Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.poloRalph Lauren Corporationralphlauren.comView
A. ABUSE PREVENTION AND MITIGATION TO BE IMPLEMENTED BY RALPH LAUREN


Ralph Lauren’s proposed use for .polo should, by its very nature, preclude abusive registrations from occurring, as all domains names may only be registered in the name of RALPH LAUREN and its affiliates (for the purposes of this response, “affiliates” means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly (i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or (ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or (iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner).

RALPH LAUREN is intending to operate .polo for the benefit of Internet users that would like to interact with RALPH LAUREN. There is no incentive for RALPH LAUREN to confuse Internet users, nor otherwise use domain names in bad faith, since RALPH LAUREN’s branded keyword gTLD is inherently intertwined with all uses of .polo domain names.

Notwithstanding the above, RALPH LAUREN understands and agrees that it must comply with the different rights protection mechanisms such as the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) as described in the gTLD Applicant Guidebook (as may be later amended via Consensus Policy) and the Registry Agreement. The aforementioned policies provide a strong incentive to ensure that relevant and effective checks are in place to ensure that all .polo domain names are only registered and used in an appropriate manner so as to benefit Internet users who would like to interact with RALPH LAUREN, rather than in any manner that may be deemed inappropriate or in bad faith.

RALPH LAUREN will implement a clear written policy which requires the relevant corporate authorization and approvals to be procured and evidenced in order for any .polo domain name to be registered for RALPH LAUREN’s use. In the event that RALPH LAUREN resolves to permit third parties (other than affiliates) that have a relationship with either RALPH LAUREN or its business, to register (or license) and use domain names within the top level domain (TLD), then additional corporate authorizations and approvals may be required to ensure internal responsibility for permitting and enforcing the terms of use of the .polo domain. In addition to these safeguards, all registered domain names in the TLD will be regularly monitored for abusive use.



B. .POLO ANTI-ABUSE POLICIES

Although domain names will only be registered to RALPH LAUREN and its affiliates, all domain names will be subject to specific internal registration policy for .polo domain. The registration policy will set out in writing a methodology for corporate authorization, approval and evidence in order for any domain name to be registered for RALPH LAUREN’s use. This will prohibit any abusive use of a domain name. These policies include not only the required URS, but also the supplemental Anti-Phishing Takedown Process, RALPH LAUREN’s Acceptable Use Policy, and RALPH LAUREN’s strict controls on registration.



C. DEFINITION OF ABUSE

RALPH LAUREN defines abuse as an action that causes actual and substantial harm, or is a material predicate of such harm, and is illegal, illegitimate, or otherwise contrary to registration policy. Abuse includes, without limitation, the following:

- Content or actions that attempt to defraud members of the public in any way (for example, ʺphishingʺ sites);

- Content that is hateful, defamatory, derogatory or bigoted based on racial, ethnic, political grounds or which otherwise may cause or incite injury, damage or harm of any kind to any person or entity;

- Content that is threatening or invades another personʹs privacy or property rights or is otherwise in breach of any duty owed to a third party;

- Content or actions that infringe the trademark, copyright, patent rights, trade secret or other intellectual property rights, or any other legal rights of RALPH LAUREN or any third party;

- Content or actions that violate any applicable local, state, national or international law or regulation;

- Content or actions that promote, are involved in or assist in, the conduct of illegal activity of any kind or promote business opportunities or investments that are not permitted under applicable law;

- Content that advertises or offers for sale any goods or services that are unlawful or in breach of any national or international law or regulation; or

- Content or actions associated with the sale or distribution of prescription medication without a valid prescription;

- Content that depicts minors engaged in any activity of a sexual nature or which may otherwise harm minors;

- Activities that mislead or deceive minors into viewing sexually explicit material;

- Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;

- Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;

- Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through Domain Name System (DNS) hijacking or poisoning;

- Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent. Examples include, without limitation, computer viruses, worms, keyloggers and trojan horses;

- Botnet command and control: Services run on a domain name that are used to control a collection of illegally compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks); and

- Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).



As stated in response to Question 18, RALPH LAUREN’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. RALPH LAUREN will implement the following as means of abuse prevention and mitigation:

1. RALPH LAUREN’s draft registration policy ** (See end of document)

2. RALPH LAUREN’s draft procedure for management of trademark infringement claims *** (see end of document)


Any employee found to have violated any of RALPH LAUREN’s policies may be subject to disciplinary action, up to and including termination of employment.

Every RALPH LAUREN employee should be aware that the data they create on the corporate systems, including on any domain name hosted in .polo, remains the property of RALPH LAUREN. For security and network maintenance purposes, authorized individuals within RALPH LAUREN may monitor equipment, systems and network traffic at any time. RALPH LAUREN reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

RALPH LAUREN recognizes that, notwithstanding all of RALPH LAUREN’s internal policies having been meticulously followed by all employees and affiliates, the Internet remains an open and ubiquitous system that provides access and anonymity to participants around the world. This is one of the Internet’s strengths and also a source of difficulty as malicious or criminal perpetrators exploit these characteristics for their own benefit. The frequency of activities such as phishing, pharming, spam and DDoS attacks have increased dramatically on the Internet and there is strong evidence to suggest this will continue.

RALPH LAUREN has resolved to ensure that abusive use of the .polo domain names will not be permitted nor tolerated. The nature of such abuses creates security and stability issues for RALPH LAUREN, as well as for users of the Internet in general, and particularly those who wish to interact with RALPH LAUREN in a secure and reliable manner. The nature of such abuses also inherently creates negative publicity and loss of brand integrity and goodwill and, therefore, any such abuse must be swiftly and effectively addressed, and systems must continue to evolve in accordance with evolving threats.



SCANNING TO IDENTIFY MALICIOUS OR ABUSIVE BEHAVIOR

All domain names within the .polo domain shall be continually executing approved virus-scanning software with a current virus database, unless overridden by departmental or group policy for legitimate business reason.

RALPH LAUREN will conduct automated and regular scanning for malware of all domain names in the Registry through its selected back end Registry services provider, Verisign. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names. Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website.




D. ADDITIONAL PROCESSES TO ADDRESS ABUSIVE USE OF REGISTERED DOMAIN NAMES


SUSPENSION PROCESSES CONDUCTED BY BACKEND REGISTRY SERVICES PROVIDER.

In the case of domain name abuse, RALPH LAUREN or RALPH LAUREN’s approved registrar(s) will determine whether to take down the subject domain name. Verisign, RALPH LAUREN’s selected backend registry services provider, will follow the auditable processes to comply with the suspension request as set out Diagram 1 of the Attachment.


VERISIGN SUSPENSION NOTIFICATION.

RALPH LAUREN or RALPH LAUREN’s approved registrar(s) submits the suspension request to Verisign for processing, documented by:

- Threat domain name

- Registry incident number

- Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence

- Threat classification

- Threat urgency description

- Recommended timeframe for suspension⁄takedown

- Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name status that are relevant to the suspension)

- Incident response, including surge capacity




VERISIGN NOTIFICATION VERIFICATION.

When Verisign receives a suspension request from RALPH LAUREN or RALPH LAUREN’s approved registrar(s), it performs the following verification procedures:

- Validate that all the required data appears in the notification

- Validate that the request for suspension is for a registered domain name

- Return a case number for tracking purposes



Suspension Rejection.

If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to RALPH LAUREN or RALPH LAUREN’s approved registrar(s) with the following information:

- Threat domain name

- Registry incident number

- Verisign case number

- Error reason


RALPH LAUREN will notify the registrar of record in relation to a complaint.



E. ABUSE POINT OF CONTACT AND PROCESS FOR ADDRESSING COMPLAINTS

RALPH LAUREN will act as the primary abuse point of contact for the gTLD. RALPH LAUREN may use its third party registrar(s) or its selected back end registry services provider, Verisign, to perform some or all of the functions associated with handling inquiries relating to malicious conduct in the gTLD. Contact details (including at least a valid email and mailing address) for the abuse primary contact will be displayed prominently on RALPH LAUREN’s main website. The primary contact will investigate and respond to all complaints and incidents within a reasonable time and be empowered to take effective action within well-defined written criteria to guide those actions. Action will be taken in line with what is set out in this answer and the registration policy for the .polo domain. Changes to contact details will be clearly and effectively communicated to ICANN and prominently displayed on RALPH LAUREN’s website.

The above mentioned email address will be set up to receive complaints for any potential malicious conduct in the TLD. Furthermore, the email address will be routinely monitored over a 24 hour period, 365 days a year. Complainants will be provided with a written email response communication containing an auditable tracking or case number. RALPH LAUREN will investigate all reasonable complaints and take any reasonably necessary and appropriate action. Verified law enforcement requests will be addressed in no more than twenty-four hours from verified receipt. All other requests will be addressed in no more than seventy-two hours from receipt.

Abuse complaint metrics will be tracked, and adequate resources will be expended to ensure appropriate trending of those metrics by providing the abuse point of contact with sufficient resources. The complaint metrics will be gathered by the registrar(s) and regularly forwarded to RALPH LAUREN for the purposes of identifying gaps in the Registry’s current policies and areas of improvement. Given RALPH LAUREN’s belief that infrastructure protection, rights protection and user security are paramount goals of operating the TLD, RALPH LAUREN intends to engage a third party registrar(s), who will be required to ensure that sufficient resources are provided to satisfy this critical requirement, and to do whatever is reasonably necessary to ensure a secure and trusted zone.

RALPH LAUREN will have strict controls over the registration and use of the .polo domain names. RALPH LAUREN will devise and document strict criteria and authority levels which will need to be satisfied before a domain name can be registered for use. To ensure independence of this function, a third party registrar will be responsible for ensuring strict compliance with the criteria and authority levels designated. Only authorized personnel within RALPH LAUREN organization will be permitted to request and⁄or authorize DNS changes to be made either by the third party registrar or the registry services provider. RALPH LAUREN’s documented criteria and authority levels for registering a domain name ensure multiple, unique points of contact are needed to request and⁄ or approve, update, transfer and⁄ or deal with deletion requests, and will require notification of multiple unique points of contact when a domain name has been updated, transferred, or deleted.



F. ORPHAN GLUE RECORDS

RALPH LAUREN will ensure proper attention is paid to orphan glue records. While orphan glue often supports correct and ordinary operation of the DNS, RALPH LAUREN understands that it will be required, via Specification 6 of the Registry Agreement, to take action to remove orphan glue records when provided with evidence in written form that such records are present in connection with malicious conduct. RALPH LAUREN’s robust controls on registration and use, and ongoing monitoring of the .polo zone, should ensure that this is not an area of concern. Furthermore, RALPH LAUREN’s selected backend registry services provider’s (Verisign’s), registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain. To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:


CHECKS DURING DOMAIN DELETE:

- Parent domain delete is not allowed if any other domain in the zone refers to the child name server

- If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone




CHECK DURING EXPLICIT NAME SERVER DELETE:

- Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server




ZONE-FILE IMPACT:

- If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a server Hold status, then the parent domain goes out of the zone but the name server glue record does not

- If no domains reference a name server, then the zone file removes the glue record




CONTROLS ON NEW REGISTRATIONS OF DOMAIN NAMES

RALPH LAUREN will adopt and impose strict controls over the registration and use of .polo domain names. RALPH LAUREN will devise and document strict criteria and authority levels which will need to be satisfied before a domain name can be registered for RALPH LAUREN’s use. To ensure appropriate verification of this function, third party registrar(s) will be appointed to perform the administrative aspects of the registration of domain names in strict compliance with the defined criteria and designated authority levels. The registry services provider will be provided with the defined criteria and will be required to ensure that only domains which comply with the criteria are registered. Only authorized personnel within RALPH LAUREN organization will be able to request and⁄or authorize DNS changes to be made either by the third party registrar(s) or the registry services provider. RALPH LAUREN’s documented criteria and authority levels for domain name registration will ensure multiple, unique points of contact are needed to request and⁄ or approve, update, transfer and⁄ or deal with deletion requests, and will require notification of multiple unique points of contact when a domain name has been updated, transferred, or deleted.

RALPH LAUREN confirms that it will meet the standards set out in the Registry Agreement, with respect to the Sunrise and Trademark claims process for any domain names registered.



G. ENSURING WHOIS ACCURACY

A complete and accurate Whois database promotes the prevention of identity theft, fraud and other on-line crime, promotes the public’s ability to police its rights against unlawful copyright and trademark infringement, and minimizes technical errors. RALPH LAUREN has a compelling interest in accounting to itself and the public for the use of Applicant assets, and in ensuring those assets are only used by persons or entities authorized by RALPH LAUREN. That interest is especially strong with respect to the .polo and all domain names registered or used therein, since it is a core component of RALPH LAUREN’s online branding and technological platform.

RALPH LAUREN will enforce the Whois data accuracy provisions in ICANN’s Registry Agreement, Registrar Accreditation Agreement and all relevant Consensus Policies. Those agreements generally require all registrants to provide accurate and reliable contact details and promptly update any changes made during the registration term. RALPH LAUREN’s registrars must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of the domain name registration. RALPH LAUREN and⁄or its affiliates (as defined in this response) will be listed as the sole registrant of all domains within the .polo. RALPH LAUREN’s clear written policy which requires the relevant corporate authorisation and approvals to be procured and evidenced for any .polo domain name to be registered for RALPH LAUREN’s use, and the subsequent verification through a registrar will ensure thorough pre-verification of all Whois data. Therefore, all Whois information will be complete and accurate at the time of registration. In the event of any change in the Whois contact information for a domain name, that change will be promptly updated in the Whois database.

Verisign, RALPH LAUREN’s selected backend registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s Whois accuracy requirements. Verisign provides the following services to RALPH LAUREN for incorporation into its full-service registry operations.


REGISTRAR SELF CERTIFICATION.

The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Process steps are as follows:

- Verisign sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification;

- When the form is submitted, Verisign sends the registrar an automated email confirming that the form was successfully submitted;

- Verisign reviews the submitted form to ensure the certifications are compliant;

- Verisign sends the registrar an email notification if the registrar is found to be compliant in all areas;

- If a review of the response indicates that the registrar is out of compliance or if Verisign has follow-up questions, the registrar has 10 days to respond to the inquiry;

- If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Verisign sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach;

- If the registrar does not cure the breach, Verisign terminates the Registry-Registrar Agreement (RRA).



WHOIS DATA REMINDER PROCESS.

Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003. Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.



H. RESOURCE PLANNING

RALPH LAUREN has effectively mitigated the risk of abuse in the gTLD and foresees dedicating a member of staff to act as the primary points of contact for handling inquiries relating to malicious or abusive conduct in the TLD. RALPH LAUREN is committed to ensuring that sufficient resources are made available at all times. RALPH LAUREN may engage its third party registrar(s) and its selected back end registry services provider, Verisign, to perform some or all of the tasks associated with abuse issues. This will ensure that highly skilled, specialized and scalable resources are on hand to address any possible abuse issues both during the startup phase of the TLD and continually during operations of the TLD.

Verisign, RALPH LAUREN’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to RALPH LAUREN fully accounts for cost related to this infrastructure, which is included in the registry services provider costs in Section I.K “Outsourcing Operating Costs” within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:

- Application Engineers: 19

- Business Continuity Personnel: 3

- Customer Affairs Organization: 9

- Customer Support Personnel: 36

- Information Security Engineers: 11

- Network Administrators: 11

- Network Architects: 4

- Network Operations Center (NOC) Engineers: 33

- Project Managers: 25

- Quality Assurance Engineers: 11

- Systems Architects: 9


To implement and manage the .polo gTLD as described in this application, Verisign, RALPH LAUREN’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.




I. CONCLUSION

The approach outlined in this answer clearly shows that the risk of abuse in the .polo TLD has been extensively mitigated and as a direct result is very low. RALPH LAUREN is committed to ensuring that abuse will not be tolerated. The proposed policies and methods for addressing any abuse exceed the standard outline in the gTLD Applicant Guidebook and is more than commensurate with the risks identified, RALPH LAUREN is, therefore, entitled to a score of two points for its response to Question 28.





** RALPH LAUREN’s draft registration policy


1. Domain Name Licences

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.


2. Selection of Registrars

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have experience of managing the Domain Names of major corporations;

(iv) have proven tools for domain name portfolio management;

(v) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of RALPH LAUREN;

(vi) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(vii) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(viii) provide multi-language support for the registration of IDNs;

(ix) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(x) meet applicable technical requirements of RALPH LAUREN; and

(xi) comply with all conditions, dependencies, policies and other requirements reasonably imposed by RALPH LAUREN, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.


3. Eligible Registrants

The Registrant must be:

(i) an Affiliate entity of RALPH LAUREN; or

(ii) an organisation explicitly authorised by RALPH LAUREN; or

(iii) a natural person explicitly authorised by RALPH LAUREN.
If the Registrant does not meet one of the above eligibility criteria, there is no entitlement to register a Domain Name under the .polo gTLD. If the Registrant ceases to be eligible at any time in the future, the Registry may cancel or suspend the licence to use the Domain Name immediately.


4. Registry approval requirement

Registration of Domain Names under the .polo gTLD must be approved by RALPH LAUREN in addition to meeting all requirements under the Registry Rules. RALPH LAUREN’s approval for a complete and validly submitted application will be authorised by:

(i) Legal Department (“Authorisation Provider”); or

(ii) an authorised person as nominated by RALPH LAUREN (“Authorised Person”) and notified to the Registrar from time to time.
The Authorisation Provider will notify the Registrar of its decision.


5. Required criteria for Domain Name registration

An application for Domain Name registration must meet all the following criteria:

(i) availability;
a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements.

(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry; and
c. any additional technical requirements as required by the Registry from time to time.

(iii) the Domain Name must be consistent with the mission and purposes of the gTLD and consistent with the Domain Name registration policy of RALPH LAUREN, and include but not be limited to:
a. product name;
b. service name;
c. marketing term;
d. geographic identifier; or
e. any relevant name or term as approved by Authorisation Provider or Authorised Person.

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.



6. Obligation of Registrants

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.


The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.



7. Registrant contact information

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:
a. name of a company or organisation;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.



8. Revocation of Domain Names

The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.

(iv) in order to protect the integrity and stability of the domain name system and the Registry;

(v) where such Domain Name is placed under reserved names list at any time; and

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services.



9. Use of second or third level IDNs

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the Registry.


10. Use of Geographic names

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.

Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with RALPH LAUREN’s response to Question 22 Geographic Names.


11. Reserved Names

The Registry may place certain names in its reserved list from time to time where:

(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or

(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.



12. Allocation of Domain Name

The Registry will register Domain Names on a first-come, first-served basis in accordance with the Registry Rules. The Registry does not provide pre-registration or reservation of Domain Names.


13. Limitation on registration ⁄ Domain Name licences

There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.


14. Protection of third party intellectual property rights

The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).


15. Term of registration ⁄ renewal

Initial term of registration:

A Domain Name can be registered for a period between one (1) to ten (10) years.


RENEWAL OF REGISTRATION:

(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.


CANCELLATION OF REGISTRATION:

The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.


AUTO-RENEWAL:

Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.


16. Transfer of Domain Names between registrants

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .polo gTLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the Registry to approve such transfer.


17. Change of Registrar

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.


18. Privacy and Data Protection

By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .polo gTLD. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.

The Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.



19. WHOIS

The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:
(i) the WHOIS database is provided for information purposes only; and
(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.


20. Pricing ⁄ Payment

The new gTLD does not charge a separate fee for the Registrar to register domain names, as the gTLD is used only for the specified mission and purpose of RALPH LAUREN. RALPH LAUREN shall bear the cost of operating the Registry.

The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.


21. Dispute Resolution

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.


22. Compliance with Consensus and Temporary Policies

The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.


23. Definitions

Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:

(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or

(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or

(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

Domain Name means a domain name registered directly under the .polo gTLD or for which a request or application for registration has been filed with the Registry;

ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).

Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;

Registry means RALPH LAUREN COPORATION. (RALPH LAUREN);

Registry Agreement means the agreement between RALPH LAUREN and ICANN;

Registry Rules mean:

(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and

(ii) Registration policies provided and amended by the Registry from time to time.

Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.






*** Draft procedure for management of trademark Infringement claims:


It is almost impossible to devise a standard response⁄process for all claims made of trademark infringement, as the seemingly small individual differences between each complaint and between each domain name registration make the course of action potentially different in each case. This draft procedure is a guide to the general approach required, but thought should be given to the appropriateness of any action in each case, with assistance from designated senior manager where appropriate.



(a) Domain name itself is claimed to be an infringement of a party’s trademark rights:

i. Actions
- Determine if the name is being used for any “visible” fraudulent activity such as phishing. If so, follow the phishing process.
- If no fraudulent content , send “invalid whois” notice to the registrant of the domain name


ii Formulating a response to complainant
- It is outside of a registrar’s scope to determine if a domain name infringes a party’s rights
- Cannot transfer or delete a domain name based on complaint alone – will need to be issued with copies of relevant court orders or other appropriate documentation
- Outline invalid whois process and inform complainant that a notice has already been sent to the registrant in respect of this
- If applicable, inform the complainant that the complaint has also been forwarded to the reseller who may be able to take action.
- Suggest Uniform Dispute Resolution Policy action



(b) Website located at the domain name contains logos or text which are claimed to infringe another parties rights:

i. Actions (where the Registrar is not the host)
- Determine if the name is being used for any “visible” fraudulent activity such as phishing. If so, follow the phishing process.
- If no fraudulent content, send “invalid whois” notice to the registrant of the domain name



ii Formulating a response to complainant (where Registrar is not the host):

- Inform complainant that the Registrar is not hosting the content, and therefore has no ability to access, modify or delete the content.
- Outline who the host is, and, if able to determine, steps to contact them.
- Outline invalid whois process and inform complainant that a notice has already been sent to the registrant in respect of this (use prepared template)
- If applicable, inform the complainant that the complaint has also been forwarded to the relevant third party Registrar




iii. Where Registrar is the host:
- Review, formulate a proposed course of action based on the circumstances and applicable policies,
- Discuss proposed course of action with designated senior manager and base response to complainant around this.



gTLDFull Legal NameE-mail suffixDetail
.abbABB Ltdch.abb.comView
A. ABUSE PREVENTION AND MITIGATION TO BE IMPLEMENTED BY ABB


ABB’s proposed use for .abb should, by its very nature, preclude abusive registrations from occurring, as all domain names may only be registered in the name of ABB and its affiliated entities (for the purposes of this response, “affiliated entities” means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly (i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or (ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or (iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner).

ABB is intending to operate .abb for the benefit of Internet users that would like to interact with ABB. There is no incentive for ABB to confuse Internet users, nor otherwise use domain names in bad faith, since ABB’s branded keyword gTLD is inherently intertwined with all uses of .abb domain names.

Notwithstanding the above, ABB understands and agrees that it must comply with the different rights protection mechanisms such as the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) as described in the gTLD Applicant Guidebook (as may be later amended via Consensus Policy) and the Registry Agreement. The aforementioned policies provide a strong incentive to ensure that relevant and effective checks are in place to ensure that all .abb domain names are only registered and used in an appropriate manner so as to benefit Internet users who would like to interact with ABB, rather than in any manner that may be deemed inappropriate or in bad faith.

ABB will implement a clear written policy which requires the relevant corporate authorisation and approvals to be procured and evidenced in order for any .abb domain name to be registered for ABB’s use. In the event that ABB should consider to permit third parties (other than affiliated entities) that have a relationship with either ABB or its business, to register (or license) and use domain names within the top level domain (TLD), then additional corporate authorisations and approvals may be required to ensure internal responsibility for permitting and enforcing the terms of use of the .abb domain. In addition to these safeguards, all registered domain names in the TLD will be regularly monitored for abusive use.



B. .ABB ANTI-ABUSE POLICIES

Although domain names will only be registered to ABB and its affiliated entities, all domain names will be subject to a specific internal registration policy for the .abb domain. The registration policy will set out in writing a methodology for corporate authorisation, approval and evidence in order for any domain name to be registered for ABB’s use. This will prohibit any abusive use of a domain name. These policies include not only the required URS, but also the supplemental Anti-Phishing Takedown Process, ABB’s Acceptable Use Policy, and ABB’s strict controls on registration.



C. DEFINITION OF ABUSE

ABB defines abuse as an action that causes actual and substantial harm, or is a material predicate of such harm, and is illegal, illegitimate, or otherwise contrary to registration policy. Abuse includes, without limitation, the following:

- Content or actions that attempt to defraud members of the public in any way (for example, ʺphishingʺ sites);

- Content that is hateful, defamatory, derogatory or bigoted based on racial, ethnic, political grounds or which otherwise may cause or incite injury, damage or harm of any kind to any person or entity;

- Content that is threatening or invades another personʹs privacy or property rights or is otherwise in breach of any duty owed to a third party;

- Content or actions that infringe the trademark, copyright, patent rights, trade secret or other intellectual property rights, or any other legal rights of ABB or any third party;

- Content or actions that violate any applicable local, state, national or international law or regulation;

- Content or actions that promote, are involved in or assist in, the conduct of illegal activity of any kind or promote business opportunities or investments that are not permitted under applicable law;

- Content that advertises or offers for sale any goods or services that are unlawful or in breach of any national or international law or regulation; or

- Content or actions associated with the sale or distribution of prescription medication without a valid prescription;

- Content that depicts minors engaged in any activity of a sexual nature or which may otherwise harm minors;

- Activities that mislead or deceive minors into viewing sexually explicit material;

- Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;

- Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;

- Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through Domain Name System (DNS) hijacking or poisoning;

- Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the ownerʹs informed consent.

- Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses;

- Botnet command and control: Services run on a domain name that are used to control a collection of

- Illegally compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks); and

- Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).


As stated in response to Question 18, ABB’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. ABB will implement the following as means of abuse prevention and mitigation:

1) ABB’s draft registration policy ** (See end of document)
2) ABB’s draft procedure for management of trademark infringement claims *** (see end of document)


With regard to violations of the registration policy by any ABB employee ABB will implement the appropriate enforcement means.

Every ABB employee should be aware that the data they create on the corporate systems, including on any domain name hosted in .abb, remains the property of ABB. For security and network maintenance purposes, authorized individuals within ABB may monitor equipment, systems and network traffic at any time. ABB reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

ABB recognizes that, notwithstanding all of ABB’s internal policies having been meticulously followed by all employees and affiliates, the Internet remains an open and ubiquitous system that provides access and anonymity to participants around the world. This is one of the Internet’s strengths and also a source of difficulty as malicious or criminal perpetrators exploit these characteristics for their own benefit. The frequency of activities such as phishing, pharming, spam and DDoS attacks have increased dramatically on the Internet and there is strong evidence to suggest this will continue.

ABB has resolved to ensure that abusive use of the .abb domain names will not be permitted nor tolerated. The nature of such abuses creates security and stability issues for ABB, as well as for users of the Internet in general, and particularly those who wish to interact with ABB in a secure and reliable manner. The nature of such abuses also inherently creates negative publicity and loss of brand integrity and goodwill and, therefore, any such abuse must be swiftly and effectively addressed, and systems must continue to evolve in accordance with evolving threats.



SCANNING TO IDENTIFY MALICIOUS OR ABUSIVE BEHAVIOUR

ABB currently invests in and utilizes third party anti-phishing and abuse solutions to monitor potentially malicious conduct over the Internet, against ABB’s websites, brands and other online business areas. ABB fully intends to continue its support and deployment of these solutions to monitor the .abb domain on an on-going basis. These solutions include:

- All computer systems accessible through .abb shall be continually executing approved virus-scanning software with a current virus database, unless overridden by departmental or group policy for legitimate business reason;

- ABB will conduct automated and regular scanning for malware of all computer systems accessible via domain names in the Registry through its selected back end Registry services provider, Verisign. Registrants are often unknowing victims of malware exploits. Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names. Verisign’s malware scanning service helps prevent websites from infecting other websites by scanning web pages for embedded malicious content that will infect visitors’ websites. Verisign’s malware scanning technology uses a combination of in-depth malware behavioral analysis, anti-virus results, detailed malware patterns, and network analysis to discover known exploits for the particular scanned zone. If malware is detected, the service sends the registrar a report that contains the number of malicious domains found and details about malicious content within its TLD zones. Reports with remediation instructions are provided to help registrars and registrants eliminate the identified malware from the registrant’s website;

- ABB will establish and act upon the results of a regular poll against one or more trusted databases for phishing sites operating (in second level or subordinate domain names) within the TLD. Phishing activity most often occurs through a subordinate domain names, rather than a directly registered second level domain names.



D. ADDITIONAL PROCESSES TO ADDRESS ABUSIVE USE OF REGISTERED DOMAIN NAMES

SUSPENSION PROCESSES CONDUCTED BY BACKEND REGISTRY SERVICES PROVIDER
In the case of domain name abuse, ABB or ABB’s approved registrar(s) will determine whether to take down the subject domain name. Verisign, ABB’s selected backend registry services provider, will follow the auditable processes to comply with the suspension request as set out Diagram 1 of the Attachment.



VERISIGN SUSPENSION NOTIFICATION

ABB or ABB’s approved registrar(s) submits the suspension request to Verisign for processing, documented by:

- Threat domain name

- Registry incident number

- Incident narrative, threat analytics, screen shots to depict abuse, and⁄or other evidence

- Threat classification

- Threat urgency description

- Recommended timeframe for suspension⁄takedown

- Technical details (e.g., Whois records, IP addresses, hash values, anti-virus detection results⁄nomenclature, name servers, domain name statuses that are relevant to the suspension)

- Incident response, including surge capacity



VERISIGN NOTIFICATION VERIFICATION

When Verisign receives a suspension request from ABB or ABB’s approved registrar(s), it performs the following verification procedures:

- Validate that all the required data appears in the notification

- Validate that the request for suspension is for a registered domain name

- Return a case number for tracking purposes



SUSPENSION REJECTION

If required data is missing from the suspension request, or the domain name is not registered, the request will be rejected and returned to ABB or ABB’s approved registrar(s) with the following information:

- Threat domain name

- Registry incident number

- Verisign case number

- Error reason

ABB will notify the registrar of record in relation to a complaint.



E. ABUSE POINT OF CONTACT AND PROCESS FOR ADDRESSING COMPLAINTS

ABB will act as the primary abuse point of contact for the gTLD. ABB may use its third party registrar(s) or its selected back end registry services provider, Verisign, to perform some or all of the functions associated with handling inquiries relating to malicious conduct in the gTLD. Contact details (including at least a valid email and mailing address) for the abuse primary contact will be displayed prominently on ABB’s main website. The primary contact will investigate and respond to all complaints and incidents within a reasonable time and be empowered to take effective action within well-defined written criteria to guide those actions. Action will be taken in line with what is set out in this answer and the registration policy for the .abb domain. Changes to contact details will be clearly and effectively communicated to ICANN and prominently displayed on ABB’s website.

The above mentioned email address will be set up to receive complaints for any potential malicious conduct in the TLD. Furthermore, the email address will be routinely monitored over a 24 hour period, 365 days a year. Complainants will be provided with a written email response communication containing an auditable tracking or case number. ABB will investigate all reasonable complaints and take any reasonably necessary and appropriate action. Verified law enforcement requests will be addressed in no more than twenty-four hours from verified receipt. All other requests will be addressed in no more than seventy-two hours from receipt.

Abuse complaint metrics will be tracked, and adequate resources will be expended to ensure appropriate trending of those metrics by providing the abuse point of contact with sufficient resources. The complaint metrics will be gathered by the registrar(s) and regularly forwarded to ABB for the purposes of identifying gaps in the Registry’s current policies and areas of improvement. Given ABB’s belief that infrastructure protection, rights protection and user security are paramount goals of operating the TLD, ABB intends to engage a third party registrar(s), who will be required to ensure that sufficient resources are provided to satisfy this critical requirement, and to do whatever is reasonably necessary to ensure a secure and trusted zone.

ABB will have strict controls over the registration and use of the .abb domain names. ABB will devise and document strict criteria and authority levels which will need to be satisfied before a domain name can be registered for use. To ensure independence of this function, a third party registrar will be responsible for ensuring strict compliance with the criteria and authority levels designated. Only authorized personnel within ABB organization will be permitted to request and⁄or authorize DNS changes to be made either by the third party registrar or the registry services provider. ABB’s documented criteria and authority levels for registering a domain name ensure multiple, unique points of contact are needed to request and⁄ or approve, update, transfer and⁄ or deal with deletion requests, and will require notification of multiple unique points of contact when a domain name has been updated, transferred, or deleted.



F. ORPHAN GLUE RECORDS

ABB will ensure proper attention is paid to orphan glue records. While orphan glue often supports correct and ordinary operation of the DNS, ABB understands that it will be required, via Specification 6 of the Registry Agreement, to take action to remove orphan glue records when provided with evidence in written form that such records are present in connection with malicious conduct. ABB’s robust controls on registration and use, and ongoing monitoring of the .abb zone, should ensure that this is not an area of concern. Furthermore, ABB’s selected backend registry services provider’s (Verisign’s), registration system is specifically designed to not allow orphan glue records. Registrars are required to delete⁄move all dependent DNS records before they are allowed to delete the parent domain. To prevent orphan glue records, Verisign performs the following checks before removing a domain or name server:



CHECKS DURING DOMAIN DELETE:

- Parent domain delete is not allowed if any other domain in the zone refers to the child name server

- If the parent domain is the only domain using the child name server, then both the domain and the glue record are removed from the zone



CHECK DURING EXPLICIT NAME SERVER DELETE:

- Verisign confirms that the current name server is not referenced by any domain name (in-zone) before deleting the name server



ZONE-FILE IMPACT:

- If the parent domain references the child name server AND if other domains in the zone also reference it AND if the parent domain name is assigned a serverHold status, then the parent domain goes out of the zone but the name server glue record does not

- If no domains reference a name server, then the zone file removes the glue record



CONTROLS ON NEW REGISTRATIONS OF DOMAIN NAMES

ABB will adopt and impose strict controls over the registration and use of .abb domain names. ABB will devise and document strict criteria and authority levels which will need to be satisfied before a domain name can be registered for ABB’s use. To ensure appropriate verification of this function, third party registrar(s) will be appointed to perform the administrative aspects of the registration of domain names in strict compliance with the defined criteria and designated authority levels. The registry services provider will be provided with the defined criteria and will be required to ensure that only domain names which comply with the criteria are registered. Only authorized personnel within ABB organization will be able to request and⁄or authorize DNS changes to be made either by the third party registrar(s) or the registry services provider. ABB’s documented criteria and authority levels for domain name registration will ensure multiple, unique points of contact are needed to request and⁄ or approve, update, transfer and⁄ or deal with deletion requests, and will require notification of multiple unique points of contact when a domain name has been updated, transferred, or deleted.

ABB confirms that it will meet the standards set out in the Registry Agreement, with respect to the Sunrise and Trademark claims process for any domain names registered.



G. ENSURING WHOIS ACCURACY

A complete and accurate Whois database promotes the prevention of identity theft, fraud and other on-line crime, promotes the public’s ability to police its rights against unlawful copyright and trademark infringement, and minimizes technical errors. ABB has a compelling interest in accounting to itself and the public for the use of Applicant assets, and in ensuring those assets are only used by persons or entities authorized by ABB. That interest is especially strong with respect to the .abb gTLD and all domain names registered or used therein, since it is a core component of ABB’s online branding and technological platform.

ABB will enforce the Whois data accuracy provisions in ICANN’s Registry Agreement, Registrar Accreditation Agreement and all relevant Consensus Policies. Those agreements generally require all registrants to provide accurate and reliable contact details and promptly update any changes made during the registration term. ABB’s registrars must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of the domain name registration. ABB and⁄or its affiliated entities will be listed as the sole registrant of all domains within the .abb gTLD. ABB’s clear written policy which requires the relevant corporate authorisation and approvals to be procured and evidenced for any .abb domain name to be registered for ABB’s use, and the subsequent verification through a registrar will ensure thorough pre-verification of all Whois data. Therefore, all Whois information will be complete and accurate at the time of registration. In the event of any change in the Whois contact information for a domain name, that change will be promptly updated in the Whois database.

Verisign, ABB’s selected backend registry services provider, has established policies and procedures to encourage registrar compliance with ICANN’s Whois accuracy requirements. Verisign provides the following services to ABB for incorporation into its full-service registry operations.



REGISTRAR SELF CERTIFICATION.

The self-certification program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Process steps are as follows:

- Verisign sends an email notification to the ICANN primary registrar contact, requesting that the contact go to a designated URL, log in with his⁄her Web ID and password, and complete and submit the online form. The contact must submit the form within 15 business days of receipt of the notification;

- When the form is submitted, Verisign sends the registrar an automated email confirming that the form was successfully submitted;

- Verisign reviews the submitted form to ensure the certifications are compliant;

- Verisign sends the registrar an email notification if the registrar is found to be compliant in all areas;

- If a review of the response indicates that the registrar is out of compliance or if Verisign has follow-up questions, the registrar has 10 days to respond to the inquiry;

- If the registrar does not respond within 15 business days of receiving the original notification, or if it does not respond to the request for additional information, Verisign sends the registrar a Breach Notice and gives the registrar 30 days to cure the breach;

- If the registrar does not cure the breach, Verisign terminates the Registry-Registrar Agreement (RRA).



WHOIS DATA REMINDER PROCESS.

Verisign regularly reminds registrars of their obligation to comply with ICANN’s Whois Data Reminder Policy, which was adopted by ICANN as a consensus policy on 27 March 2003. Verisign sends a notice to all registrars once a year reminding them of their obligation to be diligent in validating the Whois information provided during the registration process, to investigate claims of fraudulent Whois information, and to cancel domain name registrations for which Whois information is determined to be invalid.


H. RESOURCE PLANNING

ABB has effectively mitigated the risk of abuse in the gTLD and foresees dedicating a member of staff to act as the primary points of contact for handling inquiries relating to malicious or abusive conduct in the TLD. ABB is committed to ensuring that sufficient resources are made available at all times. ABB may engage its third party registrar(s) and its selected back end registry services provider, Verisign, to perform some or all of the tasks associated with abuse issues. This will ensure that highly skilled, specialized and scalable resources are on hand to address any possible abuse issues both during the startup phase of the TLD and continually during operations of the TLD.

Verisign, ABB’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to ABB fully accounts for cost related to this infrastructure, which is included in the registry services provider costs in Section I.K “Outsourcing Operating Costs” within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support abuse prevention and mitigation:

- Application Engineers: 19

- Business Continuity Personnel: 3

- Customer Affairs Organization: 9

- Customer Support Personnel: 36

- Information Security Engineers: 11

- Network Administrators: 11

- Network Architects: 4

- Network Operations Center (NOC) Engineers: 33

- Project Managers: 25

- Quality Assurance Engineers: 11

- Systems Architects: 9


To implement and manage the .abb gTLD as described in this application, Verisign, ABB’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.



I. CONCLUSION

The approach outlined in this answer clearly shows that the risk of abuse in the .abb TLD has been extensively mitigated and as a direct result is very low. ABB is committed to ensuring that abuse will not be tolerated. The proposed policies and methods for addressing any abuse exceed the standard outline in the gTLD Applicant Guidebook and are more than commensurate with the risks, ABB is, therefore, entitled to a score of two points for its response to Question 28.





** ABB’S DRAFT REGISTRATION POLICY


1. DOMAIN NAME LICENCES

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.



2. SELECTION OF REGISTRARS

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have experience of managing the Domain Names of major corporations;

(iv) have proven tools for domain name portfolio management;

(v) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of ABB;

(vi) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(vii) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(viii) provide multi-language support for the registration of IDNs;

(ix) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(x) meet applicable technical requirements of ABB; and

(xi) comply with all conditions, dependencies, policies and other requirements reasonably imposed by ABB, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.



3. ELIGIBLE REGISTRANTS

The Registrant must be:

(i) ABB or an affiliated entity thereof; or

(ii) an organisation explicitly authorised by ABB; or

(iii) a natural person explicitly authorised by ABB.
If the Registrant does not meet one of the above eligibility criteria, there is no entitlement to register a Domain Name under the .abb gTLD. If the Registrant ceases to be eligible at any time in the future, the Registry may cancel or suspend the licence to use the Domain Name immediately.



4. REGISTRY APPROVAL REQUIREMENT

Registration of Domain Names under the .abb gTLD must be approved by ABB in addition to meeting all requirements under the Registry Rules. ABB’s approval for a complete and validly submitted application will be authorised by:

(i) Group Function – Intellectual Property (“Authorisation Provider”); or

(ii) an authorised person as nominated by ABB (“Authorised Person”) and notified to the Registrar from time to time.
The Authorisation Provider will notify the Registrar of its decision.



5. REQUIRED CRITERIA FOR DOMAIN NAME REGISTRATION

An application for Domain Name registration must meet all the following criteria:

(i) availability;
a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements.

(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry; and
c. any additional technical requirements as required by the Registry from time to time.

(iii) the Domain Name must be consistent with the mission and purpose of the gTLD and consistent with the Domain Name registration policy of ABB, and may include but not be limited to:
a. product name;
b. service name;
c. marketing term;
d. geographic identifier; or
e. any relevant name or term as approved by Authorisation Provider or Authorised Person.

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.



6. OBLIGATION OF REGISTRANTS

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.


The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.



7. REGISTRANT CONTACT INFORMATION

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:
a. name of a company or organisation;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.



8. REVOCATION OF DOMAIN NAMES

The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.

(iv) in order to protect the integrity and stability of the domain name system and the Registry;

(v) where such Domain Name is placed under reserved names list at any time; and

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services.



9. USE OF SECOND OR THIRD LEVEL IDNS

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the Registry.



10. USE OF GEOGRAPHIC NAMES

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.
Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with ABB’s response to Question 22 Geographic Names.



11. RESERVED NAMES
The Registry may place certain names in its reserved list from time to time where:

(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or

(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.



12. ALLOCATION OF DOMAIN NAME

The Registry will register Domain Names in accordance with the Registry Rules and in accordance with the Registry approval requirement set out in clause 4 of this Registration Policy. The Registry does not provide pre-registration or reservation of Domain Names.



13. LIMITATION ON REGISTRATION ⁄ DOMAIN NAME LICENCES

There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.



14. PROTECTION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS

The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).



15. TERM OF REGISTRATION ⁄ RENEWAL

INITIAL TERM OF REGISTRATION:
A Domain Name can be registered for a period between one (1) to ten (10) years.


RENEWAL OF REGISTRATION:
(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.


CANCELLATION OF REGISTRATION:
The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.


AUTO-RENEWAL:
Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.



16. TRANSFER OF DOMAIN NAMES BETWEEN REGISTRANTS

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .abb gTLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the Registry to approve such transfer.



17. CHANGE OF REGISTRAR

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.



18. PRIVACY AND DATA PROTECTION

By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .abb gTLD. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.


The Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.



19. WHOIS

The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:

(i) the WHOIS database is provided for information purposes only; and

(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.



20. PRICING ⁄ PAYMENT

The new gTLD does not charge a separate fee for the Registrar to register domain names, as the gTLD is used only for the specified mission and purpose of ABB. ABB shall bear the cost of operating the Registry.

The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.



21. DISPUTE RESOLUTION

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.



22. COMPLIANCE WITH CONSENSUS AND TEMPORARY POLICIES

The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.



23. DEFINITIONS

AFFILIATED ENTITY means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:

(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or

(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or

(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

DOMAIN NAME means a domain name registered directly under the .abb gTLD or for which a request or application for registration has been filed with the Registry;

ICANN’S DISPUTE POLICY means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).

REGISTRAR means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;

REGISTRY means ABB Ltd (ABB);

REGISTRY AGREEMENT means the agreement between ABB and ICANN;

REGISTRY RULES mean:
(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and
(ii) Registration policies provided and amended by the Registry from time to time.

REGISTRANT means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.





***

DRAFT PROCEDURE FOR MANAGEMENT OF TRADEMARK INFRINGEMENT CLAIMS:

It is almost impossible to devise a standard response⁄process for all claims made of trademark infringement, as the seemingly small individual differences between each complaint and between each domain name registration make the course of action potentially different in each case. This draft procedure is a guide to the general approach required, but thought should be given to the appropriateness of any action in each case, with assistance from designated senior manager where appropriate.


(a) DOMAIN NAME ITSELF IS CLAIMED TO BE AN INFRINGEMENT OF A PARTY’S TRADEMARK RIGHTS:

i. ACTIONS

- Determine if the name is being used for any “visible” fraudulent activity such as phishing. If so, follow the phishing process.

- If no fraudulent content, send “invalid whois” notice to the registrant of the domain name.



ii FORMULATING A RESPONSE TO COMPLAINANT

- The registrar is not able to determine if a domain name infringes a party’s rights

- The registrar cannot transfer or delete a domain name based on complaint alone
– the registrar will need to be issued with copies of relevant court orders or other appropriate documentation

- Outline invalid whois process and inform complainant that a notice has already been sent to the registrant in respect of this

- If applicable, inform the complainant that the complaint has also been forwarded to the reseller who may be able to take action.

- Suggest Uniform Dispute Resolution Policy action




(b) WEBSITE LOCATED AT THE DOMAIN NAME CONTAINS LOGOS OR TEXT WHICH ARE CLAIMED TO INFRINGE ANOTHER PARTIES RIGHTS:

i. ACTIONS (WHERE THE REGISTRAR IS NOT THE HOST)

- Determine if the name is being used for any “visible” fraudulent activity such as phishing. If so, follow the phishing process.

- If no fraudulent content, send “invalid whois” notice to the registrant of the domain name



ii FORMULATING A RESPONSE TO COMPLAINANT (WHERE REGISTRAR IS NOT THE HOST):

- Inform complainant that the Registrar is not hosting the content, and therefore has no ability to access, modify or delete the content.

- Outline who the host is, and, if able to determine, steps to contact them.

- Outline invalid whois process and inform complainant that a notice has already been sent to the registrant in respect of this (use prepared template)

- If applicable, inform the complainant that the complaint has also been forwarded to the relevant third party Registrar



iii. WHERE REGISTRAR IS THE HOST:

- Review, formulate a proposed course of action based on the circumstances and applicable policies,

- Discuss proposed course of action with designated senior manager and base response to complainant around this.