Back

29 Rights Protection Mechanisms

gTLDFull Legal NameE-mail suffixDetail
.SCASVENSKA CELLULOSA AKTIEBOLAGET SCA (publ)valideus.comView
1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Rights protection is a core objective of Svenska Cellulosa Aktiebolaget SCA (“SCA”). SCA will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. SCA acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .SCA gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, SCA cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. SCA will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, SCA will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .SCA gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA , such as its selected backend registry services provider, Verisign.

As this will be a private brand registry with domains registered solely to SCA, it is not anticipated that any third parties will be eligible for .SCA domains but, nonetheless, SCA will offer the full range of ICANN mandated RPM, as set out below.

Sunrise Period. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD (unless SCA decides to offer a longer Sunrise period).

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by SCA either directly or through SCA approved registrars.

SCA requires all registrants, through SCA -approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum SCA recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18, provided they meet the eligibility requirements and rules of registration.

During the Sunrise period, SCA’s approved registrar is responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).

All domains in .SCA will be registered to SCA for its own exclusive use and possibly that of its affiliates and SCA will appear as the owner in all WHOIS records. SCA may grant affiliates a non-exclusive, non-transferable, worldwide limited license to registrants to use the domain names for a period of no less than one (1) year and no more than ten (10) years, commencing on the date on which the registration request submitted by the approved registrar. SCA will reserve the right to reject a registration request, or delete, revoke, suspend, cancel or transfer the licence to use.SCA domain name at any time without notice at its sole discretion.

According to the registration policy of .SCA, the domain names will have to be used in an acceptable manner and .SCA will undertake checks to ensure that the intended use of each domain conforms to the registration policy. According to the registration policy:
• Domains must be used solely for purposes that enhance the strategic or commercial interests of SCA.
• Domain names must not be used in a way that knowingly infringes any third party intellectual property rights.
• A domain name registration must be an acceptable term that will not give rise to any moral or public order questions or in any way damage the strategic interests or reputation of SCA.
• Domains may not be delegated or assigned to external organisations, institutions, or individuals.
• If the registrant ceases to be a member of SCA or its affiliates to which their domain name is associated, then the registrant must cancel registration of that domain name within 14 days of ceasing to be a member.

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).
During the Trademark Claims period, in accordance with ICANN’s requirements, SCA or the SCA -approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, SCA or the SCA -approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, the SCA or the SCA -approved registrar will not process the domain name registration.
Following the registration of a domain name, the SCA -approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum SCA will recognize and honor all word marks validated by the Trademark Clearinghouse.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, SCA implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .SCA gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, SCA will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .SCA gTLD:

• UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, the only remedy is cancellation as the only permitted registrant will be SCA or its affiliates. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. SCA, and entities operating on its behalf, adhere to all decisions rendered by UDRP providers.

In order to achieve this SCA will closely monitor UDRP complaints involving .SCA and ensure that its registrar appropriately implements the decisions.

• URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, SCA,and entities operating on its behalf, adhere to decisions rendered by the URS providers.

.SCA will deal with and handle URS complaints. Its designated team will receive official Notice of Complaint through an internal system and upon receiving a Notice of Complaint, the team will implement a lock within 24 hours and an automatic Notice of Lock will be generated and sent to the URS provider via email. The team will also enforce URS decisions, which may include unlocking the domain name or suspension of domain name and ensuring that the domain: i) remains suspended for the duration of registration period; ii) is non-resolving; iii) is redirected to an informational page provided by the URS provider; and iv) that the WHOIS maintains all original registrant details except for the redirection of name servers, and contains a message to the effect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.

• PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. SCA participates in the PDDRP process as specified in the Applicant Guidebook.

• .SCA will deal with and handle PDDRP complaints. Its designated team will file responses to complaints, negotiate and seek to settle the dispute without incurring in unnecessary costs for both parties, and enforce the decisions made by the PDDRP provider.

Additional Measures Specific to Rights Protection. .SCA will be a closed registry which will solely be owned and controlled by SCA for its own commercial and strategic interests. Therefore, it is highly unlikely that third parties will find the opportunity to engage in abusive activities such as phishing, pharming or other types of behaviour, which violate the rights of others. However, in the unlikely event that the .SCA domains are attacked by third parties, SCA provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

• Abuse Point of Contact: SCA will establish and publish a unique abuse point of contact. This contact will be a role e-mail address such as contact@abuseprevention.sca. This role address will allow the designated staff to regularly monitor abuse and⁄or malicious activities in .SCA. The registry’s designated staff will then evaluate complaints and produce abuse reports when necessary. Following the evaluation, they must decide whether the abuse report is a serious matter of concern and take a decision whether to dismiss the report or proceed to the next step. Since any decision regarding abuse reports implies serious consequences, abuse prevention staff and experts will accurately and responsibly deal with the abuse report. After the adequate evaluation procedure by the registry operator, SCA can determine whether or not to take any action against such alleged abusive or malicious activity. In particular circumstances, SCA can allow Verisign to suspend or cancel a domain name on its behalf. SCA will also take steps to investigate and respond to any reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

• Rapid Takedown or Suspension Based on Court Orders: SCA complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.
• Anti-Abuse Process: SCA implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
• Authentication Procedures: Verisign, SCA’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.
• Registry Lock: Verisign allows registrants to lock a domain name at the registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as SCA’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the registrar makes the request to unlock. SCA may implement Registry Lock.
• Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As SCA’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
• DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .SCA gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

3. RESOURCING PLANS

Resource Planning
o Implementation and administration of SCA’s program to provide RPMs will be executed by SCA’s outsourced registrar which has an extensive in-house experience in domain name management. The technical operation of the registry is also fully outsourced. Therefore, no integration is required between SCA’s own systems and those of the Registry Service Provider, Verisign. Nevertheless, minimal technical labour expense has been designated for the creation and maintenance of a registry website at which SCA’s policies, contact details, whois abuse point of contact and other technical support for domain management such as directing customers will be made available. Additionally, SCA currently has an experienced workforce of IT employees, who can be called upon at any time to manage and ensure the success of the registry website.


Resource Planning Specific to Backend Registry Activities
Verisign, SCA’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to SCA fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the .SCA gTLD as described in this application, Verisign, SCA’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.
gTLDFull Legal NameE-mail suffixDetail
.XBOXMicrosoft Corporationmicrosoft.comView
1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Rights protection is a core objective of Microsoft.

Microsoft will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. Microsoft acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .XBOX gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, Microsoft cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. Microsoft will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, Microsoft will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .XBOX gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of Microsoft by Microsoft-approved registrars or by subcontractors of Microsoft, such as its selected backend registry services provider, Verisign.

This registry will be a private brand registry with eligibility requirements and rules of registration that permit only Microsoft and its Affiliates to register and use domains. This means that bad faith registration should be minimized or even completely eliminated.

Sunrise Period. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD.

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by Microsoft either directly or through Microsoft-approved registrars.

The Sunrise period will be executed by Microsoft in accordance with its Sunrise policy. A team will be designated by Microsoft to oversee the execution of Right Protection Mechanisms (RPM), compromising its current domain name manager and an IP specialist. Registrants that wish to participate in the Sunrise must register their rights in the Trademark Clearinghouse and approved registrars must give affirmative consent to the terms of the Registry-Registrar Agreement in advance of the Sunrise process. Microsoft’s RPM team will then generate the trademark data of the Sunrise applicants, and review the documentation and information submitted by approved registrars in order to verify the sunrise eligibility of the applications according to Sunrise Eligibility Requirements included in the sunrise policy.

Microsoft requires all registrants, either directly or through Microsoft-approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum Microsoft recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18.

Both the registration policy and sunrise policy will require all registrants to be either Microsoft or one of its wholly owned subsidiaries. Upon review, the RPM team will either verify the trademark information or notify the potential registrant of any deficiencies. If the trademark information and eligibility of the registrants are eventually verified, the domain name registration will resolve. All domains in the .XBOX will be registered to Microsoft or one of its wholly owned subsidiaries for their own exclusive use and Microsoft will appear as the owner in all WHOIS records. Microsoft will grant a non-exclusive, non-transferable, worldwide limited license to registrants to use the domain names for a period of no less than one (1) year and no more than ten (10) years, commencing on the date on which the registration request submitted by the approved registrar.

Microsoft will implement an Eligibility Reconsideration Process which will allow Microsoft to reconsider registrant’s license to use a domain name upon a change in the status of the registrant. Registrants will be able to challenge any decision made by the applicant regarding their eligibility through Eligibility Dispute Resolution procedure. Under Microsoft’s registration policy, prospective registrants will also have to comply with the Acceptable Use policy incorporated into the Sunrise and general registration policies. Microsoft will undertake checks to ensure that the intended use of each .XBOX domain conforms with the Acceptable Use policy. According to the Acceptable Use policy:

• Registrants must use their domains solely for purposes that enhance the strategic or commercial interests of Microsoft.
• Domain names may not be used in a way which knowingly infringe, violate, or misappropriate any third party intellectual property rights.
• A domain name registration must be an acceptable term that will not in any way damage the strategic interests or reputation of Microsoft.
• Registrants may not delegate or assign any rights in domain names to external organizations, institutions, or individuals.
• All .XBOX gTLD domains will be pointed to either Microsoft’s website or the main home page or the home page of the .XBOX gTLD registry.
• If the registrant ceases to be a member of Microsoft or its affiliates to which their domain name is associated, then the registrant must cancel registration of that domain name within 14 days of ceasing to be a member.

Microsoft may reject a registration request, or may delete, revoke, suspend, cancel or transfer a .XBOX domain name at any time without notice: to enforce registry policies and ICANN requirements to protect the integrity and stability of the registry, its operations, and the .XBOX gTLD system; if there is a change in the eligibility status of the Registrant; or if otherwise instructed by Microsoft.

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).

During the Trademark Claims period, in accordance with ICANN’s requirements, Microsoft or the Microsoft-approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, Microsoft or the Microsoft-approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, the Microsoft or the Microsoft-approved registrar will not process the domain name registration.

Following the registration of a domain name, the Microsoft-approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum Microsoft will recognize and honor all word marks validated by the Trademark Clearinghouse.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, Microsoft implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for this gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of Microsoft by Microsoft-approved registrars or by subcontractors of Microsoft, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, Microsoft will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .XBOX gTLD:

• UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, ownership of the domain name registration is transferred to the complainant. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. Microsoft and entities operating on its behalf adhere to all decisions rendered by UDRP providers.
• URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, Microsoft and entities operating on its behalf adhere to decisions rendered by the URS providers.
• PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. Microsoft participates in the PDDRP process as specified in the Applicant Guidebook. The Microsoft RPM team will deal with and handle PDDRP complaints. As set out in the Applicant Guidebook in the appendix summarizing the PDDRP, the grounds for a complaint on a second level registration are that , “(a) there is a substantial pattern or practice of specific bad faith intent by the registry operator to profit from the sale of trademark infringing domain names; and (b) the registry operator’s bad faith intent to profit from the systematic registration of domain names within the gTLD that are identical or confusingly similar to the complainant’s mark, which: (i) takes unfair advantage of the distinctive character or the reputation of the complainantʹs mark; or (ii) impairs the distinctive character or the reputation of the complainantʹs mark, or(iii) creates a likelihood of confusion with the complainantʹs mark.”. Whilst we will co-operate with any complaints made under the PDDRP, we think it is highly improbable that any PDDRP complaints will succeed because the grounds set out above cannot be satisfied as domains in the registry will not be for sale and cannot be transferred to third parties.

Additional Measures Specific to Rights Protection.
The .XBOX gTLD will be a closed registry that will be solely owned and controlled by Microsoft for its own commercial and strategic interests. Therefore, it is highly unlikely that third parties will find the opportunity to engage in abusive activities such as phishing, pharming or other types of behavior which violate the rights of others. However, in the unlikely event that the .XBOX domains are attacked by third parties, Microsoft will have the following measures in place to deal swiftly with the abuse:

Abuse Point of Contact: Microsoft will establish and publish a unique abuse point of contact from within the RPM team. This contact will be a role e-mail address such as abuse@registry.xbox. This role address will allow designated staff to regularly monitor abuse and⁄or malicious activities in .XBOX. The registry’s designated staff will then evaluate complaints and produce abuse reports when necessary. Following the evaluation, they must decide whether the abuse report is a serious matter of concern and take a decision whether to dismiss the report or proceed to the next step. Since any decision regarding abuse reports implies serious consequences, the registry operator will be supported by abuse prevention staff and experts that will accurately and responsibly deal with the abuse report. After the adequate evaluation procedure via the registry operator, Microsoft can determine whether or not to take any action against such alleged abusive or malicious activity. In particular circumstances, Microsoft can allow Verisign to suspend or cancel a domain name on its behalf. Microsoft will also take steps to investigate and respond to any reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

Rapid Takedown or Suspension Based on Court Orders: Because domain names can be used to engage in malicious and abusive activity on the Internet, including malware, pharming, and phishing, the most efficient measure to combat such activity may, under certain circumstances, be to deactivate the domain. Microsoft will implement a rapid takedown process based on, for example, court orders, appropriate and documented requests from law enforcement, and the results of its own internal threat analyses and assessment. Microsoft complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.

Anti-Abuse Process: Microsoft implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.

Authentication Procedures: Verisign, Microsoft’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.

Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As Microsoft’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.

Rights Protection Help Desk We will maintain a Rights Protection Help Desk. Enquirers will be allocated a Case Number and the following details will be captured:

The contact details of the complainant
The domain name that is the subject of the complaint or query
The registered right, if any, that is associated with the request
An explanation of the issues such as why the complainant believes that its mark has been infringed
An initial response to a query or complaint will be made within 24 hours. The Rights Protection Help Desk will be in place on Day One of the registry. The cost of the Rights Help Desk is reflected in the Projections Templates provided at Q46 as part of on-going registry maintenance costs.
The aim of the Rights Protection Help Desk is to assist third parties in understanding the mission and purpose of our registry and to see if a resolution can be found that is quicker and easier than the filing of a UDRP or URS complaint.

Registry Legal Expert We will allocate to one or more expert(s) within Microsoft the responsibility of ensuring that we are compliant with ICANN policies. The(se) compliance contact(s) will also handle all disputes relating to RPMs. This will involve evaluating complaints, working with external legal counsel and law enforcement, and resolving disputes. The compliance contact(s) will also liaise with external stakeholders including URS and UDRP panel providers, the TMCH operator, and trademark holders as needed.

Twice Yearly Registrar Accreditation & Audits We will audit the performance of our registrars every six months and re-validate our Registry-registrar Agreements annually. Our audits will include site visits to ensure the security of data etc.

Registrant Pre-Verification All requests for registration will be verified by our registrar to ensure that they come from a legitimate representative of Microsoft or our Affiliates. A record of the request will be kept in our on-line domain management console including the requestor’s email address and other contact information.

3 RESOURCING PLANS
Resource Planning
Microsoft’s RPM team comprises its current domain name manager and an IP specialist.

Resource Planning Specific to Backend Registry Activities
Verisign, Microsoft’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to Microsoft fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:

• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the .XBOX gTLD as described in this application, Verisign, Microsoft’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

Microsoft’s registrar will also be supporting Microsoft by validating the eligibility of registration requests, assisting with ICANN compliance and acting against abusive registrations. This registrar will be assigning one legal specialist and four operational staff to assist Microsoft with these tasks.

The Microsoft Domain Name Management Team of two will work under the leadership of Microsoft’s Associate General Counsel.

Implementation Plans
Our proposed Sunrise and IP Claims service is currently anticipated to be introduced according to the following timetable:

Day One: Announcement of Registry Launch and publication of registry website with details of the Sunrise and Trademark Claim Service (“TMCS”)
Day 30: Sunrise opens for 30 days on a first-come, first served basis. Once registrations are approved, they will be entered into the SRS and published in our Thick-Whois database.
Day 60-75: Registry Open, domains applied for in the Sunrise registered and TMCS begins for a minimum of 60 days
Day 120-135: TMCS ends; normal operations continue. Our systems to support the implementation of complaints under the UDRP, the URS, and the PDDRP will be available from Day One, as will Thick Whois.

The Implementation Team will create a formal Registry Launch plan by 1 November 2012. This will set out the exact process for the launch of the .XBOX registry and will define responsibilities and budgets. The Microsoft Registry website, which is budgeted for in the three year plans provided in our answers to question 46 will be built by 1 February 2013 (or within 30 days of pre-delegation testing starting, whichever is the soonest). It will feature Rules of Registration, Rules of Eligibility, Terms & Conditions of Registration, Acceptable Use Policies as well as the Rules of the Sunrise, the Rules of the Sunrise Dispute Resolution Policy and the Rules of the Trademark Claims Service.

The registry website will promote the contact details of our Abuse Point of Contact which will be available 24⁄7.

We will comply with all requests from courts, law enforcement, and governmental bodies, and any decisions⁄judgments from UDRP and URS panels.

Technical implementation between the registry and the Trademark Clearinghouse will be undertaken by our registry service provider as soon as practical after the Trademark Clearinghouse is operational and announces its integration process.
As demonstrated in our financial answers, a budget has been set aside to pay fees charged by the Trademark Clearinghouse Operator for this integration.

The contract we have with our registrar (the RAA) will require that the registrar adheres to the Terms & Conditions of the TMCH and will prohibit the registrar from filing domains in our registry on its own behalf or utilizing any data from the TMCH except in the provision of its duties as our registrar.

When processing TMCS claims, our registrar will be required to use the specific form of notice provided by ICANN in the Applicant Guidebook’.

We will also require our registrar to implement appropriate privacy policies reflecting the location of our registry in the United States and the high standards that we set. See http:⁄⁄privacy.microsoft.com⁄en-us⁄default.mspx.