October 2014 .XYZ Registry Case Study: Abuse Mitigation Before and After NameSentrySM Introduction: Given the rising trend in domain abuse levels, the advent of new gTLDs precipitated calls for greater responsibility by registries and registrars alike. These calls come from various stakeholders including law-enforcement, business, and intellectual property rights holders, and collectively these calls culminated in a contractual commitment exacted by ICANN and encoded in Specification 11 of the new gTLD Registry Agreement, as well as GAC advice to the board demanding greater safeguards. Debate has taken place since then on not only interpretation of the Spec 11 language, but also on how to implement an abuse mitigation system. Until now, this debate has taken place in the absence of any documented experience or data on the efficacy of one method over another, but as the largest new gTLD to date, .XYZ presents a great case study. Thanks to .XYZ registry’s impetus, this case study documents their experience and results in implementing a successful abuse mitigation program customized to their abuse policies powered by NameSentry. We hope the information will inject valuable data and insights into the conversation and lead to best practices that will serve the entire domain name industry. Background The .XYZ registry was founded in 2011 by Daniel Negari, a successful Internet entrepreneur, with a vision to engage the next generation of Internet users with a fresh, affordable and memorable new identity: .XYZ. His goal is to operate the TLD as an open, safe and reputable namespace for Internet users everywhere and from every walk of life. .XYZ’s open registration policy and low price, supported this goal and fueled .XYZ’s growth to become the largest new gTLD. A position it has maintained consistently during the five months since its launch. However, the low price also increased .XYZ’s appeal to unwelcome customers, who registered domains intended for spam, phishing, malware, and other forms of abuse. Although a higher price point was a viable alternative, it would have been at odds with .XYZ’s value proposition as an affordable and inclusive TLD. “There is no reason why a TLD cannot be secure and safe AND an affordable choice for everyone, everywhere.” Daniel Negari, CEO, .XYZ Registry Abuse Detection and Mitigation Process To implement the anti-abuse policy at launch, the registry signed up to get regular abuse listings from multiple data feeds. They also assigned an abuse desk contact to receive and process abuse notifications and complaints from their website and other sources. Lastly, they mapped out a process to perform checks and then suspend domains that had been verified as abusive. In practice however, the process proved to be cumbersome, hard to scale and resource intensive: “Initially we had to manually aggregate and review abuse data from multiple sources, we then had to verify each reported abuse by hand to eliminate any potential false positives. If the domain name were found to be abusive, we would then have to ask CentralNic to suspend the domain and send notifications to the associated registrar. This process was far too manual, tied up valuable resources, and was not effective in keeping pace with the flow of new abuse listings.“ Grant Carpenter, General Counsel .XYZ Registry 1 October 2014 .XYZ Registry Case Study: Abuse Mitigation Before and After NameSentrySM - continued Reported Abusive Domains as % of Total Registrations .0.80% 0.70% 0.60% 0.50% 0.40% 0.30% 0.20% 0.10% 0.00% 6.02 6.04 6.06 6.08 6.10 6.12 6.14 6.16 6.18 6.20 6.22 6.24 6.26 6.28 6.30 Reported abusive domains as a percentage of total registrations PRIOR to implementation of NameSentry Enterprise. Graph 1 As Graph 1 indicates, .XYZ domains were increasingly being reported as abusive and being listed by various blocklists. Within a month after General Availability, .XYZ registry sought a better alternative: “Having studied previous TLD launches, we were well aware that any perceived connection with abuse can stop a new gTLD dead in its tracks. Additionally, we knew that .XYZ required an innovative solution due to its global appeal and projected high volume registrations. In order to effiaciently monitor and mitigate a rapidly growing namespace, we decided to invest in NameSentry Enterprise’s trusted and comprehensive solution.” Daniel Negari, CEO, .XYZ Registry NameSentry Implementation NameSentry Enterprise was implemented on July 1, 2014. As part of the implementation process, NameSentry’s workflows were customized to .XYZ’s abuse policy and business requirements. Some of these included: • Automated takedown at the EPP level • Automated registrar notification when a suspension occurs, and when a potential abuse is detected • Priority queues based on threat level • Generation and archival of various reports including ones for ICANN compliance • Business intelligence on abuse trends • Prioritization of problem registrars by volume of abusive registration NameSentry Results .xyz Average New Abuse Listings per Day by Month 80 70 60 50 40 30 20 10 _ After Jun Jul Aug Sep Oct Average new abuse listings per day for every month from June to early Oct 2014. The purple line is the trend line. Graph 2 Safer Namespace Graph 2 shows the downward trend of average new abuses listed by day, from 74 per day in June, to 42 per day in September. This is despite growth from 229,504 DUMs in June to over 560,000 by end of September. 2 October 2014 .XYZ Registry Case Study: Abuse Mitigation NameSentry Results - continued Reported Abusive Domains as % of Total Registrations 0.80% 0.70% After 0.60% 0.50% 0.40% 0.30% 0.20% 0.10% 0.00% 6.30 7.07 7.14 7.21 7.28 8.04 8.11 8.18 8.25 9.01 9.08 9.15 9.22 9.29 Graph 3 Graph 3 reported abusive domains as a percentage of total registrations. The purple line indicated the downward trend AFTER implementation of NameSentry Enterprise. Graph 3 illustrates how abusive domains as a percentage of total registrations have stabilized and are trending downwards, within just four (4) months of implementing NameSentry Enterprise and its automated takedown capabilities. Proactive efforts have led to a safer and more reputable namespace as bad actors are discouraged due to effective mitigation. It is equally important to note that bad actors continue to test the resolve of .XYZ to manage its abuse (as evidenced by the spikes in the chart). Managing abuse levels is an ongoing activity. Reduction of Active Abuses Before implementation of NameSentry Enterprise (and despite enforcing an aggressive Anti-Abuse policy) there was still an average of 1.6 active abuses per day whereas afterwards, there is an average of 0.4 or almost no active abuse on any given day. • Between June 2nd and September 30th, 2014, XYZ faced approximately 5700 net new abuses. 98.63% of those domains were removed from the DNS within 5 minutes, and the rest (1.38%) were taken down in less than 2 hours. • There is no delay for manual processing or intervention following abuse identification, reducing time to harm to minimal levels not seen previously in the domain industry. Reduction of time to harm • Time to takedown (verification to takedown): • Before: 2 hours each • After: 5 minutes Time and Cost Savings “Before starting with NameSentry Enterprise, we spent a lot of time sifting through and analyzing data to catch and suspend a relatively small number of abusers. With NameSentry, we just proactively set the rules that match our needs, sit back, and let NameSentry do the rest. We’re able to catch much more abuse while putting in a fraction of the effort. “ Grant Carpenter, General Counsel 3 October 2014 .XYZ Registry Case Study: Abuse Mitigation NameSentry Results - continued NameSentry Design Principles The principles behind the design are the result of years of active abuse mitigation and first hand experience in prior new gTLD launches, and pioneering anti abuse policies and programs. The designers include DNS and domain abuse experts with more than 40 years of experience. They include: • Automation of: abuse detection and verification workflows such as notification, case tracking, documentation and reporting mitigation actions (i.e. domain suspension) • Business intelligence and insightful analysis: Cross-correlation of abuse data from different sources Categorization of abuse types and customized workflows for each • Pattern recognition and analysis • Continuous monitoring • Consistency of actions taken to implement policies • Customization to both Anti-Abuse Policies and business requirements • Documentation • Financial flexibility: Subscription model pricing Reduced need for HR and other resources • Reduction of false positives • Reduction of time to harm • Proper access security and permission levels • Technical flexibility: RSP neutral ■ ■ ■ .XYZ Key Stats: • • • • Launch: May 20, 2014 General Availability: June 2, 2014 Registry Services Provider: CentralNic NameSentry Enterprise Implementation Date: July 1, 2014 • DUM: > 560,000 (as of 10/2014) with an avg. daily growth of 3000 registrations • Active Sites: >100,000 (More than double any other new gTLD) ■ ■ ■ ■ ■ For more information Architelos: www.architelos.com/namesentry Contact: Michael Young, CTO [email protected] .XYZ Registry: www.gen.xyz Grant Carpenter, Gen. Counsel [email protected] [email protected] 203.610.2683 Summary The .XYZ use case illustrates the results of effective abuse mitigation: reduced cost and time to harm, and enhanced value and reputation of a TLD. The success can be attributed to the resolve of .XYZ’s executive management to protect both their end-users and long-term revenues, and to NameSentry Enterprise – a tool incorporating abuse mitigation best practices and automation. 4