VeriSign Proposes Takedown Procedures and Malware Scanning for .Com

New registry service seeks to eliminate sites knowingly spreading malware.

VeriSign is asking ICANN to approve a new Verisign Anti-Abuse Domain Use Policy.

The policy (pdf) would allow VeriSign to run malware scanning of .com, .net, and .name domain names, as well as create a suspension system for domain names that knowingly host malware.

The malware scanning would occur quarterly. Domain name registrars would be able to opt out of the malware scans.

The suspension system is yet to be fully fleshed out, but VeriSign says:

Verisign’s suspension system will contain the anti-abuse policy statement and a set of suspension procedures. The anti-abuse policy is comparable to other registry agreements, and Verisign will work with the registrars to develop a set of common suspension procedures to address non-legitimate abusive sites that effect the security and stability of the Internet.

The goal is to take down sites that knowingly host malware but not legitimate sites that have been infected, which is often the case. VeriSign understands this may create some concern:

Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.

Given the potentially disastrous effects of a “false positive” takedown, I hope that the details of the procedures are fully established before VeriSign gets the green light.


  1. says

    As I noted in my comments at:

    domain name registrants will be hurt by the lack of due process. Also the definition of “abuse” is vague and open-ended, giving VeriSign too much latitude to decide what is “abusive.”

    It’s a very poor tool in many cases. For example, if a subdomain that hosts a company blog gets hacked and is serving malware, VeriSign could shut down the entire domain name, affecting not only the blog subdomain but all other subdomains (i.e. the one hosting the main website) and all other services (e.g. email). Collateral damage could far exceed the damage caused by the *alleged* “abuse”.

  2. VAG says

    Many European registrars have requested an option to opt-out when this new process was first introduced under the ccTLDs managed by Verisign. Verisign has since modified the original plans to allow registrars to opt-out of the scanning.

  3. Louise says

    @ George Kirikos said, “if a subdomain that hosts a company blog gets hacked and is serving malware, VeriSign could shut down the entire domain name.”

    And you can bet there will be a fee required to unblock the domain.

  4. Louise says

    ICANN, Verisign, Godaddy along with other large registrars are the mafia. The NTIA and the DOJ told them, no new fee increases on dot com with the new gTLD guidebooks, and they are just determined to profit from your portfolios.

Leave a Reply