagainsttheregistrant.

o Provideformsofagreementsbetweenregistries/registrarsandtheseorganizations.

AspirationalpracticesDependingontheservicesprovided,contractedpartiesmayalsowishtoconsideradoptionofservicesandtechnologiesavailablethroughoutsidechildprotectionexpertorganizations.Theseinclude:● NCMEC’sURLInitiativeandPhotoDNAandHashValueSharingprograms● IWF’sImageHashTagList

C. Complainthandlingfor“rogue”onlinepharmacies

Forafullreviewofproposedhealthypracticesaddressingthisroguepharma,pleaseseethesub-team’sdetaileddocumentinAppendixC,aswellasNABP’sdiagramproposalforaqualifiedcomplainthandlingsystem.OverviewTheobjectiveofthispracticeistofurtheraddress“rogue,”orillegalonlinepharmacies.TacticsandgoalsTheproposedmethodsforthissectionofHDI’shealthypracticesproposalinvolvesbothinternalandexternalstepsthatregistriesandregistrarsmayvoluntarilyemploytoidentifyandsafelyremovethesethreatstopublichealth:

Page 5: DNA Healthy Practices Outline (Clean)

● Internalpracticesbycontractedparties:o Partnerwithandsupporttheworkoforganizationsdedicatedto

combatingtheproblem(NABP,CSIP,ASOP).o Notifyrelevantorganizationswhentheregistry/registrarbecomes

awareofpotentialillegalpharmacies.o Takeactiononconfirmedillegalpharmacysitesinaccordancewith

internalprocesses.

● Establishatrustednotifierandthird-partyvalidationsystemo “Trustednotifier”isapartythatispre-vettedandrecognizedbythe

contractedpartyascapableofprovidingtherelevantandcompleteevidenceneededtotakeactionagainsttheregistrant.

o “Validator”isapartythatthecontractedpartydeemscapableofdeterminingthatanonlinedrugsellerisproperlylicensed,reputableandsafe.

o Provideformsofagreementsbetweenregistries/registrarsandtheseorganizations.

TheDNA’sroleistopromotetheuseofsoundinternalpracticesandrelevantpartnershipstohelpmitigatetheproblemofillegalinternetpharmacies.

D. Voluntarythirdpartyhandlingofcopyrightinfringementcases(PIRproposal)Forafullreviewoftheproposedprocesstobeemployedvoluntarilyinaddressingcopyrightinfringement,pleaseseethesub-team’sdetaileddocumentinAppendixD.OverviewTheobjectiveofthispracticeistoprovideavoluntarymechanismtohelpmitigatecopyrightinfringementintheDNS,byamethodsimilartothoseemployedbytrademarkownerstoprotecttheirinterests.TacticsandgoalsTheproposaladvancedhereistoconstructavoluntaryframeworkforcopyrightinfringementdisputes,socopyrightholderscoulduseamoreefficientandcost-effectivesystemforclearcasesofcopyrightabuseotherthangoingtocourtandregistriesandregistrarsarenotforcedtoactas“judges”and“jurors”oncopyrightcomplaints.

• FrameworkisRegistryspecific—eachregistrydecideswhethertoparticipate.Participatingregistries:

o adoptpolicyrequiringregistrantstosubmittoADRproceeding.;ando agreetotakeallstepsnecessarytoimplementPanel’sdecision,i.e.

cancellationofregistrationortransfertoComplainant● Doesnotprecludelitigation.● Remedieslimitedto:

o Cancellationofdomainname,oro Transferofregistrationtocomplainanto Nomonetarydamages

● Legalconstructmustbesoundo Accuratelyreflectapplicablelawo Toextentcopyrightlawsmateriallyvaryamongjurisdictions,consider

creatingmorethanonecustomframeworko Ensuredueprocessforrespondentso Complainantpayspanelfeeso Registries/registrarscannotbenamedasparties

Page 6: DNA Healthy Practices Outline (Clean)

III.NextStepsInordertomakemeasurableprogresstowardtheaboveprioritizedpracticesandthereforevalidateandclaimongoingsuccesswiththeprogram,theDNAmustnowmoveintoimplementationmode.Thisincludesthefollowingsteps:

1. MeetmonthlyasanHDIcommitteetocontinueprogresstowardimplementationofprioritizedpractices.

2. SetinterimprogressreporttofullDNAorganizationbetweenHyderabadandCopenhagen3. PrepareshortPRcampaigntoalertindustrytoDNAefforts.

Page 7: DNA Healthy Practices Outline (Clean)

AppendixA:SecurityThreatMitigationProposal

PurposeThepurposeofthisdocumentistoconsolidaterecommendedpracticesforregistriesandregistrarsrespondingtosecurityabusesidentifiedintheirTLDsdescribedinpastworkbygroupsinthesecurityspace.Inidentifyingrecommendedpractices,weconsultedpastbestpracticesrecommendationsdevelopedbytheSecurityandStabilityAdvisoryCommittee(SSAC);Anti-PhishingWorkingGroup(APWG);StopBadware;andtheMessaging,Malware,andMobileAnti-AbuseWorkingGroupastheyappliedtotheregistryandregistrarcontext.Ourgoalsinthisareaarethreefold:

● Tooutlinesomeofthechallengesandconsiderationsaffectinghowregistriesandregistrarsrespondtoidentifiedsecuritythreats;

● Toidentifyofpracticesforregistriesandregistrarstoimproveresponsestosecuritythreatsthroughindividualpractice,collectiveaction,andinformationsharing;and

● Toidentifyameansforregistriesandregistrarstostrengthentheirrelationshipswithkeygroupsinthesecurityspacetoimproveandevolvesecurity-relatedabusehandling.

ConsiderationsSeveralconsiderationscomplicateregistriesandregistrars’effortstoeffectivelydealwithonlinesecurityabuse.Abusecomplaintsmayinvokedistributedactorsandcomplexchainsofresponsibility.Variousactorsincludingregistries,registrars,resellers,hostingproviders,eachhavedistinctresponsibilitieswithrespecttoadomainnameorwebsiteanddifferentinformationandtoolstoassistinmitigatingaparticularabuse.Thelackofuniformreportingandresponsepracticesacrosstheseprovidersmaythwartthecommunicationandcollaborationnecessarytoeffectivelyaddressaparticularabuse.Further,giventhisdistributionofserviceprovidersassociatedwithasingledomainnameorwebsite,aparticularprovidermaylackacontractualrelationshipand/orhistoryofcommunicationwiththeregistrantorsiteowner,limitingtheirabilitytoworkdirectlywiththeregistrantorsiteownertomitigatetheabuse.Additionallegalconsiderationsalsoinformregistriesandregistrars’abilitytorespondtoabuse,theseconsiderationscanrangefromconcernsaroundwhetheraparticularactioncouldnegativelyimpactfreespeechorraiseprivacyconcerns,tojurisdictionalissues,wheremultipleserviceprovidersinvolvedaresubjecttodifferentlegalframeworkswithdifferentrequirementsandlimitationsaffectinghowtheytakeactiononanidentifiedabuse.Lastly,accountabilityconsiderationsalsofactorsignificantlyintoregistriesandregistrars’practicesforhandlingidentifiedsecurityabuse.Mostnotably,thequestionofwhethertheregistrantisdirectlyresponsiblefortheabuseinquestionshouldinfluencewhatactionsaregistryorregistrartakeswhenapotentialsecurityabuseisidentified.Domainnamesthatappeartobecompromisedmayrequireadifferentsetofresponses,giventhatregistrantsonthewholearegenerallyuneducatedaboutsecuritythreatswithoutsupportfromtheirproviders.Theseconsiderationshavebeentakentoaccountintheprinciplesandrecommendationsoutlinedbelow.However,theymayaccountforadditionaldifferencesinhowparticularregistriesorregistrarsaddressabusecomplaints,orinhowparticularcomplaintsaredealtwithonacase-by-casebasis.

Page 8: DNA Healthy Practices Outline (Clean)

PrinciplesPrinciple1:Focusactionondomainsthatareprimarilymalicious. Registriesandregistrarsshouldfocusondomainnamesthatareprimarilymalicious.Domainsthatarecompromisedorwhereotherpartsofthedomainservealegitimatepurposeshouldgenerallybereferredtotheirhostingproviders,whichpossesstoolstoaddressabuseinamoretargetedfashionbytakingactionagainstspecificabusivecontentversustakingactionatthedomainlevel. Principle2:Considertheimpactofmitigationmechanisms,particularlyonthirdparties,andwhetheranotherproviderisabletomitigatetheabusethroughnarrower,lessdisruptivemeans. Considerationsthataregistryorregistrarcouldweighwhenassessingwhethertheyareappropriatelysituatedtomitigatetheidentifiedabuseinclude:

● Whethertherelevantinfrastructureisunderitsdirectcontrol;● Thenumberofdownstreamprovidersthatwouldbeaffected;● Applicationsorlegitimatecontentthatcouldbeaffectedbymitigatingtheabusedirectly;● Whethermechanismsexisttotemporarilymitigatetheabuse,andanypotential

consequencesoftemporarymitigation;● Whetherdownstreamprovidershavebeencontactedalreadyandwhethertheyhavebeen

responsivewhencontacted;and● Whethertheproviderinquestionpossessesadirectcontractualrelationshipwiththe

registrant.Registriesandregistrarsmayconsiderwhethertherearedownstreamproviderswithcloserrelationshipstotheregistrantandthecontentinquestion(e.g.contractualrelationshipsormoretargetedtoolstotargettheabuse).Ifso,itmaybemoreappropriatetoreferthecomplainttoadownstreamprovider.Ifdownstreamprovidershavealreadybeenengaged,anyactionstakensofarshouldbetakenintoaccountindetermininganyfutureresponse.

RecommendedPracticesThefollowingrecommendationsofferwaysforregistriesandregistrarstoimprovetheirsecurityofferings.Wedonotexpectthatregistriesorregistrarswillimplementallofthemechanismsdescribedbelow;rather,thattherecommendedpracticeswillprovideaframeworktoreviewcurrentpracticesagainstandidentifypotentialimprovements.Webreakoutrecommendedpracticesintofourcategoriesbaseduponthephaseoftheregistrationorabuseresponseinwhichtheyoccur:

● Measurestoimprovecredentialmanagementandminimizetheriskassociatedwithcompromiseddomains;

● Measurestodetectandmitigatepossibleabusesatthepointofregistration;● Measurestoidentifyandmitigatepotentialabuseonanongoingbasis;and● Measuresforreceivingandhandlingabusereports.

Implementationofeachofthefollowingmechanismscanoccurinamannerthattakesintoaccounttheconsiderationsoutlinedabove.

Page 9: DNA Healthy Practices Outline (Clean)

Additionally,theidealpackageofsecurityimprovementsmaybeaffectedbyaregistrar’scustomerbaseandbusinessmodel.Bywayofexample,acorporateregistrarthatmanageshigh-valueandhighly-traffickeddomainnamesmaybenefitfromimplementingheightenedopt-insecurityfeaturestoenableregistrantstotakeadditionalstepstoprotecttheirdomainsfrombeingcompromised.Ontheotherextreme,registrarsorregistriesthatsellhighvolumesoflow-costdomainsmayseemoreimpactfrommechanismsthatpreventabuseatthepointofregistrationorthatautomate,expedite,orscaleabuseresponseprocedures.MeasurestoimprovecredentialmanagementandminimizetheriskassociatedwithcompromiseddomainsAsoutlinedabove,oneofthemostcriticalconsiderationsindetermininghowtorespondtoaparticularsecuritythreatiswhetherornotthedomainnameismaliciousorcompromised.Cybercriminalsbenefitfromtakingcontroloflegitimatewebsitesversusregisteringmaliciousdomains,astheyaremorelikelytoretaintraffic,invokeconsumertrust,andarelesslikelytobeblockedbysecuritysoftwareorflaggedbyreputationserviceproviders(CompromisedWebsites,AUserPerspective).AccordingtoregularstudiescarriedoutbytheAPWG,thevastmajorityofdomainnamesthatareflaggedforphishingaretheresultofdomaincompromiseversusmaliciousregistrationsbyphishers(APWG,GlobalPhishingSurvey).1Compromisedwebsitescanalsobelinkedtootherformsofabuse,suchthedistributionofmalware,includingthrough“domainshadowing”whereabusivethird-leveldomainsaresetupunderalegitimatesecondleveldomainname,potentiallybypassinginternalmonitoring(SAC074,SSACAdvisoryonRegistrantProtection).Thismakestheimplementationofmechanismstopreventcredentialcompromiseattheregistrant,registrar,andregistrylevelausefulproactivesteptopreventingmanysecurityabuses.PreviousworkbytheSSAChasofferedanumberofproactivemeasuresthatregistrarscanimplementtoallowregistrantstominimizetherisksthattheirdomainswillbecompromised,whichhavebeensummarizedbelow:2

1AccordingtothethreemostrecentGlobalPhishingSurveyscarriedoutbytheAPWGforthedomainnamesthatwereregisteredmaliciouslyaccountedforonly28.6percentofmaliciousregistrations.Therestarearesultofcompromiseddomains.(APWG,GlobalPhishingSurvey:TrendsandDomainNameUsein2H2014and1H2015)2ThefullrecommendationsbytheSSAConthismattercanbefoundinSAC040andSAC074.

Page 10: DNA Healthy Practices Outline (Clean)

● Recommendation1:Registrarsmaymakeregistrantaccountssecurethroughcredentialdesign,suchasheightenedrequirementsforpasswordlengthandcomplexity,encouragingorrequiringregistrantstorotatepasswords,andpreventingpasswordreuse.

● Recommendation2:Registrarsmayoffertoregistrantsadditional,opt-infeaturestomaketheiraccountsmoresecure.Examplesincludeenablingtwo-factorauthentication,offeringtieredlevelsofaccessfordifferentaccountroles,deliveringnotificationofaccountchangestomultiplecontacts,introducingsecurityquestionsorotherchallengesystems,usingIPwhitelisting,orcreatingper-domainaccesscontrols.

● Recommendation3:Registrarsmayvalidatechangerequeststoadomainnamethroughsecondarymeansandnotuseanemailaddressassociatedwiththedomaininquestiontovalidatewhichmayitselfbecompromised.

Additionally,theadvisoriesproposemechanismsthatregistriesorregistrarscanimplementtominimizetheriskofcompromiseofregistryorregistrarauthoritativesystems.

● Recommendation4:Registriesandregistrarscanstructureinternalprocessestoensurethatcredentialsarenotstoredinplaceswherethemightbecompromised(e.g.internalbuglogs,wikis,ortickets).

● Recommendation5:Registriesandregistrarscanmaintaingoodpracticesforthestorageandtransmissionofcredentialsincludingtransmissionofcredentialsoversecurechannels,storingprotectedversionsofcredentials,storingbackupsoffline,anddestroyingrecordsofcredentialswheretheyarenolongerneeded.

● Recommendation6:Registriesandregistrarsmayimplementclearpracticestoensurethatcredentialsarerevokedandrotatedwhenpersonnelwithaccesstotheinformationdeparttheorganization.

● Recommendation7:Ifabreachoccurs,registriesandregistrarscannotifyregistrantsinawaythatcanbeeasilyrecognizedandverified.

MeasurestodetectpossibleabusesatthepointofregistrationorinboundtransferRegistriesandregistrarscanalsoimplementmechanismstoidentifyandaddresspossiblesecurityabusesatthepointofregistration.Thesemechanismsareparticularlyusefulforregistriesorregistrarsthatofferfreeorextremelylow-costdomains,whichhavehistoricallyattractedabuse,andasadeterrentforabusetypesthatrequiretheregistrationoflargevolumesofdomains.

● Recommendation8:Registrarscanpreventagainstautomatedregistrationsbyscreeningforandlimitingorinvestigatinghighregistrationvolumescomingfromasingleaccount,orbyimplementingaCAPTCHAtohelpensurethatdomainsarebeingregisteredbyahuman.

● Recommendation9:Registrarsscreenregistrationsforfrequentlyabusedterms;requireadditionalidentityverificationinformationfromregistrantsofthesedomainnames.Flagdomainsforfurtherrevieworrequireadditionalinformationorvalidationfromtheregistrantpriortoregistration.

● Recommendation10:RegistrarsvalidatepaymentinformationbasedonPaymentCardIndustry(PCI)SecurityStandards.

Page 11: DNA Healthy Practices Outline (Clean)

MeasurestoidentifyandmitigatepotentialabuseonanongoingbasisInadditiontorespondingtosecurityabusesthatareidentifiedandreportedtoaregistryorregistrarbythirdparties,registriesandregistrarscanimproveabusehandlingbyproactivelyidentifyingpotentialabusesandtakingfurthermitigationactionbasedonthetypeandseverityoftheabuse.Registriesandregistrarscanimprovesecuritybybuildinganabuseprogramthatidentifies,investigatesandactionsabuseintheirnamespacesproactively,throughpartnershipwithreputationserviceprovidersorthird-party“blocklist”,ratherthansolelytakingactioninresponsetoabusecomplaints.RegistriesarealreadyrequiredpertheirRegistryAgreementsto“periodicallyconductatechnicalanalysistoassesswhetherdomainsintheTLDarebeingusedtoperpetratesecuritythreats,suchaspharming,phishing,malware,andbotnets.”However,manyregistriesremainuncertainortentativeinrespondingtosecurityabuseidentifiedthroughthesemeans,giventhattheyarefarremovedinthechainofresponsibilitydiscussedearlierandlackacontractualrelationshipwiththeregistrant.Registriescanimprovetheeffectivenessofthesetechnicalanalysesbydefiningclearpracticesforhowtoprocessandtakeactiononabusesidentifiedthroughtechnicalanalysis.Registriesandregistrarsthatuseareputationserviceproviderorthirdpartyblocklistshouldunderstandthatprovider’sframeworkforclassifyingabusetypes(e.g.phishing,malware,orsocialengineeringads);anyindicatorsprovidedfordeterminingwhetheradomainnameislikelytobemaliciousorcompromised;andwhereanabusehasbeenidentified(e.g.whetheritisatthedomainlevelorconfinedtoaparticularsubdomainorsubdirectory).Eachregistryorregistrarcandefineaninternalframeworkforhowtotakeactiononidentifiedabusesthattakesintoaccountthesefactionsandtheclassificationschemausedbytheirreputationserviceprovider.

● Recommendation11:RegistriesandRegistrarsmayworkwithreputationserviceproviderstoproactivelyidentifydomainsithathavebeenidentifiedasabusive,classify/investigatethem,andtakeactionasappropriate.

Unlikenewdomainregistrations,whichareunlikelytohaveapriorabusehistory,domainsbeingtransferredintoanewregistrarmayalreadyappearonathirdpartyblocklist.Registrarscouldpreventabusewithintheirdomainsundermanagementbyscreeninginboundtransfersthathavebeenflaggedbytheirreputationserviceproviderorbythirdpartyblocklists,andbarringthesetransfersunlessanduntiltheregistrantworkswiththerespectiveprovider(s)tohavethedomaindelisted.

● Recommendation12:Registrarsmayscreendomainnamesbeingtransferredinforappearanceonmalware/phishingblocklistsandrequirethatdomainnamesarede-listedbeforetheycanbetransferredin.

Thelimitationsondirectinterventionbytheregistrywhenabuseisidentifiedthroughitsrequiredtechnicalanalysisalsocreatesanopportunityforregistrarstoimprovesecurityresponsepracticeseitherthroughimplementationofaconsistentframeworkforrespondingtoreportsthatarepasseddownfromtheregistry,orevenbyengagingsimilarserviceprovidersdirectly.Overalleffortstomitigatesecuritythreatswouldbenefitfromsomecoordinationandsharedexpectationregarding

Page 12: DNA Healthy Practices Outline (Clean)

howinformationwouldberelayedfromregistriestoregistrars(orotherthirdpartyproviders)foraction,aswellasstrongcommunicationbetweenregistriesandregistrarsandotherengagedparties.Thisbeginswiththeprovisionofmeaningfulabusereports.

● Recommendation13:Whereidentifieddomainnamesarebeingreferredtoathirdpartyforaction,registriesandregistrarsshouldincludeallavailableinformationabouttheidentifiedabuse.

Relevantinformationcanincludeatminimum:

● TheURLbeingreported;● Thedateandtimethattheabusewasreported;● TheIPaddresswhenlastreported;● Othertargetsthattheabuseisbeingreportedto;and● Contactinformationnecessaryforfollowup.

Thefollowinginformationisoptionalbutcanbeprovidedtotheextentthatitisavailable:

● Conditionsnecessarytoreproducetheidentifiedabuse;● Thescopeofabusivebehavior(e.g.whetheritappliestoaparticularpage,subdomain,or

acrossthedomain);● Howtheabusewasidentified;● Anyspecificmaliciouscodeorexecutablesthatwereidentified;● AnyrelatedURLs;and● Anyactionstakentodateinresponsetotheabusecomplaint.3

Additionally,aregistryorregistrarshouldbeclearaboutwhat,ifany,actionitexpectsthethirdpartytotakewithregardtotheabuse;atimeframeforthethepartytotaketheactionand/orprovidearesponse;andanyescalationproceduresthatmaybefollowedifnoactionistakenornoresponseisreceived.Measuresforreceiving,handling,andtakingactioninresponsetoabusereportsLastly,abusecanalsobeidentifiedbyaregistryorregistrarduetothereceiptofathirdpartyabusereport.Asafirststep,registriesandregistrarscandefineclearprocessflowsforhowthesereportswillbereceivedandprocessed,andwhatstandardsandprocedureswillbefollowedtodeterminetheappropriatecourseofaction.Allreportscouldundergoinitialevaluationonatimelybasisthatestablishes(1)whetherthereportedabuseiscredibleorcanbeconfirmed;(2)whetherthedomainnamebeingreportedisprimarilymalicious;and(3)andwhetherthereportedabuseiswithinthescopeofcontroloftheregistryorregistrar,orwhetheritshouldbereferredtoathirdparty.

3StopBadware’sReportingPracticesforBadwareURLsprovidesasampleabusenotificationthatcontainstherecommendedelements.

Page 13: DNA Healthy Practices Outline (Clean)

● Recommendation14:Registriesandregistrarsidentifyclearprocesses,criteria,and

allocationofresponsibilitiesforthetakedownofclear-cutphishingsites,andescalationprocessesforreviewingotherreports.

Theinvestigationshouldnotfocussolelyonthedomain(s)referencedinthereport.Widerinvestigationcanbeusedtoidentifyand,potentially,takeactiononadditionaldomainnamesthatarealsoabusive.Thismaybetheresultofawideraccountcompromiseoramalicioususer.

● Recommendation15:Whenanabusereportisreceivedandverifiedasabusive/malicious,registrarsmayreviewotherdomainnamesinthesameuseraccountorusingthesamecreditcardinformation.

Justastheprovisionofcompletereportsbetweenproviderscanhelpimproveoverallsecurityresponses,theprovisionofincompletereportsbythirdpartiescangetinthewayofeffectivehandlingbythepartyreceivingtheabusereport.Often,registriesandregistrarsreceivereportsthatcontaininsufficientinformationtobeactionable,orthatdonotdescribepriororparallelactionsbeingtakenwithrespecttotheparticularabuse.Incompletereportsmayrequireregistriesandregistrantstoengageinbackandforthwiththereporterbeforetheabusecanbeclassifiedandflaggedforactioninaccordancewithitsinternalprocesses.Registriesandregistrarscanhelpexpeditethisprocessbyprovidinginformationandtoolsforreporterstoprovidemeaningfulandactionablereportsonthefirstattempt.Thiscouldincludehelpcenterorreferencearticlesaboutwhatinformationaregistryorregistrarexpectstoreceiveinanabusereport,orwebformsthatidentifymandatoryandrecommendedfieldsfacilitatingthesubmissionprocess.Relativeconsistencyintermsofwhatinformationisexpectedacrossregistriesandregistrarswillalsohelpandencouragethirdpartiestoprovideactionablereportsregardlessofprovider.

● Recommendation16:Registriesandregistrarscanprovidetoolsandinformationtohelpinternetusersprovidemeaningfulabusereports.

Registriesandregistrarsshouldalsomaintainaclearchannelofcommunicationwiththereporter.Thiscanbeusedtoprovideandreceiveadditionalinformationthatmayassistinmitigatingtheabuse.Additionally,itwillincreasereporters’confidencethattheirreportsarebeinggivendueconsideration,evenininstanceswheretheproviderisunabletoundertakedirectaction.

● Recommendation17:Registriesandregistrarsnotifyacomplainantassoonastheirreporterisreceivedandprovideamechanismforthemtoprovidefurtherinformationorcommunicationrelatedtothecomplaint.

● Recommendation18:Registriesandregistrarsprovideadditionalnotificationwhenthereportercaseisclosed,includingadescriptionofanyactiontaken.

Ifaregistryorregistrarbelievesthatanabusecomplaintiscrediblebutnotwithinitsscopeofactionitmayprovideadditionalassistancetotheregistrantbypassingonthereporttoadownstreamprovider(e.g.registrytoregistrar,registrartohostingproviderorreseller)directlyorprovidingguidancetotheregistrantabouthowtoidentifyandcontactthedownstreamprovider.

Page 14: DNA Healthy Practices Outline (Clean)

● Recommendation19:Ifaregistryorregistrarbelievesthatathirdpartyisbettersituatedtomitigateareportedabuse,assistthereporterbyidentifyingtheappropriateprovidertoreceivethereportorbypassingonthereportdirectly.

Whereadomainnameappearstobeabusivearegistryorregistrarcanadditionallyprovideassistancebynotifyingtheproviderandencouragehimorhertomitigatetheabusedirectly.Totheextentpractical,theregistryorregistrarcanprovideadditionalinformationorresourcestoassisttheregistrantinmitigatingtheabuse.

● Recommendation20:Whenadomainnameappearstobecompromised,aregistrarmaynotifytheregistrantandprovideanopportunitytorectifytheabuse.Registriesmay,instead,notifytheregistrarandrequestthattheyortheirresellerpassonthenoticetotheregsitrant.

Page 15: DNA Healthy Practices Outline (Clean)

AppendixB:ChildAbuseContentMitigationProposalDifferentcountriesdefinechildabuseimagesandchildpornographydifferently(e.g.,somedeemcomputer-generatedimages/animetobeillegalwhereasothersdonot).Oneglobaldefinitionof“childabuseimages”istheUnitedNationsConventionontheRightsoftheChildwhichdefinesthetermasanyphotograph,film,video,picture,orcomputerorcomputer-generatedimageorpicture,whethermadeorproducedbyelectronic,mechanical,orothermeans,depictingchildsexualabuse.Formoreinformationaboutvariousgloballawsrelatedtochildprotection,see:http://www.icmec.org/wp-content/uploads/2016/02/Child-Pornography-Model-Law-8th-Ed-Final-linked.pdfandhttp://fosigrid.orgRecommendedpracticesforRegistriesandRegistrars:

● Recommendation1:EachRegistryOperator/Registrarmaypublish,ontheirrespectivewebsites,a“zerotolerance”statementorpolicyagainstchildabusecontentandincludespecificprovisionsintheirregistrationtermsandconditionsprohibitingchildabusecontent.EachRegistryOperator/Registrymayincludetherighttosuspendordeletedomainnamesthatviolatethistermintheiragreement. SampleClause:

Registrant’ssitesshallnotdisplayanychildabuseimages.Registrant’ssitesshallnotengageinpracticesthataredesignedtosuggestthepresenceofchildabuseimages,including,withoutlimitation,theuseofmeta-tagsforthatpurpose.RegistryOperator/RegistrarwillreferanysitesthatarereportedtotheRegistryOperator/RegistrartobeinviolationofthispolicytochildsafetyhotlinesliketheNationalCenterforMissingandExploitedChildren(NCMEC),theInternetWatchFoundation(IWF),ortheInternationalAssociationofInternetHotlines(INHOPE).

● Recommendation2:EachRegistryOperator/Registrarincludecontactinformationfor

an“AbuseContact”sothatuserscanreportsuspectedillegalwebsites.

● Recommendation3:EachRegistryOperator/Registrarestablishaninternalpolicy/protocoladvisingstafftoforwardinternalandexternalreportsofchildabuseimagestotheorganization’sLegalorComplianceDepartment.

○ ItisstronglysuggestedthatmembersoftheorganizationDONOTaccesstheURL/domainname/websiteinquestion.

○ ItisstronglysuggestedthatmembersoftheorganizationDONOTFORWARDANYIMAGES/VIDEOSORSCREENSHOTSCONTAININGIMAGESORVIDEOS–BUTSIMPLYPROVIDETHEURL/DOMAINNAME/WEBSITE.

● Recommendation4:WhenRegistryOperators/Registrarsbecomeawareofsuspectedchildabuseimages,theyexpeditiouslyreporttheURL/domainname/websitedirectlytoachildreportinghotlineandprovidesufficientcontactinformationtothechildreportinghotlinetofacilitatelawenforcementfollowupregardingthereportsubmitted.

o Ifthereportingorganization(orthewebsite)isbasedintheUnitedStates,filea

CyberTipreportwithTheNationalCenterforMissingandExploitedChildren(NCMEC)athttps://report.cybertip.org/index.htm

Page 16: DNA Healthy Practices Outline (Clean)

o Ifthereportingorganization(orthewebsite)isbasedintheUnitedKingdom,fileareportwiththeInternetWatchFoundation(IWF)at:https://www.iwf.org.uk/report

o Ifthereporitngorganization(orthewebsite)isbasedinacountrythatisnottheUnitedStatesortheUnitedKingdom,checktheInternationalAssociationofInternetHotlines(INHOPE)reportingpagetoseeiftheyworkwiththerespectivecountryandreportitaccordingly,seehttp://inhope.org/gns/report-here.aspx

o Ifthereportingorganization(orthewebsite)isnotlistedinanyofthelinksidentifiedabove,submitthereporttoanyofthehotlinesyoupreferbecausethevarioushotlinesoftenworkcollaborativelysothereisgenerallynoneedtoreporttomultiplehotlines;areporttoonehotlinesuffices.

● Recommendation4:WhenRegistryOperators/Registrarsbecomeawareofsuspectedchildabuseimages,theorganizationmaydocumenttheURLsreportedandretainacopyofthoseURLsfortheirinternalfiles,intheeventthereportinghotlineand/orlawenforcementfollowsupwiththereportingorganizationdirectlyand/orforenforcementofany“repeatoffender”policiestheorganizationmayhave.(ItisstronglyrecommendedthatRegistryOperator/Registrardoesnotretainorshareanyscreenshots,imagesorvideos.)

● Recommendation5:Uponcontactfromareportinghotlineand/orlawenforcement,the

RegistryOperator/Registrarmaywishtosuspendthedomainname,deletethedomainname,etc.–pursuanttotheorganization’spoliciesandprotocols.

AspirationalPracticesforOrganizationsthatprovideUpload,Storage,Search,Hosting,Filtering,orSocialMediaServices:

IfaRegistryOperator/Registraralsoprovidesupload,storage,search,hosting,filteringorsocialmediaservices,and/oranElectronicService,4theorganizationmaywishtoconsideradoptingsomeorallofthefollowingadditionalservicesofferedbyUSandUKchildreportinghotlines:

● NCMEC:http://www.missingkids.org/Exploitation/Industry

○ URLInitiative:NCMECmaintainsalistofURLsforactiveWebpagescontainingapparentchildpornography.ByjoiningtheURLInitiative,ElectronicServiceProvidersareprovidedaccesstoNCMEC'sURLlistwhichisupdateddaily.

○ PhotoDNA:ThisisanimagematchingtechnologycreatesauniquesignatureforadigitalimagecalledaPhotoDNAsignature.Thissignaturecanbecomparedwiththesignaturesofotherimagestofindcopiesofthatimage.NCMECandonlineserviceprovidersusePhotoDNAtohelpfind,reportandcurtailtheonlinecirculationofsomeoftheworstknownimagesofchildpornography.

○ NCMECHashValueSharing:ThroughtheHashValueSharingInitiative,U.S.basedElectronicServiceProviderscanpartnerwithNCMECtoreceivealistofMD5hashvalueswhichrepresentthe"worstoftheworst"imagesofapparentchildpornography.

4FortheUnitedStateslegaldefinitionofElectronicServiceProvider,see:https://www.law.cornell.edu/uscode/text/18/2510

Page 17: DNA Healthy Practices Outline (Clean)

● IWF:BestPracticeGuide:https://www.iwf.org.uk/resources/best-practice-guide

ImageHashTagList:TheImageHashTagListletspartiesmatchknownimagesinordertoremovethemorpreventthemappearingonservices.TheImageHashesarecategorizedtosuitinternationaluse.ContactHashList@iwf.org.ukforinformation.

Page 18: DNA Healthy Practices Outline (Clean)

AppendixC:RoguePharmacyAbuseReportProposal

Registry/RegistrarPracticesforCombatingIllegalInternetPharmacies5

Registriesandregistrarsare involvedintheprovisioningandsaleofdomainnames. Fromtimetotime, illegalonlinepharmaciesregisterdomainnamesandthendevelopwebsitesonthesedomainnamestotryandcreateadistributionchannel forpharmaceuticals inviolationof federalandstatelaws. If given the proper notice information regarding these illegal activities, registrars andregistriescantakeeffectiveactiontotakedownthesewebsitesandsuspendthedomainnamesfromuse.

RecommendedpracticesforRegistriesandRegistrars:

● Recommendation1RegistrarsandregistriesmayacknowledgetheongoingproblemofillegalonlinepharmaciesandpubliclysupporttheworkoforganizationssuchasCSIPandtheAllianceforSafeOnlinePharmacies(ASOP)andcompaniesinvolvedincombattingtheuseofdomainnamesfortheillegaldistributionofdrugsandmedicinesbyillegalonlinepharmacies.

● Recommendation2Whenregistriesandregistrarsbecomeawareofasuspectedillegalpharmacytheymayreferthedomaintoathirdpartyproviderthatverifiesthelegitimacyofthesewebsites.

● Recommendation3Afterreceivingadequatelegalconfirmation(pursuanttoeachorganization’sownassessmentofadequatelegalconfirmation)thatadomainnamehostsawebsitethatisusedtomarketanddistributedrugsandmedicinesinviolationofapplicablelaws,registrarsandregistriesmaytakepromptaction.Registriesandregistrarsmaytakeactiononconfirmed,illegalpharmaciesuptoandincludingsuspensionordeletionoftheaffecteddomain(s)inaccordancewiththeirinternalprocedures.

● Recommendation4Registrarsandregistriesalsoincludeontheirwebsite,contactinformationforan“AbuseContact”sothatuserscanreportsuspectedillegalwebsitesforfurtherinvestigationbyaonlinepharmacyverificationprovider.

5ReprintedwithpermissionfromtheCenterforSafeInternetPharmacies’“PrinciplesofParticipation.”Copyright2016.AllRightsReserved.

Page 19: DNA Healthy Practices Outline (Clean)

AppendixD:VoluntaryThirdPartyHandlingofCopyrightInfringementCases

PurposeThepurposeofadoptionandimplementationofaCopyrightAlternativeDisputeResolutionPolicy(“CopyrightADRP”)istoprovidealegallyeffectiveandefficientmechanismmitigatingpervasiveinstancesofcopyrightinfringementintheDNS,whileensuringthatRegistrants’dueprocessrightsareobserved.ThisdocumentprovidesrecommendationstoRegistryOperatorsastohowtostructureandimplementaCopyrightADRPshouldtheyelecttodoso.

PrinciplesRegistryOperatorsarenotjuristsorexpertsinCopyrightlawandarenotinapositiontoadmitandevaluateevidence.Accordingly,underanyCopyrightADRP,RegistryOperatorscanworkwithskilledandexperiencedthird-partyneutrals(an“ADRProvider”)toarbitrateanymatterbroughtunderaCopyrightADRP.ArbitrationoffersalesscostlyandmoreexpeditiousmeansofaddressingallegedpervasiveinfringingcontentascomparedtomostjudicialsystemsandensuresthatRegistrantsreceivenoticeofcomplaintsanddueprocessrights.TheADRProvidershouldbeabletoprovideexpertandexperiencedneutralsthatarecapableofdeterminingthemeritsofanyclaimbroughtunderaCopyrightADRP.InadoptingtheCopyrightADRP,theRegistryOperatoragreestoabidebydecisionsrenderedbytheADRProvider,subjecttoanyappealthateitherthecomplainantorrespondentmayfileinacourtofcompetentjurisdiction.SincetheRegistryOperatorcannotcontrol,affectorremoveindividualpiecesofcontentonawebsite,theRulesofanyCopyrightADRP(the“Rules”)shouldbecraftedtoonlyprovideremediestoaddressdomainswheretheallegedinfringementispervasiveorwheretheprimarypurposeofthedomainisthedisseminationofallegedinfringingmaterial.AnydisputebroughtunderaCopyrightADRPisnecessarilyadisputebetweenthecopyrightholder(the“Complainant”)andtheregistrant(the“Respondent”).RegistryOperatorsshouldneverbepermittedtobeanamedpartyunderanyCopyrightADRP.Similarly,RegistrarsmustnotbenamedasapartyunderaCopyrightADRP,butshouldhavetherighttovoluntarilyintervene,attheirdiscretion.

RecommendationsThefollowingarerecommendationsforRegistryOperatorsthatchoosetoadoptandimplementaCopyrightADRP:

Page 20: DNA Healthy Practices Outline (Clean)

• Recommendation1:TheRegistryOperatorcanworkwithanexperiencedADRProvider.TherearemanyrecognizedandreputableADRProvidersthatworkwithexpertthird-partyneutralsincopyrightdisputes.TheADRProvidershouldbeabletoofferanumberofqualifiedpotentialarbiters.

• Recommendation2:TheComplainantshouldbearthecostandfeeoffilingtheCopyrightADRP(includinganyADRProviderfee)ofinstitutingtheCopyrightADRPdispute.Thisdoesnotincludethecostoflegalfees.IfeithertheComplainantorRespondentchoosetoengagewithcounsel,theyshouldbeartheirowncosts.

• Recommendation3:TheRulesfortheCopyrightADRPshouldrespectthedueprocessrightsoftheRespondent/registrantandclearlyexplaintheprocessandproceduresoftheADRP.Thisshouldinclude:

o Theprocessforfilingacomplaint.

o AcleartimelinesettingforthhowlongaRespondent/RegistranthastofilearesponsetotheComplaint.Similarly,thereshouldbeacleartimelineastohowlongtheADRProviderhastoissuehis/herruling.

TheRulesshouldalsosetforththeprocessforthestatusofthedomain(s)whiletheappealispendinge.g.,duringappealthedomainwillbeplacedundertransferlockattheRegistry).

o TheRulesshouldclarifythattheADRPisnon-exclusive.BoththeComplainantand

theRespondent/RegistrantcanbringanactionrelatedtotheallegedinfringementinacourtofcompetentjurisdictionatanytimebeforethematterhasbeenfullybriefedandsubmittedtotheArbiter.

o TheRulesshouldsetforththeprocessintheeventaRespondent/Registrantfailsto

respondtotheComplaint,or“Defaults.”IntheeventofaDefaulttheADRProvidershouldrulebasedontheallegationsintheComplaint.ThisdoesnotmeanthattheComplainantautomaticallyprevails.TheComplaintandanysupportingmaterialsmustsetforthaprimafacieclaimofpervasivecopyrightinfringement.

o TheRulesshouldsetforththecontrollinglawfortheADRP(typicallythe

jurisdictionwheretheRegistryOperatorislocated).

Page 21: DNA Healthy Practices Outline (Clean)

• Recommendation4:NeitherRegistryOperatorsnorRegistrarsshouldbepermittedtonamedinanyCopyrightADRPComplaint.Registrars,however,shouldbeprovidednoticeoftheComplaintandhavetherighttointerveneattheirdiscretion.

• Recommendation5:TheCopyrightADRPshouldhavelimitedremediesavailable.Nomonetarydamagesorreliefbeyondsuspending,lockingortransferringthedomainnameshouldbeavailable.

• Recommendation6:TheRulesoftheCopyrightADRPshouldrequirethattheComplainantagreetoindemnify,defendandholdtheRegistryOperatorandtheADRProviderharmlessfromanyclaimarisingfromoperationoftheCopyrightADRPoranydecision(andrelatedaction)thereunder.

• Recommendation7:TheRegistryOperatorshouldensurethatitsTermsofUseandor/AcceptableUsePolicyareupdatedtoincludeinclusionoftheCopyrightADRPinordertobindRegistrantsintotheprocess.


Clean Food - the Healthy Cook Book!

Healthy, Clean Cities · our Deep Demonstration of Healthy, Clean Cities go well beyond the targets outlined in the Clean Energy for All Europeans package. Deep Demonstrations of

Eat Clean, Feel Healthy for A Lifetime!

In A Clean City, A Healthy Life Project

Clean Hands Keep You Healthy · 2019-10-23 · Title: Clean Hands Keep You Healthy Author: Centers for Disease Control and Prevention Subject: Clean Hands Keep You Healthy Keywords:

Safer colon review clean colon keeps you healthy!

Clean Air - Healthy World · Title: Clean Air - Healthy World Author: Barry Wallerstein Subject: Clean Air Leadership Talk Keywords: haagen-smit awards, uc riverside Created Date

A clean business is a healthy business

Clean green healthy eating

Be clean, be healthy

VEG 'N' FRU WASH, Eat Clean - Live Healthy

Clean Development Mechanism - Department of Energy info/Gauteng Provincial... · Clean Development Mechanism (Regulations 385, 386, 387, 21 April 2006). – DNA operation. – DNA

DNA Clean & Concentrator

Steamatic- Way to Stay Clean and Healthy

Clean and Healthy Behavior to Prevent Diarrhea Diseases

HEALTHY WEIGHT - Quality Dna Test

Clean, Green & Healthy

Clean Banana Pancakes by Healthy Moxie

Stay Clean and Healthy

Clean, Healthy Environment - Dallasdallascityhall.com/...clean-healthy-environment.pdf · Key Focus Area 3: Clean, Healthy Environment $322,342 11.1 0.0 $250,573 8.7 $0 0.0 $258,640

Agriculture Contribution towards Clean Environment and Healthy Food

Equality in a clean and healthy environment

Clean Water for a Healthy World

Clean and healthy

Healthy Oceans and Clean Cities Initiative - Philippines

14 foods for a healthy and clean liver

Healthy Land, Healthy Food & Healthy Eaters · humans depend on healthy plants. Healthy soil makes it possible to have clean water and clean air. English agronomist Sir Albert Howard

Live Clean Lean and Healthy Challenge

CHIP-IN Clean and Healthy India Promotion – International

HEALTHY BUILDINGS KNOW WHEN TO CLEAN AIR

Cancer Classification from Healthy DNA using Machine Learning

Weltouch - Clean & Well Pack – Be Clean & Be Healthy

HEALTHY FORESTS FOR CLEAN WATER · HEALTHY FORESTS FOR CLEAN WATER Did You Know? We all need clean water to stay healthy, yet less than one percent of the water on earth can be used

Keep it clean and healthy

clean water, healthy life · clean water, healthy life clear drinking water from clean pipes DAXTRO® EMTAP® effectively protects your water supply system, removes unwanted deposits