29 Rights Protection Mechanisms

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.northlandinsuranceTravelers TLD, LLCcscinfo.comView

Rights protection is a core objective and responsibility of the registry operator (also, “Applicant”), and is supported by a fully-developed plan for rights protection that includes:
* Establishing mechanisms to prevent unqualified registrations (e.g., registrations made in violation of the registry’s eligibility restrictions or policies);
* Implementing a robust Sunrise program, utilizing the Trademark Clearinghouse, the services of one of ICANN’s approved dispute resolution providers, a trademark validation agent, and drawing upon sunrise policies and rules used successfully in previous gTLD launches;
* Implementing a professional trademark claims program that utilizes the Trademark Clearinghouse, and drawing upon models of similar programs used successfully in previous TLD launches;
* Complying with the URS requirements;
* Complying with the UDRP;
* Complying with the PDDRP, and;
* Including all ICANN-mandated and independently developed rights protection mechanisms (“RPMs”) in the registry-registrar agreement entered into by ICANN-accredited registrars authorized to register names in the TLD and adopted by the ICANN Board as ICANN Consensus Policy.

The response below details the rights protection mechanisms effective at the launch of the TLD (Sunrise and Trademark Claims Service) and which comply with rights protection policies throughout the life of the TLD (URS, UDRP, PDDRP, and other ICANN RPMs), outlines additional provisions made for rights protection, and provides the resourcing plans.

Primarily, the registry operator will avoid unqualified registrations by limiting registration within the TLD by only authorized employees of Travelers who are authorized in writing after careful review by the Travelers’ CIO or General Counsel or their designee to register domain names on behalf of Travelers for the limited purposes outlined in the answer to question 18. Also, the launch of this TLD will include the operation of a Sunrise and trademark claims service according to the defined ICANN processes for checking a registration request and alerting trademark holders of potential rights infringement.

The Sunrise Period will be an exclusive period of time equal to 60 days prior to the opening of general registration when trademark and service mark holders will be able to reserve domain names that are an identical match to marks they have listed in the Trademark Clearinghouse and that meet Applicant’s registration eligibility requirements. Following the Sunrise Period, Applicant will open registration for all non-reserved domain names to qualified applicants.

The anticipated Rollout Schedule for the Sunrise Period will be approximately as follows:
* Launch of the TLD Sunrise Period begins for trademark holders and service mark holders to submit domain name registrations for their exact marks in the TLD. Registrations will be processed first-come, first-serve in real-time.

* 60 days after launch, the Sunrise Period will close and will be followed by a Quiet Period for testing and evaluation.

* One (1) month after close of Quiet Period Registration in the TLD for non-reserved domain names will be opened to qualified applicants.
* One (1) month after launch, TLD domain names will begin to resolve through standard Web browsers.

Those wishing to reserve their marks in the TLD domain during the Sunrise Period must be a qualified applicant under Applicant’s registration policies and own a current trademark or service mark listed in the Trademark Clearinghouse.

Applicant will establish the following Sunrise eligibility requirements (SERs) in addition to its standard registration eligibility requirements, verified by Clearinghouse data, and incorporate a Sunrise Dispute Resolution Policy (SDRP). The SERs include: (i) ownership of a mark that satisfies the criteria set forth in section 7.2 of the Trademark Clearing House specifications, (ii) representation that all provided information is true and correct; and (iii) provision of data sufficient to document rights in the trademark.

The SDRP will allow challenges based on the following four grounds: (i) at time the challenged domain name was registered, the registrants did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; (ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration; (iii) the trademark registration on which the registrant based its Sunrise registration is not of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; or (iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received. Applicant will require its registrar and registry service operators to abide by decisions rendered under the SDRP in a timely and ongoing basis.

Applicant will offer a Trademark Claims Service during the first one hundred and twenty (120) days of general registration. Applicant’s registrar will be required to review all domain names requested to be registered during the Trademark Claims period to determine if they are an identical match of a trademark that has been filed with the Trademark Clearinghouse and they meet Applicant’s domain name registration requirements. A domain name will be considered an identical match when the domain name consists of the complete and identical textual elements of the mark, and includes domain names where (a) spaces contained within a mark that are either replaced by hyphens (and vice versa) or omitted; (b) certain special characters contained within a trademark are spelled out with appropriate words describing it (e.g., @ and &); and (c) punctuation or special characters contained within a mark that are unable to be used in a second-level domain name are either (i) omitted or (ii) replaced by spaces, hyphens or underscores. Domain names that are plural forms of a mark or that merely contain a mark will not qualify as an identical match.

If the registrar determines that a prospective domain name registration is identical to a mark registered in the Trademark Clearinghouse, the registrar will be required to ensure that a “Trademark Claims Notice” (“Notice”) in English is sent to the protective registrant of the domain name and blind copy Applicant’s Abuse Contact on all such correspondence. The Notice will provide the prospective registrant information regarding the trademark referenced in the Trademark Claims Notice to enhance understanding of the Trademark rights being claimed by the trademark holder. The Notice will be provided in real time without cost to the prospective registrant.

After sending the Notice, the registrar will be required to require that the prospective registrant specifically warrant within five (5) days that: (i) the prospective registrant has received notification that the mark(s) is included in the Clearinghouse; (ii) the prospective registrant has received and understood the notice; and (iii) to the best of the prospective registrant’s knowledge that the registration and use of the requested domain name will not infringe on the rights that are the subject of the notice. If the warranty satisfies these requirements, the registrar will be required to effectuate the registration and notify Applicant.

After the effectuation of a registration that is identical to a mark listed in the Trademark Clearinghouse, the registrar will be required to then ensure that a clear notice to the trademark owner of the trademark consisting of the domain name that has been registered and will blind copy Applicant confirming that it has done so. The trademark owner then has the option of filing a Complaint under the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) against the domain name, as the Applicant will require in its domain name registration agreements that the registry, registrar, and registrant all submit to the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension (URS) system. Applicant will require its registrar and registry service operators to abide by decisions rendered under the UDRP and URS in a timely and ongoing basis.

Several rights protection mechanisms will be implemented to protect rights in this TLD. As described in Applicant’s responses to questions #27 and #28, measures are in place to ensure domain transfers and updates are only initiated by the appropriate domain holder, and an experienced team is available to respond to legal actions by law enforcement or court orders.

This TLD will further conform to all ICANN RPMs including URS (defined below), UDRP, PDDRP, and all measures defined in Specification 7 of the new TLD agreement and adopted by the ICANN Board as ICANN Consensus Policies.

The registry operator will implement decisions rendered under the URS on an ongoing basis. Per the URS policy posted on ICANN’s Web site as of this writing, the registry operator will receive notice of URS actions from the ICANN-approved URS providers. These emails will be directed immediately to the registry operator’s support staff. The support staff will be responsible for creating a ticket for each case, and for executing the directives from the URS provider. All support staff will receive pertinent training.

As per ICANN’s URS guidelines, within 24 hours of receipt of the notice of complaint from the URS provider, the registry operator shall “lock” the domain, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will remain in the TLD DNS zone file and will thus continue to resolve. The support staff will “lock” the domain by associating the following EPP statuses with the domain and relevant contact objects:

* ServerUpdateProhibited, with an EPP reason code of “URS”;
* ServerDeleteProhibited, with an EPP reason code of “URS”; or
* ServerTransferProhibited, with an EPP reason code of “URS”.

The registry operator’s support staff will then notify the URS provider immediately upon locking the domain name, via email.

The registry operator’s support staff will retain all copies of emails from the URS providers, assign them a tracking or ticket number, and will track the status of each opened URS case through to resolution via spreadsheet or database.

The registry operator’s support staff will execute further operations upon notice from the URS providers. The URS provider is required to specify the remedy and required actions of the registry operator, with notification to the registrant, the complainant, and the registrar.

As per the URS guidelines, if the complainant prevails, the “registry operator shall suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be redirected to an informational web page provided by the URS provider about the URS. The WHOIS for the domain name shall continue to display all of the information of the original registrant except for the redirection of the nameservers. In addition, the WHOIS shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.”

Finally, Applicant will be sure to abide by any timely requests by Complainant to extend the registration period for one additional year at commercial rates.

Immediately upon receipt of a Determination in registrant’s favor, Rights Contact will notify the registry operator to unlock the domain name.

Applicant will specify in its Registry-Registrar and Registration Agreements used in connection with the TLD that all parties will timely abide by all decisions made by panels in accordance with the Uniform Domain Name Dispute Resolution Policy (UDRP). Applicant’s Rights Contact will receive all UDRP Complaints and decisions, temporarily lock any domain names as required, and will notify its registrar to timely cancel or transfer all registrations determined to by a UDRP panel to be infringing.

Applicant will participate in all post-delegation procedures, including the Trademark Post-Delegation Dispute Resolution Procedure (Trademark PDDRP), and will timely abide by any Determinations of any PDDRP Provider after exhaustion of all appeals and⁄or times to appeal or other determination challenges.

Because the application is not community-based, Applicant is not required to participate in the RRDRP and will not be bound by any Determinations of a RRDRP Provider.

Applicant intends that only Applicant will be permitted to register domain names in the TLD for its own exclusive use. Hence, Applicant is exempt from the Registry Operator Code of Conduct (“ROCC”) as detailed in Specification 9 of the Registry Agreement with ICANN. Thus, as Applicant is not required to grant access to the TLD to all registrars, and in order to reduce abusive registrations and other activities that affect the legal rights of others, Applicant will only contract with one ICANN-accredited registrar that has proven capable of providing adequate defenses against abusive registrations and superior response capabilities. The registrar, according to the Registry-Registrar agreement, will not be able to register any domain names, thus eliminating the possibility of front-running. The Registrar will also agree not to submit fake renewal notices. Any evidence of abusive behavior on the part of the Registrar will be promptly reported to ICANN Compliance.

The following will be memorialized and be made binding via the Registry-Registrar and Registrar-Registrant Agreements:
* The registry may reject a registration request or a reservation request, or may delete, revoke, suspend, cancel, or transfer a registration or reservation under the following criteria:
- - to enforce registry policies (including but not limited to the registry’s registration policy and all accompanying criteria) and ICANN requirements, each as amended from time to time;
- - that is not accompanied by complete and accurate information as required by ICANN requirements and⁄or registry policies or where required information is not updated and⁄or corrected as required by ICANN requirements and⁄or registry policies;
- - to protect the integrity and stability of the registry, its operations, and the TLD system;
- - to comply with any applicable law, regulation, holding, order, or decision issued by a court, administrative authority, or dispute resolution service provider with jurisdiction over the registry;
- - to establish, assert, or defend the legal rights of the registry or a third party or to avoid any civil or criminal liability on the part of the registry and⁄or its affiliates, subsidiaries, officers, directors, representatives, employees, contractors, and stockholders;
- - to correct mistakes made by the registry or any accredited registrar in connection with a registration; or
- - as otherwise provided in the Registry-Registrar Agreement and⁄or the Registrar-Registrant Agreement.

In its response to question #28, the registry operator has fully described its anti-abuse program. To reiterate, as part of the registry operator’s intention to protect the rights of others in the TLD and to mitigate abuse, the registry operator will enact the following Anti-Abuse Policy upon launch of the TLD.

The Anti-Abuse Policy will be enacted under the contractual authority of the registry operator through the Registry-Registrar Agreement, and the obligations will be passed on to and made binding upon registrants. This policy will be posted on the TLD web site along with contact information for registrants or users to report suspected abuse. The policy is designed to address the malicious use of domain names, including those that infringe the rights of others. The registry operator and its registrars will make reasonable attempts to limit significant harm to Internet users, include rights holders.

This policy is not, however, intended to take the place of the Uniform Domain Name Dispute Resolution Policy (UDRP) or the Uniform Rapid Suspension System (URS), and it is not to be used as an alternate form of dispute resolution or as a brand protection mechanism. Its intent is not to burden law-abiding or innocent registrants and domain users; rather, the intent is to deter those who use domain names maliciously by engaging in illegal or fraudulent activity or to infringe the legal rights of others. Repeat violations of the abuse policy will result in a case-by-case review of the abuser(s), and the registry operator reserves the right to escalate the issue, with the intent of levying sanctions that are allowed under the TLD anti-abuse policy.

Anti-Abuse Policy
Malicious use of domain names will not be tolerated. The nature of such abuses creates security and stability issues for the registry, registrars, and registrants, as well as for users of the Internet in general. The registry operator definition of abusive use of a domain includes, without limitation, the following:
Illegal or fraudulent actions;
Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums;
Phishing: The use of counterfeit web pages that are designed to trick recipients into divulging sensitive data such as personally identifying information, usernames, passwords, or financial data;
Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through, but not limited to, DNS hijacking or poisoning;
Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the owner’s informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and Trojan horses.
Malicious fast-flux hosting: Use of fast-flux techniques with a botnet to disguise the location of web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities.
Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct distributed denial-of-service attacks (DDoS attacks); and
Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual’s system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

Pursuant to the Registry-Registrar Agreement, registry operator reserves the right at its sole discretion to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary, including for engaging in abusive use of any domain name(s): (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of registry operator, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement and this Anti-Abuse Policy, or (5) to correct mistakes made by registry operator or any registrar in connection with a domain name registration. Registry operator also reserves the right to place upon registry lock, hold, or similar status a domain name during resolution of a rights dispute. The policy stated above will be accompanied by notes about how to submit a report to the registry operator’s abuse point of contact.

With specific respect to phishing and pharming, it should be noted by ICANN that this will be a single entity TLD in which Applicant has direct control over each registrant, the authorization of each registrant, and how each registration may be used. As stated below and throughout this application, Applicant has put into place strong registrant pre-verification or authentication procedures to limit unauthorized registration of domain names that may infringe the legal rights of others. Further, there will be no open registration period for this TLD, as it will never be an “open” TLD. Since all criminal activity (such as phishing and pharming) and legal rights infringement is precluded by the mission, values and policies of the registry operator (and its parent organization), criminal activity and legal rights infringement is not expected to be a problem. If such activity occurs due to hacking or other compromises, the registry operator will take prompt and effective steps to eliminate the activity.

In the case of this TLD, Applicant will apply an approach that addresses registered domain names (rather than potentially registered domains). This approach will not infringe upon the rights of eligible registrants to register domains, and allows Applicant internal controls, as well as community-developed UDRP and URS policies and procedures if needed, to deal with complaints, should there be any.

Afilias is a member of various security fora which provide access to lists of names in each TLD which may be used for malicious purposes. Such identified names will be subject to review to address whether action may be warranted under the various provisions of the TLD anti-abuse policy.

One of the systems that may be used for validity and identity authentication is VAULT (Validation and Authentication Universal Lookup). It utilizes information obtained from a series of trusted data sources with access to billions of records containing data about individuals for the purpose of providing independent age and id verification as well as the ability to incorporate additional public or private data sources as required. At present it has the following: US Residential Coverage - 90% of Adult Population and also International Coverage - Varies from Country to Country with a minimum of 80% coverage (24 countries, mostly European).Various verification elements can be used. Examples might include applicant data such as name, address, phone, etc.

Multiple methods could be used for verification include integrated solutions utilizing API (XML Application Programming Interface) or sending batches of requests, such as:
Verification and Authentication requirements would be based on registry operator requirements or specific criteria;
Based on required WHOIS Data; registrant contact details (name, address, phone);
If address⁄ZIP can be validated by VAULT, the validation process can continue (North America +25 International countries);
If in-line processing and registration and EPP⁄API call would go to the verification clearinghouse and return up to 4 challenge questions;
If two-step registration is required, then registrants would get a link to complete the verification at a separate time. The link could be specific to a domain registration and pre-populated with data about the registrant;
If WHOIS data is validated a token would be generated and could be given back to the registrar which registered the domain;
WHOIS data would reflect the Validated Data or some subset, i.e., fields displayed could be first initial and last name, country of registrant and date validated. Other fields could be generic validation fields much like a “privacy service”;
A “Validation Icon” customized script would be sent to the registrants email address. This could be displayed on the website and would be dynamically generated to avoid unauthorized use of the Icon. When clicked on the Icon would should limited WHOIS details i.e. Registrant: jdoe, Country: USA, Date Validated: March 29, 2011, as well as legal disclaimers; and⁄or
Validation would be annually renewed, and validation date displayed in the WHOIS.

Since its founding, Afilias is focused on delivering secure, stable and reliable registry services. Several essential management and staff who designed and launched the Afilias registry in 2001 and expanded the number of TLDs supported, all while maintaining strict service levels over the past decade, are still in place today. This experiential continuity will endure for the implementation and on-going maintenance of this TLD. Afilias operates in a matrix structure, which allows its staff to be allocated to various critical functions in both a dedicated and a shared manner. With a team of specialists and generalists, the Afilias project management methodology allows efficient and effective use of our staff in a focused way.

Supporting RPMs requires several departments within the registry operator as well as within Afilias. The implementation of Sunrise and the Trademark Claims service and on-going RPM activities will pull from the 102 Afilias staff members of the engineering, product management, development, security and policy teams at Afilias and the support staff of the registry operator. No additional hardware or software resources are required to support this as Afilias has fully-operational capabilities to manage abuse today.

The registry operator will maintain an abuse response and rights protection team, which will be a combination of internal staff and outside specialty contractors and⁄or legal counsel, adjusting to the needs of the size and type of TLD. The team structure planned for this TLD is based on several years of experience responding to, mitigating, and managing abuse within TLDs of various sizes. The team will generally consist of abuse handlers (probably internal), a junior analyst, (either internal or external), and a senior security consultant and⁄or legal counsel (likely an external resource providing the registry operator with extra expertise as needed). These responders will be specially trained in the investigation of abuse complaints, and will have the latitude to review, monitor, and respond to abuse complaints, including acting expeditiously to suspend domain names (or apply other remedies) when called for.

Similar gTLD applications: (4)

gTLDFull Legal NameE-mail suffixzDetail
.redumbrellaTravelers TLD, LLCcscinfo.com-4.39Compare
.travelersTravelers TLD, LLCcscinfo.com-4.39Compare
.trvTravelers TLD, LLCcscinfo.com-4.39Compare
.travelersinsuranceTravelers TLD, LLCcscinfo.com-4.39Compare