Back

29 Rights Protection Mechanisms

gTLDFull Legal NameE-mail suffixDetail
.rodeoTop Level Domain Holdings Limitedgmail.comView
--PROTECTION OF LEGAL RIGHTS: A CORE OBJECTIVE--
Ensuring the protection of the legal rights of others is a core objective. We believe that protecting third-party rights enhances the reputation of the registry and encourages registrants. We are therefore committed to the protection of legal rights and have developed a series of mechanisms, including but not limited to, those minimum requirements for rights protection mechanisms as detailed in Specification 7. These mechanisms are intended to prevent infringing or abusive registrations and to identify and address the abusive use of registered names on an ongoing basis and in a timely manner. As part of this commitment, we have developed and will maintain and implement a series of related policies and practices specifically designed to prevent infringing and abusive registrations and uses of domains that affect the legal rights of others. We will take reasonable steps to investigate and respond to any reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

--OVERVIEW--
As well as implementing all ICANN rights protection mechanisms (RPMs), we will introduce other additional RPMs that go beyond the current ICANN protections.

In order to do so, we have developed a detailed policy framework based on best practices from the ccTLD .NZ, from the Council of Country Code Administrators (CoCCA), and from existing gTLDs. This tapestry of policies provides rules and procedures regarding registrant eligibility; sets out which type of names can be registered and which cannot; defines abusive registration and usage and provides for penalties for non-compliance; describes and implements ICANN-mandated RPMs; and binds registrars and registrants to the major policies.

The major policies are the Naming Policy, which defines which names can be registered, and by whom; the Acceptable Use Policy, which describes permitted and non-permitted uses of registered names; the Whois and Privacy Policy, which helps registrants understand what we can and cannot do with their personal data; and the Complaint Resolution Services (CRS).

Registrants are bound to these four policies as a condition of registration through their contracts with their registrars, who are in turn compelled by us to get registrant consent to the policies as a condition of registration.

The Naming Policy first of all defines blocked and reserved names, which include geographical names at the second level, thereby adhering to ICANN rules and protecting the rights of governments. Secondly, it prohibits the registration of infringing names and specifically binds registrants to ICANN RPMs. It contains provisions beyond ICANN RPMs, such as prohibiting multiple attempts at blocked names, either through the same or by using different registrars. The Naming Policy further provides that we may sanction registrants who do not abide by its provisions by revoking names (with or without refund) and in appropriate cases informing law enforcement.

The Acceptable Use Policy (AUP) addresses abusive use of second-level domain names, prohibiting spam, phishing pharming, malware, illegal content and other abusive uses of second-level domain, including abusive registrations, particularly registrations that infringe the rights of third parties. Many best practices concerning infringing registrations that were developed in among ccTLD world have in the gTLD world been superseded by Consensus Policies developed at ICANN. Where ICANN has procedures and policies, we follow them. Therefore, the AUP requires that registrants abide by the terms of the Uniform Domain Name Dispute Resolution Policy (UDRP), the Uniform Rapid Suspension service (URS), and the Trademark Claims Services (TCS). Another ICANN-mandated rights protection mechanisms (RPM), the Sunrise Period, will be implemented as described later in this response.

Above and beyond the ICANN-mandated RPMs, the AUP contains provisions that exceed ICANN policy minimums to provide a higher standard of protection for the legal rights of others. The AUP allows us to suspend or cancel names, or multiple names by the same registrant, if an egregious use or pattern of abusive or infringing use is engaged in by a registrant. In addition, the Complaint Resolution Service (CRS) provides means for Internet users to alert us to abusive or infringing registrations.

Additional prevention or mitigation of abusive or infringing registrations include rapid takedown procedures; cancelation or suspension of multiple domain names registered to the same flagrant abuser; higher prices to discourage mass registrants of abusive names; and protection of second-level geographic names.

We first describe the implementation of ICANN-mandated mechanisms, then follow that with a description of the additional policies we plan to implement to prevent registration abuse and rights infringement.

--SUNRISE--
The Sunrise Period is mandated by ICANN, as per Section 6.2 of the Trade Mark Clearinghouse module of the registry agreement. It is a process by which owners of legal rights have the opportunity to register domain names before the process opens to the public or others. Specifically, rights holders may use the Sunrise Service to assert a priority right to register a second-level domain which matches their eligible word mark, as defined in paragraph 7.2 of the Trade Mark Clearinghouse module of the registry agreement. An identical match (as defined in paragraph 6.1.5 of the Trade Mark Clearinghouse module of the registry agreement) is required between the eligible word registered in the Trademark Clearing House (“TCH”) and the domain applied for as a condition of participation in the Sunrise Period. All Sunrise applications will be validated by a third-party verification agent through the ICANN-mandated TCH to check the eligibility of the legal right claimed.

We will offer the Sunrise period for a minimum of 30 days during the pre-launch phase, and according to the terms of the Sunrise Policy. Applications received within that period are treated as filed at the same time. Where there is a contest between valid claimants, allocation will be determined by auction.

The Sunrise policy will provide for a Sunrise Dispute Resolution policy, which will allow a challenge under the four grounds required in paragraph 6.2.4 of the Trade Mark Clearinghouse module of the registry agreement. Other grounds may be added as experience reveals their advantages.

Policy oversight of the Sunrise Service will be provided by the Minds + Machines Vice-President of Policy, Peter Dengate Thrush. Peter is an intellectual property barrister experienced in intellectual property cases, especially involving domain names. He was involved in ICANN’s Working Group A which developed the UDRP, and with the New Zealand Working Group which developed the Dispute Resolution Process for .NZ. Operational oversight of the Sunrise Period will be provided by Minds + Machines’ CEO, Antony Van Couvering. Antony is a veteran of several Sunrise periods as the head of a registrar (NameEngine) specializing in providing services to large brands and other holders of trademarks. We will provide all necessary infrastructure and sufficient resources to support the Sunrise Period.

--TRADEMARK CLAIMS SERVICE--
We will provide a TCS during an initial launch period for eligible marks as defined in para 7.1 of the Trade Mark Clearinghouse module of the registry agreement. This launch period will last at least the first 60 days of general registration, and will be operated according to the terms of Trademark Claims Policy.

The TCS allows a trademark owner to register a claim asserting trademark rights by putting potential registrants on notice of its possible legal claim of the domain name being considered for registration. We will provide notice in the approved format to all prospective registrants of domains that match trademarks in the TCH that their registration may infringe a trademark right. The mandatory form requires a prospective registrant to specifically warrant that: (i) the prospective registrant has received notification that the mark(s) is included in the TCH; (ii) the prospective registrant has received and understood the notice; and (iii) to the best of the prospective registrant’s knowledge, the registration and use of the requested domain name will not infringe on the rights that are the subject of the notice.

Additionally, the Trademark Claims Notice will provide the prospective registrant with access to the Trademark Clearinghouse Database information referenced in the Trademark Claims Notice to enhance understanding of the trademark rights being claimed by the trademark holder. These links (or other sources) will be provided in real time without cost to the prospective registrant. The Trademark Claims Notice will be provided in the language used for the rest of the interaction with the registrar or registry, and will be provided in the most appropriate UN-sponsored language as specified by the prospective registrant or registrar⁄registry.

Oversight of TCS will also rest with the Vice President of Policy (VPP). We will provide the necessary infrastructure and sufficient resources to support the VPP in this role, including adequate computers, connectivity, telephones including cell phones and administrative support.

Responsibility for implementing the customer-facing (registrar) aspects of the Trademark Sunrise Service and TCS will rest with the Registrar Liaison as part of their on-going responsibilities. Responsibility for the technical implementation of the Trademark Sunrise and TCS will rest with the Registry under the contract to provide registry services. Minds + Machines’ CTO, network engineer, and systems engineer will maintain the functionality of the automated Trademark Clearinghouse system. No additional resourcing is required to support these functions, as they are part of the base level requirements for the Registrar Liaison and the CTO. We will pay fees to the TCH for Sunrise and TCS services. At the present time no fees details are available, but we assume that the higher fees we propose to charge Sunrise applicants during the 60-day TCS period will be sufficient to cover the fees likely to be charged by the TCH.

--PHISHING AND PHARMING--
Phishing and pharming are a kind of rights infringement in which the malefactor pretends to be a trusted source by using another’s trademark, brand look-and-feel, or other protected property in order to lure Internet users to perform some action that benefits the perpetrator. These practices are prohibited by the AUP and will result in cancelation of any second-level domain name involved, and possibly in cancelation of additional names registered to the abuser.

--POST DELEGATION DISPUTE RESOLUTION POLICY--
In the Registry Agreement with ICANN, we will agree to participate in all post-delegation procedures and to be bound by the resulting determinations. Because we are fully committed to combatting abusive use and abusive registration of second-level registrations, we do not expect to have occasion to be involved in any proceedings stemming from ICANN’s Post Delegation Dispute Resolution Policy (PDDRP), which deals with registries who knowingly engage in trademark infringement or abet those who do. We will comply with all Consensus Policies adopted by ICANN, including the PDDRP.

--ADDITIONAL ANTI-ABUSE POLICES--
We will be implementing RPMs and anti-abuse measures that go beyond the UDRP, URS, Sunrise, TCS and other ICANN-mandated mechanisms and procedures. These additional measures are detailed below.

--COMPLAINT RESOLUTION SERVICE--
The Complaint Resolution Service (CRS) is an alternative to litigation for resolution of complaints between the registrant of a domain name and a complainant who alleges a registrant or a domain name is in violation of the AUP. The CRS provides a transparent, efficient, and cost effective way for the public, law enforcement agencies, regulatory bodies, and intellectual property owners to address concerns regarding abuse on the system.

The CRS provides a reliable and simple way for the public to inform us if they think there is a problem. Submissions of suspected infringement or abuse are monitored by Registrar Customer Service personnel and escalated according to severity. Upon escalation, we may take immediate action to protect registry system or the public interest or refer the matter to law enforcement if we suspect criminal activity. In the case of a non-critical complaint, the CRS also provides an amicable complaint resolution and adjudication service conducted by an Ombudsperson hired by Minds + Machines. The CRS is a service intended to supplement parties’ existing legal rights to resolve a dispute in a court of law. Any proceeding brought under the CRS will be suspended upon any pleading to a court, decision-making body, or tribunal, and only re-started if directed to do so by one of those bodies.

The Ombudsperson is a neutral third-party specialist with respect to conflict resolution who will provide informal arms-length mediation and adjudication of any complaints of alleged registrant abuses and violations of the AUP. The Ombudsperson shall have the power to direct that a domain name should be cancelled, suspended, transferred, modified or otherwise amended.

If the Ombudsperson takes a decision that a domain name registration should be cancelled, suspended, transferred, modified, or otherwise amended, the Ombudsperson will implement that decision by requesting the Registry to make the necessary changes to the Register. The CRS provides for a right of appeal by registrants if they believe the AUP has been enforced in error.
We will comply with the decisions of the Ombudsperson and the Appeal Panel under the direction of the VPP.

--PROVISIONS OF THE ACCEPTABLE USE POLICY--
The AUP defines a set of unacceptable behaviors by domain name registrants in relation to the use of their domain names. It is incorporated by reference into the Registrant Agreement. It defines the acceptable use of second-level domains, and is designed to ensure that the registry is used for appropriate and legal purposes.

The AUP specifically bans, among other practices, the use of a domain name for abusive or illegal activities, including:

(i) illegal, fraudulent, misleading, or deceptive actions or behavior;
(ii) spamming (the use of electronic messaging systems to send unsolicited bulk messages, including email spam, instant messaging spam, mobile messaging spam, the spamming of Web sites and Internet forums, and use of email in a Distributed Denial of Service (DDoS) attack);
(iii) phishing (the use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data);
(iv) pharming (the redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning);
(v) willful distribution of malware (the dissemination of software designed to infiltrate or damage a computer system without the owner’s consent--e.g. computer viruses, worms, keyloggers and Trojan horses);
(vi) fast-flux hosting (use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities);
(vii) botnet command and control (services run on a domain name that are used to control a collection of compromised computers or “zombies,” or to direct DDoS attacks);
(viii) distribution of obscene material, including but not limited to child pornography, bestiality, excessive violence;
(ix) illegal or unauthorized access to computer networks or data (illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another party’s system, often referred to as “hacking,” or any activity that may be used as a precursor to an attempted system penetration, such as port scanning, stealth scanning, probing, surveillance or other information gathering activity);
(x) deceptive or confusing uses of the domain or any content provided thereon with respect to any third party’s rights;
(xi) disrupting the registry network or the provision of any content capable of disruption of computer or systems or data networks;
(xii) providing circumvention technologies, technical information or other data that violates export control laws;
(xiii) spoofing (forging email network headers or other identifying information); and
(xiv) distribution of any other illegal or offensive material including hate speech, harassment, defamation, abusive or threatening content, or any other illegal material that violates the legal rights of others including but not limited to rights of privacy or intellectual property protections.

--MALWARE--
The AUP prohibits the use of the second-level domains to spread or install malware. Malware is software that is installed without the knowledge of the end user, or without the full understanding by the user of the software’s effects, which are often deleterious or dangerous. It should be noted that malware cannot be spread by the registration of a domain name. Where applicable, we will adhere to and implement the recommendations of NIST SP 800-83, “Guide to Malware Incident Prevention and Handling.” We have documented polices, processes, and procedures to mitigate operating system and application vulnerabilities that malware might exploit, as explained in further detail in our answers to Question 30: Security and Question 32: Architecture. We will implement a malware awareness program that includes guidance to users on malware incident prevention, detection and how to report suspect infections.

As recommended in NIST Special Publication 800-61, “Computer Security Incident Handling Guide,” we have instituted a robust incident response process to address malware, which has four main phases: preparation, detection and analysis, containment⁄eradication⁄recovery, and post-incident activity. In order to be prepared, we will implement malware-specific incident handling policies and procedures. As part of our detection objective, we will review malware incident data from primary sources and monitor malware advisories and alerts to identify likely impending malware incidents. We understand that we can play a critical role in the containment and eradication process of malware, and we will develop strategies and implement procedures, reflecting the appropriate level of risk, to contain and mitigate malware threats. The policies will clearly define who has the authority to make major containment decisions and under what circumstances various actions are appropriate. We reserve the right in contracts, and will not hesitate to use that right, to shut down or block services, such as email, that are used as vectors by malware producers. We also reserve the right and are prepared to place additional temporary restrictions on network connectivity to contain a malware incident, such as suspending Internet access or physically disconnecting systems from network, even while we recognize the impact such restrictions might have on organizational functions. Our strategy for the recovery phase from malware incidents is to restore the functionality and data of infected systems and to lift temporary containment measures. Our strategy for handling malware incidents in the final phase includes conducting a robust assessment of lessons learned after major malware incidents to prevent similar incidents from occurring in the future.

Additionally, we will work with the Anti-Phishing Working Group and other industry leaders, including ICANN working groups on phishing and pharming, to ensure that our practices allow parties to act quickly when a registrant is in violation of the policies. Finally, we reserve the right to immediately terminate any activity deemed, in our sole judgment, to be abusive, in violation of the AUP or related policies, or against the public interest.

--RAPID TAKE-DOWN PROCEDURES--
The AUP and related policies provide for a rapid take-down of abusive domains that are in violation of the policies, including mass domain shutdowns to act against DDoS, phishing abuse, and Botnet exploitation of domain names. Experience has shown that aggressive policy enforcement, combined with user-accessible complaint procedures to shut down obviously abusive names discourages malefactors, who have the option of registering in more loosely administered TLDs, such as .COM or .INFO.

--PROTECTION OF GEOGRAPHIC NAMES--
We will enact measures for the protection of country and territory names. The geographical names contained in the lists described in Specification 5 of the registry agreement will be added to the registry software system “prohibited word” function. Any attempt to register a domain containing those geographical names will be automatically denied, as they were similarly blocked in the .INFO TLD. See our answer to Question 22: Protection of Geographic Names for a more complete description of polices to protect geographic names.

--COMMUNITY FLAGGING--
We will use the common practice of community flagging of abusive uses of domains in order to rapidly detect a possible abuse so that a rapid response may be provided, including a rapid take-down of an abusive domain. Community members can easily flag a domain name as potentially abusive by filing notice through the Complaint Resolution Service. The CRS provides a “community flagging” mechanism that allows Internet users to report suspected violations and has proven to be an effective and speedy policy to prevent unwanted behavior. Internet web sites such as Craigslist, OK Cupid and many others use community flagging as their primary means of combating illegal and abusive behavior, and we will implement it in the registry.

--SUSPENDING MULTIPLE DOMAINS FOR FLAGRANT ABUSE--
The Registry reserves the right to suspend all domain names registered to or associated with any user for flagrant or repetitive abuse of any domain name as a means of preventing and curtailing abuse of the systems.

--TRANSFER FEES TO MITIGATE ABUSE--
To create a deterrent to abuse in the registry, we will charge registrants with a processing fee for transferring domains to another registrar or registrant. The transfer processing fee assessed will not be high, but will act as a deterrent by those who register multiple domain names for their schemes.

--QUALIFICATION OF REGISTRANTS--
We will have no general eligibility requirements for registration as pre-qualification of registrations is not applicable to our business model. Validation of Whois information prior to registration has been met with widespread user non-adoption among top-level domains historically. In country-code top-level domains such as .FR (France), .ES (Spain), .PT (Portugal), and .SE (Sweden), pre-validation has been abandoned due to depressed user adoption and criticism from end users and industry businesses, such as web hosting companies, ISPs, and domain name registrars. With few exceptions, major registries validate Whois information after the domain name is delegated, if at all. This reduces cost, which keeps prices down and allows for the near-instant registration of domain names by ordinary registrants.

We will not use pre-delegation validation of registrant data. Our strong policies against abusive registrations, combined with the easy-to-use CRS and active enforcement response, will better balance the needs of consumers and law enforcement or other users of Whois information than pre-verification, and in addition will result in higher customer satisfaction.

We will discourage illegitimate or abusive registrations by pricing our domain names above the price of .COM or .BIZ, which we believe will discourage various forms of noxious behaviors, as cybercriminals typically register large numbers of domains for their schemes and will therefore face a larger cost of doing business if they attempt to use the registry for their schemes. We therefore will price domain names at a wholesale cost higher than existing gTLDs as a way to discourage malicious use of second-level domain names. With fewer illegitimate registrations, we expect that Whois accuracy will be higher.

--IMPLEMENTATION OF POLICY--
The Vice-President of Policy will oversee the management and maintenance of all policies and coordinate their implementation with Minds + Machines’ CTO and other technical staff and any third-party service provider partners. The VP of Policy will also be responsible for assuring that the policies are complied with by both registrars and registrants. We are committed to providing sufficient resources to ensure full functioning and effective implementation of these policies, as described below.

We will implement all decisions rendered under the URS and UDRP and courts of law in an ongoing and timely manner. We have designated the Vice-President of Policy as the URS Point of Contact (URSPOC) for proceedings brought under the URS against registrations in the Registry. The URSPOC will monitor the receipt of emails from URS providers informing that a URS complaint has passed Administrative Review, and will, on receipt of such an email, immediately arrange to lock the relevant domain name. Resolution services shall not be affected. The USPOC will also monitor emails from URS providers for determinations in URS cases, and will act on them according to their terms. In those cases where the complainant has succeeded in the URS complaint, the domain name status will be moved from “locked” to “suspended”, and will not longer resolve. Where a complainant has been unsuccessful, the domain name will be unlocked, with full control being restored to the registrant. If an appeal is filed, the URSPOC will monitor emails for any change of status resulting from such appeals. The software will designate the status of names during URS proceedings and provide for monitoring to ensure deadlines are met. In order to be able to monitor emails or phone calls and respond quickly, the VPP will be aided by one or more of the Registrar Customer Service representatives.

In the event that the rate of complaints is too high for existing personnel to handle, we will work to automate what can be automated, and hire additional staff as necessary. If a high percentage of complaints are nuisance complaints, or harassing complaints, we may institute a small fee for the Complaint Resolution service in order to prevent capricious use of the service.

Responsibility for maintaining and implementing technical protection mechanisms via the Registry software and hardware rests with the CTO. The CTO will be aided by developers, architect, and technicians in the NOC.

--RIGHTS PROTECTION MECHANISMS--
The Vice-President of Policy will oversee the management and maintenance of all the policies and coordinate their implementation with Minds + Machines’ CTO and other technical staff and any third-party service provider partners. The VP of Policy, in co-ordination with the Compliance Administrator, will also be responsible for assuring that the policies are complied with by both registrars and registrants. We are committed to providing sufficient resources to ensure full functioning and effective implementation of these policies, as described below.

In the event that the rate of complaints is too high for existing personnel to handle, we will work to automate what can be automated, and hire additional staff as necessary. If a high percentage of complaints are nuisance complaints, or harassing complaints, we may institute a small fee for the Complaint Resolution service in order to prevent capricious use of the service.

Responsibility for maintaining and implementing technical protection mechanisms via the Registry software and hardware rests with Minds + Machines’ CTO, who has worked extensively with enforcing Rights Protections in registries through software applications. The CTO will direct the technical team as necessary. The technical team will implement the trademark clearinghouse and sunrise services at the application level, including connecting to the TMCH, and managing the API for sunrise auction tools.

Our registry functions are outsourced to Minds + Machines. Their staff resource allocation follows. All costs associated with the technical functioning of the registry are covered by Minds + Machines as per our contract with them. Please see the attachment to “Q 24 Staff” for complete descriptions of each staff position.

Title
-----
CTO
VP Policy
Compliance Administrator
Registrar CS Tech 1
Registrar CS Tech 2
Espresso Application Dev
Espresso Application Dev 2
Espresso Application Dev 3
Database Developer
Database Developer 2
gTLDFull Legal NameE-mail suffixDetail
.ddsTop Level Domain Holdings Limitedgmail.comView
--PROTECTION OF LEGAL RIGHTS: A CORE OBJECTIVE--
Ensuring the protection of the legal rights of others is a core objective. We believe that protecting third-party rights enhances the reputation of the registry and encourages registrants. We are therefore committed to the protection of legal rights and have developed a series of mechanisms, including but not limited to, those minimum requirements for rights protection mechanisms as detailed in Specification 7. These mechanisms are intended to prevent infringing or abusive registrations and to identify and address the abusive use of registered names on an ongoing basis and in a timely manner. As part of this commitment, we have developed and will maintain and implement a series of related policies and practices specifically designed to prevent infringing and abusive registrations and uses of domains that affect the legal rights of others. We will take reasonable steps to investigate and respond to any reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

--OVERVIEW--
As well as implementing all ICANN rights protection mechanisms (RPMs), we will introduce other additional RPMs that go beyond the current ICANN protections.

In order to do so, we have developed a detailed policy framework based on best practices from the ccTLD .NZ, from the Council of Country Code Administrators (CoCCA), and from existing gTLDs. This tapestry of policies provides rules and procedures regarding registrant eligibility; sets out which type of names can be registered and which cannot; defines abusive registration and usage and provides for penalties for non-compliance; describes and implements ICANN-mandated RPMs; and binds registrars and registrants to the major policies.

The major policies are the Naming Policy, which defines which names can be registered,; the Acceptable Use Policy, which describes permitted and non-permitted uses of registered names; the Whois and Privacy Policy, which helps registrants understand what we can and cannot do with their personal data; and the Complaint Resolution Services (CRS).

Registrants are bound to these four policies as a condition of registration through their contracts with their registrars, who are in turn compelled by us to get registrant consent to the policies as a condition of registration.

The Naming Policy first of all defines blocked and reserved names, which include geographical names at the second level, thereby adhering to ICANN rules and protecting the rights of governments. Secondly, it prohibits the registration of infringing names and specifically binds registrants to ICANN RPMs. It contains provisions beyond ICANN RPMs, such as prohibiting multiple attempts at blocked names, either through the same or by using different registrars. The Naming Policy further provides that we may sanction registrants who do not abide by its provisions by revoking names (with or without refund) and in appropriate cases informing law enforcement.

The Acceptable Use Policy (AUP) addresses abusive use of second-level domain names, prohibiting spam, phishing pharming, malware, illegal content and other abusive uses of second-level domain, including abusive registrations, particularly registrations that infringe the rights of third parties. Many best practices concerning infringing registrations that were developed in among ccTLD world have in the gTLD world been superseded by Consensus Policies developed at ICANN. Where ICANN has procedures and policies, we follow them. Therefore, the AUP requires that registrants abide by the terms of the Uniform Domain Name Dispute Resolution Policy (UDRP), the Uniform Rapid Suspension service (URS), and the Trademark Claims Services (TCS). Another ICANN-mandated rights protection mechanisms (RPM), the Sunrise Period, will be implemented as described later in this response.

Above and beyond the ICANN-mandated RPMs, the AUP contains provisions that exceed ICANN policy minimums to provide a higher standard of protection for the legal rights of others. The AUP allows us to suspend or cancel names, or multiple names by the same registrant, if an egregious use or pattern of abusive or infringing use is engaged in by a registrant. In addition, the Complaint Resolution Service (CRS) provides means for Internet users to alert us to abusive or infringing registrations.

Additional prevention or mitigation of abusive or infringing registrations include rapid takedown procedures; cancelation or suspension of multiple domain names registered to the same flagrant abuser; higher prices to discourage mass registrants of abusive names; and protection of second-level geographic names.

We first describe the implementation of ICANN-mandated mechanisms, then follow that with a description of the additional policies we plan to implement to prevent registration abuse and rights infringement.

--SUNRISE--
The Sunrise Period is mandated by ICANN, as per Section 6.2 of the Trade Mark Clearinghouse module of the registry agreement. It is a process by which owners of legal rights have the opportunity to register domain names before the process opens to the public or others. Specifically, rights holders may use the Sunrise Service to assert a priority right to register a second-level domain which matches their eligible word mark, as defined in paragraph 7.2 of the Trade Mark Clearinghouse module of the registry agreement. An identical match (as defined in paragraph 6.1.5 of the Trade Mark Clearinghouse module of the registry agreement) is required between the eligible word registered in the Trademark Clearing House (“TCH”) and the domain applied for as a condition of participation in the Sunrise Period. All Sunrise applications will be validated by a third-party verification agent through the ICANN-mandated TCH to check the eligibility of the legal right claimed.

We will offer the Sunrise period for a minimum of 30 days during the pre-launch phase, and according to the terms of the Sunrise Policy. Applications received within that period are treated as filed at the same time. Where there is a contest between valid claimants, allocation will be determined by auction.

The Sunrise policy will provide for a Sunrise Dispute Resolution policy, which will allow a challenge under the four grounds required in paragraph 6.2.4 of the Trade Mark Clearinghouse module of the registry agreement. Other grounds may be added as experience reveals their advantages.

Policy oversight of the Sunrise Service will be provided by the Minds + Machines Vice-President of Policy (“VPP”), Peter Dengate Thrush. Peter is an intellectual property barrister experienced in intellectual property cases, especially involving domain names. He was involved in ICANN’s Working Group A which developed the UDRP, and with the New Zealand Working Group which developed the Dispute Resolution Process for .NZ. Operational oversight of the Sunrise Period will be provided by Minds + Machines’ CEO, Antony Van Couvering. Antony is a veteran of several Sunrise periods as the head of a registrar (NameEngine) specializing in providing services to large brands and other holders of trademarks. Minds and Machines will provide all necessary infrastructure and sufficient resources to support the Sunrise Period.

--TRADEMARK CLAIMS SERVICE--
We will provide a TCS during an initial launch period for eligible marks as defined in para 7.1 of the Trade Mark Clearinghouse module of the registry agreement. This launch period will last at least the first 60 days of general registration, and will be operated according to the terms of ICANN’s Trademark Claims Service Policy.

The TCS allows a trademark owner to register a claim asserting trademark rights by putting potential registrants on notice of its possible legal claim of the domain name being considered for registration. We will provide notice in the approved format to all prospective registrants of domains that match trademarks in the TCH that their registration may infringe a trademark right. The mandatory form requires a prospective registrant to specifically warrant that: (i) the prospective registrant has received notification that the mark(s) is included in the TCH; (ii) the prospective registrant has received and understood the notice; and (iii) to the best of the prospective registrant’s knowledge, the registration and use of the requested domain name will not infringe the rights that are the subject of the notice.

Additionally, the Trademark Claims Notice will provide the prospective registrant with access to the Trademark Clearinghouse Database information referenced in the Trademark Claims Notice to enhance understanding of the trademark rights being claimed by the trademark holder. These links (or other sources) will be provided in real time without cost to the prospective registrant. The Trademark Claims Notice will be provided in the language used for the rest of the interaction with the registrar or registry, and will be provided in the most appropriate UN-sponsored language as specified by the prospective registrant or registrar⁄registry.

Oversight of TCS will also rest with the office of the VPP. We will provide the necessary infrastructure and sufficient resources to support the VPP in this role, including adequate computers, connectivity, telephones including cell phones and administrative support.

Responsibility for implementing the customer-facing (registrar) aspects of the Trademark Sunrise Service and TCS will rest with the Registrar Liaison as part of their on-going responsibilities. Responsibility for the technical implementation of the Trademark Sunrise and TCS will rest with the Registry under the contract to provide registry services. Minds + Machines’ CTO, network engineer, and systems engineer will maintain the functionality of the automated Trademark Clearinghouse system. No additional resourcing is required to support these functions, as they are part of the base level requirements for the Registrar Liaison and the CTO. We will pay fees to the TCH for Sunrise and TCS services. At the present time no fees details are available, but we assume that the higher fees we propose to charge Sunrise applicants during the 60-day TCS period will be sufficient to cover the fees likely to be charged by the TCH.

--PHISHING AND PHARMING--
Phishing and pharming are a kind of rights infringement in which the malefactor pretends to be a trusted source by using another’s trademark, brand look-and-feel, or other protected property in order to lure Internet users to perform some action that benefits the perpetrator. These practices are prohibited by the AUP and will result in cancelation of any second-level domain name involved, and possibly in cancelation of additional names registered to the abuser.

--POST DELEGATION DISPUTE RESOLUTION POLICY--
In the Registry Agreement with ICANN, we will agree to participate in all post-delegation dispute resolution procedures and to be bound by the resulting determinations. Because we are fully committed to combatting abusive use and abusive registration of second-level registrations, we do not expect to have occasion to be involved in any proceedings stemming from ICANN’s Post Delegation Dispute Resolution Policy (PDDRP), which deals with registries who knowingly engage in trademark infringement or abet those who do. We will comply with all Consensus Policies adopted by ICANN, including the PDDRP.

--ADDITIONAL ANTI-ABUSE POLICES--
We will be implementing RPMs and anti-abuse measures that go beyond the UDRP, URS, Sunrise, TCS and other ICANN-mandated mechanisms and procedures. These additional measures are detailed below.

--COMPLAINT RESOLUTION SERVICE--
The Complaint Resolution Service (CRS) is an alternative to litigation for resolution of complaints between the registrant of a domain name and a complainant who alleges a registrant or a domain name is in violation of the AUP. The CRS provides a transparent, efficient, and cost effective way for the public, law enforcement agencies, regulatory bodies, and intellectual property owners to address concerns regarding abuse on the system.

The CRS provides a reliable and simple way for the public to inform us if they think there is a problem. Submissions of suspected infringement or abuse are monitored by Registrar Customer Service personnel and escalated according to severity. Upon escalation, we may take immediate action to protect registry system or the public interest or refer the matter to law enforcement if we suspect criminal activity. In the case of a non-critical complaint, the CRS also provides an amicable complaint resolution and adjudication service conducted by an Ombudsperson hired by Minds + Machines. The CRS is a service intended to supplement parties’ existing legal rights to resolve a dispute in a court of law. Any proceeding brought under the CRS will be suspended upon any pleading to a court, decision-making body, or tribunal, and only re-started if directed to do so by one of those bodies.

The Ombudsperson is a neutral third-party specialist with respect to conflict resolution who will provide informal arms-length mediation and adjudication of any complaints of alleged registrant abuses and violations of the AUP. The Ombudsperson shall have the power to direct that a domain name should be cancelled, suspended, transferred, modified or otherwise amended.

If the Ombudsperson takes a decision that a domain name registration should be cancelled, suspended, transferred, modified, or otherwise amended, the Ombudsperson will implement that decision by requesting the Registry to make the necessary changes to the Register. The CRS provides for a right of appeal by registrants if they believe the AUP has been enforced in error.
We will comply with the decisions of the Ombudsperson and the Appeal Panel under the direction of the VPP.

--PROVISIONS OF THE ACCEPTABLE USE POLICY--
The AUP defines a set of unacceptable behaviors by domain name registrants in relation to the use of their domain names. It is incorporated by reference into the Registrant Agreement. It defines the acceptable use of second-level domains, and is designed to ensure that the registry is used for appropriate and legal purposes.

The AUP specifically bans, among other practices, the use of a domain name for abusive or illegal activities, including:

(i) illegal, fraudulent, misleading, or deceptive actions or behavior;
(ii) spamming (the use of electronic messaging systems to send unsolicited bulk messages, including email spam, instant messaging spam, mobile messaging spam, the spamming of Web sites and Internet forums, and use of email in a Distributed Denial of Service (DDoS) attack);
(iii) phishing (the use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data);
(iv) pharming (the redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning);
(v) willful distribution of malware (the dissemination of software designed to infiltrate or damage a computer system without the owner’s consent--e.g. computer viruses, worms, keyloggers and Trojan horses);
(vi) fast-flux hosting (use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities);
(vii) botnet command and control (services run on a domain name that are used to control a collection of compromised computers or “zombies,” or to direct DDoS attacks);
(viii) distribution of obscene material, including but not limited to child pornography, bestiality, excessive violence;
(ix) illegal or unauthorized access to computer networks or data (illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another party’s system, often referred to as “hacking,” or any activity that may be used as a precursor to an attempted system penetration, such as port scanning, stealth scanning, probing, surveillance or other information gathering activity);
(x) deceptive or confusing uses of the domain or any content provided thereon with respect to any third party’s rights;
(xi) disrupting the registry network or the provision of any content capable of disruption of computer or systems or data networks;
(xii) providing circumvention technologies, technical information or other data that violates export control laws;
(xiii) spoofing (forging email network headers or other identifying information); and
(xiv) distribution of any other illegal or offensive material including hate speech, harassment, defamation, abusive or threatening content, or any other illegal material that violates the legal rights of others including but not limited to rights of privacy or intellectual property protections.

--MALWARE--
The AUP prohibits the use of the second-level domains to spread or install malware. Malware is software that is installed without the knowledge of the end user, or without the full understanding by the user of the software’s effects, which are often deleterious or dangerous. It should be noted that malware cannot be spread by the registration of a domain name. Where applicable, we will adhere to and implement the recommendations of NIST SP 800-83, “Guide to Malware Incident Prevention and Handling.” We have documented polices, processes, and procedures to mitigate operating system and application vulnerabilities that malware might exploit, as explained in further detail in our answers to Question 30: Security and Question 32: Architecture. We will implement a malware awareness program that includes guidance to users on malware incident prevention, detection and how to report suspect infections.

As recommended in NIST Special Publication 800-61, “Computer Security Incident Handling Guide,” we have instituted a robust incident response process to address malware, which has four main phases: preparation, detection and analysis, containment⁄eradication⁄recovery, and post-incident activity. In order to be prepared, we will implement malware-specific incident handling policies and procedures. As part of our detection objective, we will review malware incident data from primary sources and monitor malware advisories and alerts to identify likely impending malware incidents. We understand that we can play a critical role in the containment and eradication process of malware, and we will develop strategies and implement procedures, reflecting the appropriate level of risk, to contain and mitigate malware threats. The policies will clearly define who has the authority to make major containment decisions and under what circumstances various actions are appropriate. We reserve the right in contracts, and will not hesitate to use that right, to shut down or block services, such as email, that are used as vectors by malware producers. We also reserve the right and are prepared to place additional temporary restrictions on network connectivity to contain a malware incident, such as suspending Internet access or physically disconnecting systems from network, even while we recognize the impact such restrictions might have on organizational functions. Our strategy for the recovery phase from malware incidents is to restore the functionality and data of infected systems and to lift temporary containment measures. Our strategy for handling malware incidents in the final phase includes conducting a robust assessment of lessons learned after major malware incidents to prevent similar incidents from occurring in the future.

Additionally, we will work with the Anti-Phishing Working Group and other industry leaders, including ICANN working groups on phishing and pharming, to ensure that our practices allow parties to act quickly when a registrant is in violation of the policies. Finally, we reserve the right to immediately terminate any activity deemed, in our sole judgment, to be abusive, in violation of the AUP or related policies, or against the public interest.

--RAPID TAKE-DOWN PROCEDURES--
The AUP and related policies provide for a rapid take-down of abusive domains that are in violation of the policies, including mass domain shutdowns to act against DDoS, phishing abuse, and Botnet exploitation of domain names. Experience has shown that aggressive policy enforcement, combined with user-accessible complaint procedures to shut down obviously abusive names discourages malefactors, who have the option of registering in more loosely administered TLDs, such as .COM or .INFO.

--PROTECTION OF GEOGRAPHIC NAMES--
We will enact measures for the protection of country and territory names. The geographical names contained in the lists described in Specification 5 of the registry agreement will be added to the registry software system “prohibited word” function. Any attempt to register a domain containing those geographical names will be automatically denied, as they were similarly blocked in the .INFO TLD. See our answer to Question 22: Protection of Geographic Names for a more complete description of polices to protect geographic names.

--COMMUNITY FLAGGING--
We will use the common practice of community flagging of abusive uses of domains in order to rapidly detect a possible abuse so that a rapid response may be provided, including a rapid take-down of an abusive domain. Community members can easily flag a domain name as potentially abusive by filing notice through the Complaint Resolution Service. The CRS provides a “community flagging” mechanism that allows Internet users to report suspected violations and has proven to be an effective and speedy policy to prevent unwanted behavior. Internet web sites such as Craigslist, OK Cupid and many others use community flagging as their primary means of combating illegal and abusive behavior, and we will implement it in the registry.

--SUSPENDING MULTIPLE DOMAINS FOR FLAGRANT ABUSE--
The Registry reserves the right to suspend all domain names registered to or associated with any user for flagrant or repetitive abuse of any domain name as a means of preventing and curtailing abuse of the systems.

--TRANSFER FEES TO MITIGATE ABUSE--
To create a deterrent to abuse in the registry, we will charge registrants with a processing fee for transferring domains to another registrar or registrant. The transfer processing fee assessed will not be high, but will act as a deterrent by those who register multiple domain names for their schemes.

--QUALIFICATION OF REGISTRANTS--
Registrants in the .DDS registry will be required to be dentists, registered under the law of a geographic authority such as a Country, State, Principality or Distinct Economies as recognized in international fora, and recorded in a registry kept for that purpose. The eligibility requirements are set out in the Registrant Agreement.

We will discourage illegitimate or abusive registrations by pricing our domain names above the price of .COM or .BIZ, which we believe will discourage various forms of noxious behaviors, as cybercriminals typically register large numbers of domains for their schemes and will therefore face a larger cost of doing business if they attempt to use the registry for their schemes. We therefore will price domain names at a wholesale cost higher than existing gTLDs as a way to discourage malicious use of second-level domain names. With fewer illegitimate registrations, we expect that Whois accuracy will be higher.

--IMPLEMENTATION OF POLICY--
The VPP will oversee the management and maintenance of all policies and coordinate their implementation with Minds + Machines’ CTO and other technical staff and any third-party service provider partners. The VPP will also be responsible for assuring that the policies are complied with by both registrars and registrants. We are committed to providing sufficient resources to ensure full functioning and effective implementation of these policies, as described below.

We will implement all decisions rendered under the URS and UDRP and courts of law in an ongoing and timely manner. We have designated the VPP as the URS Point of Contact (URSPOC) for proceedings brought under the URS against registrations in the Registry. The URSPOC will monitor the receipt of emails from URS providers informing that a URS complaint has passed Administrative Review, and will, on receipt of such an email, immediately arrange to lock the relevant domain name. Resolution services shall not be affected. The USPOC will also monitor emails from URS providers for determinations in URS cases, and will act on them according to their terms. In those cases where the complainant has succeeded in the URS complaint, the domain name status will be moved from “locked” to “suspended”, and will not longer resolve. Where a complainant has been unsuccessful, the domain name will be unlocked, with full control being restored to the registrant. If an appeal is filed, the URSPOC will monitor emails for any change of status resulting from such appeals. The software will designate the status of names during URS proceedings and provide for monitoring to ensure deadlines are met. In order to be able to monitor emails or phone calls and respond quickly, the VPP will be aided by one or more of the Registrar Customer Service representatives.

In the event that the rate of complaints is too high for existing personnel to handle, we will work to automate what can be automated, and hire additional staff as necessary. If a high percentage of complaints are nuisance complaints, or harassing complaints, we may institute a small fee for the Complaint Resolution service in order to prevent capricious use of the service.

Responsibility for maintaining and implementing technical protection mechanisms via the Registry software and hardware rests with the CTO.The CTO will be aided by developers, architect, and technicians in the NOC.

--IMPLEMENTATION OF RIGHTS PROTECTION MECHANISMS--
The VPP will oversee the management and maintenance of all the policies and coordinate their implementation with Minds + Machines’ CTO and other technical staff and any third-party service provider partners. The VPP, in co-ordination with the Compliance Administrator, will also be responsible for assuring that the policies are complied with by both registrars and registrants. We are committed to providing sufficient resources to ensure full functioning and effective implementation of these policies, as described below.

In the event that the rate of complaints is too high for existing personnel to handle, we will work to automate what can be automated, and hire additional staff as necessary. If a high percentage of complaints are nuisance complaints, or harassing complaints, we may institute a small fee for the Complaint Resolution service in order to prevent capricious use of the service.

Responsibility for maintaining and implementing technical protection mechanisms via the Registry software and hardware rests with Minds + Machines’ CTO, who has worked extensively with enforcing Rights Protections in registries through software applications. The CTO will direct the technical team as necessary. The technical team will implement the trademark clearinghouse and sunrise services at the application level, including connecting to the TMCH, and managing the API for sunrise auction tools.

Our registry functions are outsourced to Minds + Machines. Their staff resource allocation follows. All costs associated with the technical functioning of the registry are covered by Minds + Machines as per our contract with them. Please see the attachment to “Q 24 Staff” for complete descriptions of each staff position.

Title Startup Yr1 Yr2 Yr3
----- ------- --- --- ---
CTO 2% 2% 2% 2%
VP Policy 10% 10% 10% 10
Compliance Administrator -- 5% 5% 5%
Registrar CS Tech 1 2% 2% 2% 2%
Registrar CS Tech 2 -- -- 2% 2%
Espresso Application Dev -- 5% 5% 5%
Espresso Application Dev 2 -- -- 5% 5%
Espresso Application Dev 3 -- -- -- 5%
Database Developer 2% 2% 2 2%
Database Developer 2 -- -- -- 2%