New registry service seeks to eliminate sites knowingly spreading malware.
VeriSign is asking ICANN to approve a new Verisign Anti-Abuse Domain Use Policy.
The policy (pdf) would allow VeriSign to run malware scanning of .com, .net, and .name domain names, as well as create a suspension system for domain names that knowingly host malware.
The malware scanning would occur quarterly. Domain name registrars would be able to opt out of the malware scans.
The suspension system is yet to be fully fleshed out, but VeriSign says:
Verisign’s suspension system will contain the anti-abuse policy statement and a set of suspension procedures. The anti-abuse policy is comparable to other registry agreements, and Verisign will work with the registrars to develop a set of common suspension procedures to address non-legitimate abusive sites that effect the security and stability of the Internet.
The goal is to take down sites that knowingly host malware but not legitimate sites that have been infected, which is often the case. VeriSign understands this may create some concern:
Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.
Given the potentially disastrous effects of a “false positive” takedown, I hope that the details of the procedures are fully established before VeriSign gets the green light.