Back

29 Rights Protection Mechanisms

gTLDFull Legal NameE-mail suffixDetail
.SCASVENSKA CELLULOSA AKTIEBOLAGET SCA (publ)valideus.comView
1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Rights protection is a core objective of Svenska Cellulosa Aktiebolaget SCA (“SCA”). SCA will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. SCA acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .SCA gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, SCA cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. SCA will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, SCA will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .SCA gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA , such as its selected backend registry services provider, Verisign.

As this will be a private brand registry with domains registered solely to SCA, it is not anticipated that any third parties will be eligible for .SCA domains but, nonetheless, SCA will offer the full range of ICANN mandated RPM, as set out below.

Sunrise Period. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD (unless SCA decides to offer a longer Sunrise period).

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by SCA either directly or through SCA approved registrars.

SCA requires all registrants, through SCA -approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum SCA recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18, provided they meet the eligibility requirements and rules of registration.

During the Sunrise period, SCA’s approved registrar is responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).

All domains in .SCA will be registered to SCA for its own exclusive use and possibly that of its affiliates and SCA will appear as the owner in all WHOIS records. SCA may grant affiliates a non-exclusive, non-transferable, worldwide limited license to registrants to use the domain names for a period of no less than one (1) year and no more than ten (10) years, commencing on the date on which the registration request submitted by the approved registrar. SCA will reserve the right to reject a registration request, or delete, revoke, suspend, cancel or transfer the licence to use.SCA domain name at any time without notice at its sole discretion.

According to the registration policy of .SCA, the domain names will have to be used in an acceptable manner and .SCA will undertake checks to ensure that the intended use of each domain conforms to the registration policy. According to the registration policy:
• Domains must be used solely for purposes that enhance the strategic or commercial interests of SCA.
• Domain names must not be used in a way that knowingly infringes any third party intellectual property rights.
• A domain name registration must be an acceptable term that will not give rise to any moral or public order questions or in any way damage the strategic interests or reputation of SCA.
• Domains may not be delegated or assigned to external organisations, institutions, or individuals.
• If the registrant ceases to be a member of SCA or its affiliates to which their domain name is associated, then the registrant must cancel registration of that domain name within 14 days of ceasing to be a member.

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).
During the Trademark Claims period, in accordance with ICANN’s requirements, SCA or the SCA -approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, SCA or the SCA -approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, the SCA or the SCA -approved registrar will not process the domain name registration.
Following the registration of a domain name, the SCA -approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum SCA will recognize and honor all word marks validated by the Trademark Clearinghouse.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, SCA implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .SCA gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, SCA will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .SCA gTLD:

• UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, the only remedy is cancellation as the only permitted registrant will be SCA or its affiliates. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. SCA, and entities operating on its behalf, adhere to all decisions rendered by UDRP providers.

In order to achieve this SCA will closely monitor UDRP complaints involving .SCA and ensure that its registrar appropriately implements the decisions.

• URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, SCA,and entities operating on its behalf, adhere to decisions rendered by the URS providers.

.SCA will deal with and handle URS complaints. Its designated team will receive official Notice of Complaint through an internal system and upon receiving a Notice of Complaint, the team will implement a lock within 24 hours and an automatic Notice of Lock will be generated and sent to the URS provider via email. The team will also enforce URS decisions, which may include unlocking the domain name or suspension of domain name and ensuring that the domain: i) remains suspended for the duration of registration period; ii) is non-resolving; iii) is redirected to an informational page provided by the URS provider; and iv) that the WHOIS maintains all original registrant details except for the redirection of name servers, and contains a message to the effect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.

• PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. SCA participates in the PDDRP process as specified in the Applicant Guidebook.

• .SCA will deal with and handle PDDRP complaints. Its designated team will file responses to complaints, negotiate and seek to settle the dispute without incurring in unnecessary costs for both parties, and enforce the decisions made by the PDDRP provider.

Additional Measures Specific to Rights Protection. .SCA will be a closed registry which will solely be owned and controlled by SCA for its own commercial and strategic interests. Therefore, it is highly unlikely that third parties will find the opportunity to engage in abusive activities such as phishing, pharming or other types of behaviour, which violate the rights of others. However, in the unlikely event that the .SCA domains are attacked by third parties, SCA provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

• Abuse Point of Contact: SCA will establish and publish a unique abuse point of contact. This contact will be a role e-mail address such as contact@abuseprevention.sca. This role address will allow the designated staff to regularly monitor abuse and⁄or malicious activities in .SCA. The registry’s designated staff will then evaluate complaints and produce abuse reports when necessary. Following the evaluation, they must decide whether the abuse report is a serious matter of concern and take a decision whether to dismiss the report or proceed to the next step. Since any decision regarding abuse reports implies serious consequences, abuse prevention staff and experts will accurately and responsibly deal with the abuse report. After the adequate evaluation procedure by the registry operator, SCA can determine whether or not to take any action against such alleged abusive or malicious activity. In particular circumstances, SCA can allow Verisign to suspend or cancel a domain name on its behalf. SCA will also take steps to investigate and respond to any reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

• Rapid Takedown or Suspension Based on Court Orders: SCA complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.
• Anti-Abuse Process: SCA implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
• Authentication Procedures: Verisign, SCA’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.
• Registry Lock: Verisign allows registrants to lock a domain name at the registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as SCA’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the registrar makes the request to unlock. SCA may implement Registry Lock.
• Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As SCA’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
• DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .SCA gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

3. RESOURCING PLANS

Resource Planning
o Implementation and administration of SCA’s program to provide RPMs will be executed by SCA’s outsourced registrar which has an extensive in-house experience in domain name management. The technical operation of the registry is also fully outsourced. Therefore, no integration is required between SCA’s own systems and those of the Registry Service Provider, Verisign. Nevertheless, minimal technical labour expense has been designated for the creation and maintenance of a registry website at which SCA’s policies, contact details, whois abuse point of contact and other technical support for domain management such as directing customers will be made available. Additionally, SCA currently has an experienced workforce of IT employees, who can be called upon at any time to manage and ensure the success of the registry website.


Resource Planning Specific to Backend Registry Activities
Verisign, SCA’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to SCA fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the .SCA gTLD as described in this application, Verisign, SCA’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.
gTLDFull Legal NameE-mail suffixDetail
.obiOBI Group Holding GmbHobi.deView
1. Mechanisms Designed to Prevent abusive registrations
Rights protection is a core objective of OBI. OBI will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. OBI acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .obi gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, OBI cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. OBI will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized. Also, OBI is committed to implementing all potential future consensus policies. Any such requirements will be included in the Registry Registrar Agreement to ensure that registrars will be in compliance with the OBI’s policies and that such policies are incorporated in the contract language with registrants. OBI will not require any additional or alternative services than the ICANN-designed Trademark Clearing House for purposes of trademark information aggregation, notification or validation.
As described in this response, OBI will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .obi gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of OBI by OBI-approved registrars or by subcontractors of OBI, such as its selected backend registry services provider, Verisign.

Sunrise Period
As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the general availability of domain names in the .obi gTLD.
As detailed in Question 28, the “.OBI Eligibility Policy“ will only allow Obi Group Holding GmbH as an registrant of .obi domain names. These eligibility restrictions shall apply during the Sunrise Period.
As a result of this, it is questionable whether any third parties will apply for .obi domain names during the Sunrise Period. Nonetheless, OBI will carry out the Sunrise Period in accordance with all known requirements and features which are yet to be published by ICANN. ICANN will work with expert partners during the preparation and implementation of the Sunrise Period. Policies and contracts will be drafted by legal experts in the field. The Trademark Clearinghouse will be contracted as well as an experienced Validation Agent and a reputable Dispute Resolution Provider. In addition, services rendered by Verisign and ICANN-accredited registrars will be used during the Sunrise Period.

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by OBI either directly or through OBI-approved registrars.
OBI requires all registrants, either directly or through OBI-approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model.
During the Sunrise period, OBI and⁄or OBI-approved registrars, as applicable, are responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).
The SER will include the following:
A. The registrant meets the requirements of the .OBI Eligibility Policy;
B1. The registrant is the owner of a word mark: (i) that is nationally or regionally registered for which proof of use – which can be a declaration and a single specimen of current use – was submitted to, and validated by, the Trademark Clearinghouse; or (ii) that has been court-validated; or (iii) that is specifically protected by a statute or treaty currently in effect and that was in effect on or before 26 June 2008; or
B2. The registrant is the owner, licensee or legal successor of a registered and existing trademark right (word mark and⁄or figurative mark), for which the claimed legal position on which the registration of the domain name is based was in effect on or before 26 June 2008 and the domain name is identical to the textual element of the mark (for which the parameters will be further defined);
C. The requirement of a representation that all provided information is true and correct;
D. The requirement that the provision of data sufficient to document rights in the trademark; and
E. The requirement that the application has been successfully validated by OBI’s Validation Agent.

Applications submitted to OBI or through an ICANN accredited registrar during the Sunrise Period are validated for completeness and accuracy in accordance with the Sunrise policy on behalf of OBI by a specialized Validation Agent, who will be tasked to
- validate trademarks against the Trademark Clearinghouse or against the respective database of the competent trademark office; and
- determine whether the trademark matches the string applied for according to the SER.
The Validation Agent can request supplementary records from the registrant at any time in the course of the validation process. Registrants are obliged to pay a fee for the application and for the respective validation. Rejected and⁄or unsuccessful applications will not be refunded.
Applications shall be rejected if,
- the application does not contain complete and accurate information as described in the Sunrise Policy, or is not in compliance with other provisions of the Sunrise Policy and⁄or other applicable .OBI policies;
- the domain name applied for obviously violates existing law, court or official orders, and is accordingly likely to endanger the operations of .OBI; or
- the Registrant fails to pay the validation fee and⁄or fails to deliver supplementary records as requested by the Validation Agent.

Domain names applied for shall be registered after the end of the Sunrise Period if,

* OBI has received only one application for a given domain name which was successfully validated, this domain name will be registered to the Applicant, if it meets the other requirements of the Sunrise policy and the other applicable .OBI policies; or
* an Applicant whose application has been validated was the highest bidder in an auction.


Should OBI receive two or more valid applications for the same domain name, it will be offered to the applicants at auction. The highest bidder will be awarded the domain.
OBI will not conduct a ʺLandrushʺ phase after Sunrise is completed. Due to the strict “.OBI Eligibility Policy” there is no need for OBI to limit the load on the shared registration system (SRS) that usually occurs during the initial run on popular, generic domain names, as .obi domain names won’t be available to the general public.
Sunrise Dispute Resolution Policy (SDRP)
After any Sunrise name is awarded to an applicant, it will remain under a “Sunrise Lock” status for at least 60 days so that parties will have an opportunity to file Sunrise Challenges. During this Sunrise Lock period the domain name will not resolve and cannot be modified, transferred, or deleted by the registrar. The domain name will be unlocked at the end of that lock period only if it is not the subject of a Sunrise Challenge. Challenged domains will remain locked until the dispute resolution provider has issued a decision, which Verisign will promptly execute.
The Sunrise Dispute Resolution Policy (SDRP) will allow Sunrise challenges based on the following four grounds:
(i) at time the challenged domain name was registered, the registrant did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty;
(ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration;
(iii) the trademark registration on which the registrant based its Sunrise registration is not of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; or
(iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received.

Trademark Claims Service
As provided by the Trademark Clearinghouse model (ICANN’s work towards the establishment of such a Trademark Clearinghouse is still in progress. Therefore, it is not yet possible to describe the actual process and technical interfaces by which Verisign will support the Trademark Clearinghouse requirements.) set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).

During the Trademark Claims period, in accordance with ICANN’s requirements, OBI or the OBI-approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.
Prior to registration of said domain name, OBI or the OBI-approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, OBI or the OBI-approved registrar will not process the domain name registration.
Following the registration of a domain name, the OBI-approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum OBI will recognize and honor all word marks validated by the Trademark Clearinghouse.

2. MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS
In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, OBI implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .OBI gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of OBI by OBI-approved registrars or by subcontractors of OBI, such as its selected backend registry services provider, Verisign.
These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, OBI will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .OBI gTLD:

UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, ownership of the domain name registration is transferred to the complainant. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. OBI and entities operating on its behalf adhere to all decisions rendered by UDRP providers.

URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain within 24 hours. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, OBI and entities operating on its behalf adhere to decisions rendered by the URS providers.

PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. OBI participates in the PDDRP process as specified in the Applicant Guidebook.

Contractual measurements: The answer to Question 28 (“Abuse Prevention and Mitigation”) above described OBI’s different contractual approaches to identify and address abusive usage of the .obi name space. OBI will establish upon the launch of the new .obi gTLD the “.OBI Eligibility Policy”, the “OBI Domain Name Policy” and the “.OBI Abuse Reporting Policy”.

These policies will all be part of the Registry-Registrar Agreement (RRA), which needs to be signed by all registrars interested in offering registrations under the .OBI gTLD giving OBI the possibility to impose certain sanctions against Registrants directly should this be necessary. Those contractual rights, procedures and measurements are designed as following:

By applying for and registering .OBI Domain Name(s) the Registrant enters into a direct agreement with OBI;
Furthermore OBI shall be entitled (but not obliged) to reject an application or to delete, revoke, cancel or transfer a Domain Name Registration:

- if the application or registration is not in compliance with the applicable OBI policies; or
- to protect the integrity and stability of the Shared Registry System, and⁄or the operation and⁄or management of the .obi gTLD; or
- in order to comply with applicable laws, regulations, any decision by a competent court or administrative authority; or
- to avoid any liability on behalf of OBI, its affiliates, directors, officers, employees, subcontractors and⁄or agents.

If OBI or any other party involved in the registration of the .obi domain name is directly contacted by a third party because of alleged violations of law, OBI will notify the Registrant by e-mail, either directly or through the respective registrar. The Registrant will process and reply to all correspondence forwarded by OBI without delay, and at least within 48 hours, unless a third party has set a shorter period or there is other specific need for speed.
Should the Registrant fail to reply within this time limit, OBI is entitled to stop the Domain Name from resolving via the DNS, have it deleted and⁄or to terminate the respective agreement.

In urgent cases, OBI is entitled to stop the Domain Name from resolving via the DNS, have it deleted and⁄or to terminate the respective agreement without prior notification or warning. This applies specifically to violations of criminal law and⁄or violations of youth protection law.

The Registry Restrictions Dispute Resolution Procedure (RRDRP) is not relevant since .OBI is not a community-based gTLD.

Additional Measures Specific to Rights Protection:

OBI provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

- Rapid Takedown or Suspension Based on Court Orders:
OBI complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.
- Anti-Abuse Process:
OBI implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
- Authentication Procedures:
Verisign, OBI’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.
- Registry Lock:
This Verisign service allows registrants to lock a domain name at the registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as OBI’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the registrar makes the request to unlock.
- Malware Code Identification:
This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As OBI’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names. Additionally, OBI will review information that is published on sources of Malware and Phishing, such as the findings published by the Anti-Phishing Working Group (APWG) in its Global Phishing Survey.
- DNSSEC Signing Service:
Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .OBI gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

3. RESOURCING PLANS
3.1 Resource Planning
This task shall be primarily supported by OBI staff as already included in the financial plan. Further, the workforce of a team of nine fully trained lawyers can be used, if need be. In addition to that, resources of Obi Smart Technologies GmbH can be used when it comes to technical questions in the course of abuse management. There is an outsourcing agreement with this company, which is an OBI group company, which is included in the financial plan. As costs for the Trademark Clearinghouse are yet to be determined, a placeholder for this is included in the financial plan.
3.2 Resource Planning Specific to Backend Registry Activities
Verisign, OBI’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to OBI fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.
Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.
Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:
* Customer Affairs Organization: 9
* Customer Support Personnel: 36
* Information Security Engineers: 11

To implement and manage the .OBI gTLD as described in this application, Verisign,OBI’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.
When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.