Back

29 Rights Protection Mechanisms

gTLDFull Legal NameE-mail suffixDetail
.audiAUDI Aktiengesellschaftindeca.deView
Rights protection is a core responsibility of the TLD operator, and is supported by a fully-developed plan for rights protection that includes:
• Establishing mechanisms to prevent unqualified registrations (e.g., registrations made in violation of the registry’s eligibility restrictions or policies);
• Implementing a robust Sunrise program, utilizing the Trademark Clearinghouse, the services of one of ICANN’s approved dispute resolution providers, a trademark validation agent, and drawing upon sunrise policies and rules used successfully in previous gTLD launches;
• Implementing a professional trademark claims program that utilizes the Trademark Clearinghouse, and drawing upon models of similar programs used successfully in previous TLD launches;
• Complying with the URS requirements;
• Complying with the UDRP;
• Complying with the PDDRP, and;
• Including all ICANN-mandated and independently developed rights protection mechanisms (“RPMs”) in the registry-registrar agreement entered into by ICANN-accredited registrars authorized to register names in the TLD.

The response below details the rights protection mechanisms at the launch of the TLD (Sunrise and Trademark Claims Service) which comply with rights protection policies (URS, UDRP, PDDRP, and other ICANN RPMs), outlines additional provisions made for rights protection, and provides the resourcing plans.

Safeguards for rights protection at the launch of the TLD
The launch of this TLD will include the operation of a trademark claims service according to the defined ICANN processes for checking a registration request and alerting trademark holders of potential rights infringement.

* Sunrise period *

The Sunrise Period will be an exclusive period of time, prior to the opening of public registration, when trademark and service mark holders will be able to reserve marks that are an identical match in the TLD. Following the Sunrise Period, applicant will open registration to qualified applicants.

The anticipated Rollout Schedule for the Sunrise Period will be approximately as follows:

• Launch of the TLD – Sunrise Period begins for trademark holders and service mark holders to submit registrations for their exact marks in the TLD. To maximize fairness registrations will be processed via a randomized, round robin system, which will close 30 days following the Sunrise launch date respectively. Following this, applicant expects the balance of Sunrise registrations to be awarded in real-time.

• Two months after launch –The Sunrise Period will close and will be followed by a Quiet Period for testing and evaluation.
• One month after close of Quiet Period – Registration in the TLD domain will be opened to qualified applicants.
• Immediately after launch the TLD’s domain names begin to resolve through standard Web browsers.

However, it is not expected or intended that any domain names are registered during the Sunrise Period since the only eligible registrant is the applicant. The applicant does not intend to use the Sunrise Period for its own domain name registrations.

* Sunrise Period Requirements & Restrictions *

Those wishing to reserve their marks in the TLD during the Sunrise Period must own a current trademark or service mark listed in the Trademark Clearinghouse.

Notice will be provided to all trademark holders in the Clearinghouse if someone is seeking a Sunrise registration. This notice will be provided to holders of marks in the Clearinghouse that are an Identical Match (as defined in the Trademark Clearing House) to the name to be registered during Sunrise.

Each Sunrise registration will require a minimum term of five years.

Applicant will establish the following Sunrise eligibility requirements (SERs) as minimum requirements, verified by Clearinghouse data, and incorporate a Sunrise Dispute Resolution Policy (SDRP). The SERs include: (i) ownership of a mark that satisfies the criteria set forth in section 7.2 of the Trademark Clearing House specifications, (ii) description of international class of goods or services covered by registration; (iii) representation that all provided information is true and correct; and (iv) provision of data sufficient to document rights in the trademark.

The SDRP will allow challenges based on the following four grounds: (i) at time the challenged domain name was registered, the registrants did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; (ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration; (iii) the trademark registration on which the registrant based its Sunrise registration is not of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; or (iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received.

* Ongoing rights protection mechanisms *

Several mechanisms will be in place to protect rights in this TLD. As described in our responses to questions #27 and #28, measures are in place to ensure domain transfers and updates are only initiated by the appropriate domain holder, and an experienced team is available to respond to legal actions by law enforcement or court orders.

This TLD will conform to all ICANN RPMs including URS (defined below), UDRP, PDDRP, and all measures defined in Specification 7 of the new TLD agreement.

* Uniform Rapid Suspension (URS) *

The registry operator will implement decisions rendered under the URS on an ongoing basis. Per the URS policy posted on ICANN’s Web site as of this writing, the registry operator will receive notice of URS actions from the ICANN-approved URS providers. These emails will be directed immediately to the registry operator’s support staff, which is on duty 24x7. The support staff will be responsible for creating a ticket for each case, and for executing the directives from the URS provider. All support staff will receive pertinent training.

As per ICANN’s URS guidelines, within 24 hours of receipt of the notice of complaint from the URS provider, the registry operator shall “lock” the domain, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will remain in the TLD DNS zone file and will thus continue to resolve. The support staff will “lock” the domain by associating the following EPP statuses with the domain and relevant contact objects:

• ServerUpdateProhibited, with an EPP reason code of “URS”
• ServerDeleteProhibited, with an EPP reason code of “URS”
• ServerTransferProhibited, with an EPP reason code of “URS”
• The registry operator’s support staff will then notify the URS provider immediately upon locking the domain name, via email.

The registry operator’s support staff will retain all copies of emails from the URS providers, assign them a tracking or ticket number, and will track the status of each opened URS case through to resolution via spreadsheet or database.

The registry operator’s support staff will execute further operations upon notice from the URS providers. The URS provider is required to specify the remedy and required actions of the registry operator, with notification to the registrant, the complainant, and the registrar.

As per the URS guidelines, if the complainant prevails, the “registry operator shall suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be redirected to an informational web page provided by the URS provider about the URS. The WHOIS for the domain name shall continue to display all of the information of the original registrant except for the redirection of the nameservers. In addition, the WHOIS shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.”

* Community TLD considerations *

The Sunrise Period will allow only eligible registrants to register domain names. However, it is not expected or intended that any domain names are registered during the Sunrise Period since the only eligible registrant is the applicant. The applicant does not intend to use the Sunrise Period for its own domain name registrations. This implemented safeguard guarantees that no unqualified registrations (e.g., registrations made in violation of the registry’s eligibility restrictions or policies) are made.

* Rights protection via the RRA *

The following will be memorialized and be made binding via the Registry-Registrar and Registrar-Registrant Agreements:

• The registry may reject a registration request or a reservation request, or may delete, revoke, suspend, cancel, or transfer a registration or reservation under the following criteria:
a. to enforce registry policies and ICANN requirements; each as amended from time to time;
b. that is not accompanied by complete and accurate information as required by ICANN requirements and⁄or registry policies or where required information is not updated and⁄or corrected as required by ICANN requirements and⁄or registry policies;
c. to protect the integrity and stability of the registry, its operations, and the TLD system;
d. to comply with any applicable law, regulation, holding, order, or decision issued by a court, administrative authority, or dispute resolution service provider with jurisdiction over the registry;
e. to establish, assert, or defend the legal rights of the registry or a third party or to avoid any civil or criminal liability on the part of the registry and⁄or its affiliates, subsidiaries, officers, directors, representatives, employees, contractors, and stockholders;
f. to correct mistakes made by the registry or any accredited registrar in connection with a registration; or
g. as otherwise provided in the Registry-Registrar Agreement and⁄or the Registrar-Registrant Agreement.

* Reducing opportunities for behaviors such as phishing or pharming *

In our response to question #28, the registry operator has described its anti-abuse program. Rather than repeating the policies and procedures here, please see our response to question #28 for full details.

With specific respect to phishing and pharming, it should be noted by ICANN that this will be a single entity TLD in which Applicant has direct control over each registrant (they are typically on staff or otherwise contractually bound) and how each registration may be used. Further, there will be no open registration period for this TLD, as it will never be an “open” TLD. Since all criminal activity (such as phishing and pharming) is precluded by the mission, values and policies of the registry operator (and its parent organization), criminal activity is not expected to be a problem. If such activity occurs due to hacking or other compromises, the registry operator will take prompt and effective steps to eliminate the activity.

In the case of this TLD, Applicant will apply an approach that addresses registered domain names (rather than potentially registered domains). This approach will not infringe upon the rights of eligible registrants to register domains, and allows Applicant internal controls, as well as community-developed UDRP and URS policies and procedures if needed, to deal with complaints, should there be any.

Afilias is a member of various security fora which provide access to lists of names in each TLD which may be used for malicious purposes. Such identified names will be subject to the TLD anti-abuse policy, including rapid suspensions after due process.

* Rights protection resourcing plans *

Since its founding, Afilias is focused on delivering secure, stable and reliable registry services. Several essential management and staff who designed and launched the Afilias registry in 2001 and expanded the number of TLDs supported, all while maintaining strict service levels over the past decade, are still in place today. This experiential continuity will endure for the implementation and on-going maintenance of this TLD. Afilias operates in a matrix structure, which allows its staff to be allocated to various critical functions in both a dedicated and a shared manner. With a team of specialists and generalists, the Afilias project management methodology allows efficient and effective use of our staff in a focused way.

Supporting RPMs requires several departments within the registry operator as well as within Afilias. The implementation of Sunrise and the Trademark Claims service and on-going RPM activities will pull from the 102 Afilias staff members of the engineering, product management, development, security and policy teams at Afilias and the support staff of the registry operator, which is on duty 24x7. A trademark validator will also be assigned within the registry operator, whose responsibilities may require as much as 50% of full-time employment if the domains under management were to exceed several million. No additional hardware or software resources are required to support this as Afilias has fully-operational capabilities to manage abuse today.
gTLDFull Legal NameE-mail suffixDetail
.HERMESHERMES INTERNATIONALhermes.comView
As mentioned in response to Question 18 (b) and 22 above, the Applicant is a company known throughout the world for its high quality products including leather goods, silk articles, perfumes, ready-to-wear, tableware and home furniture. The Applicant supports its business with complex information technology infrastructures. Therefore, the Applicant has a substantial experience and expertise in managing complex information technology infrastructures, hereby relying on in-house and external resources.

However, the Applicant has no in-depth experience in managing a domain name registry system and it would require too much effort for the Applicant to develop a system itself that complies with the specific technical requirements imposed upon new gTLD registries. Therefore, the Applicant has decided to rely on Indom to provide corporate registrar services and back-end services for its applied-for .HERMES registry. It has been agreed between the Applicant and Indom that the back-end registry services for the .HERMES registry will be performed by Afilias Ltd. (“Afilias” – see www.afilias.info). Afilias has accepted to deliver registry services for the .HERMES TLD.

The response to this question describes the Right Protection Mechanisms as will be supported by Afilias. When it is stated that Afilias will perform certain services or comply with certain standards or processes, Afilias will do this for the Applicant, who itself is committed to comply with these standards or processes towards ICANN. The same is true where it is stated that certain services will be provided (without the express mention of Afilias). Unless it is expressly mentioned otherwise, services will be provided by Afilias for the Applicant. Where use is made of the first person plural, reference is made to Afilias, as throughout the technical portion (Questions #23 - #44) of this application, answers are provided directly by Afilias, the back-end provider of registry services for the applied-for .HERMES TLD (also referred to as ‘this TLD’).

Rights protection is a core responsibility of the TLD operator, and is supported by a fully-developed plan for rights protection that includes:
• Establishing mechanisms to prevent unqualified registrations (e.g., registrations made in violation of the registry’s eligibility restrictions or policies);
• Implementing a robust Sunrise program, utilizing the Trademark Clearinghouse, the services of one of ICANN’s approved dispute resolution providers, a trademark validation agent, and drawing upon sunrise policies and rules used successfully in previous gTLD launches;
• Implementing a professional trademark claims program that utilizes the Trademark Clearinghouse, and drawing upon models of similar programs used successfully in previous TLD launches;
• Complying with the URS requirements;
• Complying with the UDRP;
• Complying with the PDDRP, and;
• Including all ICANN-mandated and independently developed rights protection mechanisms (“RPMs”) in the registry-registrar agreement entered into by ICANN-accredited registrars authorized to register names in the TLD.

The response below details the rights protection mechanisms at the launch of the TLD (Sunrise period and Trademark Claims Service) which comply with rights protection policies (URS, UDRP, PDDRP, and other ICANN RPMs), outlines additional provisions made for rights protection, and provides the resourcing plans.

Safeguards for rights protection at the launch of the TLD
The launch of this TLD will include the operation of a trademark claims service according to the defined ICANN processes for checking a registration request and alerting trademark holders of potential rights infringement.

⁄Sunrise period

The Sunrise Period will be an exclusive period of time, prior to the opening of public registration, when trademark and service mark holders will be able to reserve marks that are an identical match in the .HERMES TLD. Following the Sunrise Period, the Applicant will open registration to qualified applicants.

The anticipated Rollout Schedule for the Sunrise Period will be approximately as follows:
- Launch of the TLD – Sunrise Period begins for trademark holders and service mark holders to submit registrations for their exact marks in the TLD domain. To maximize fairness registrations will be processed via four queues of a randomized, round robin system, which will close 15 days, 30 days, 45 days and 60 days following the launch date respectively (dates are indicative). Following this, Applicant expects the balance of Sunrise registrations to be awarded in real-time.

- Five months (indicative) after launch –The Sunrise Period will close and will be followed by a Quiet Period for testing and evaluation.

- One month (indicative) after close of Quiet Period – Registration in the TLD domain will be opened to qualified applicants.
- After the close of Quite Period – TLD domain names, registered by third parties will begin to resolve through standard Web browsers. Domain names registered by the registry operator itself may resolve before that date.

Sunrise Period Requirements & Restrictions
Eligible registrants wishing to reserve their marks in the .HERMES domain during the Sunrise Period must own a current trademark or service mark listed in the Trademark Clearinghouse.

Notice will be provided to all trademark holders in the Clearinghouse if someone is seeking a Sunrise registration. This notice will be provided to holders of marks in the Clearinghouse that are an Identical Match (as defined in the Trademark Clearing House) to the name to be registered during Sunrise.

Each Sunrise registration will require a minimum term of five years.

The Applicant will establish the following Sunrise eligibility requirements (SERs) as minimum requirements, verified by Clearinghouse data, and incorporate a Sunrise Dispute Resolution Policy (SDRP). Additional eligibility requirements may apply. The SERs include: (i) ownership of a mark that satisfies the criteria set forth in section 7.2 of the Trademark Clearing House specifications, (ii) description of international class of goods or services covered by registration; (iii) representation that all provided information is true and correct; and (iv) provision of data sufficient to document rights in the trademark.

The SDRP will allow challenges based on the following four grounds: (i) at time the challenged domain name was registered, the registrants did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; (ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration; (iii) the trademark registration on which the registrant based its Sunrise registration is not of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; or (iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received.

Ongoing rights protection mechanisms
Several mechanisms will be in place to protect rights in the .HERMES TLD. As described in the Applicants responses to Questions #27 and #28, measures are in place to ensure domain transfers and updates are only initiated by the appropriate domain holder, and an experienced team is available to respond to legal actions by law enforcement or court orders.

This TLD will conform to all ICANN RPMs including URS (defined below), UDRP, PDDRP, and all measures defined in Specification 7 of the new TLD agreement.

Uniform Rapid Suspension (URS)
The registry operator will implement decisions rendered under the URS on an ongoing basis. Per the URS policy posted on ICANN’s Web site as of this writing, the registry operator will receive notice of URS actions from the ICANN-approved URS providers. These emails will be directed immediately to the registry operator’s support staff (and⁄or its registry services provider) which is on duty 24x7. This resource will be responsible for creating a ticket for each case, and for executing the directives from the URS provider. All support staff will receive pertinent training.

As per ICANN’s URS guidelines, within 24 hours of receipt of the notice of complaint from the URS provider, the registry operator shall “lock” the domain, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will remain in the TLD DNS zone file and will thus continue to resolve. The support staff will “lock” the domain by associating the following EPP statuses with the domain and relevant contact objects:
• ServerUpdateProhibited, with an EPP reason code of “URS”
• ServerDeleteProhibited, with an EPP reason code of “URS”
• ServerTransferProhibited, with an EPP reason code of “URS”
• The registry operator’s support staff will then notify the URS provider immediately upon locking the domain name, via email.

The registry operator’s support staff will retain all copies of emails from the URS providers, assign them a tracking or ticket number, and will track the status of each opened URS case through to resolution via spreadsheet or database.

The registry operator’s support staff will execute further operations upon notice from the URS providers. The URS provider is required to specify the remedy and required actions of the registry operator, with notification to the registrant, the complainant, and the registrar.

As per the URS guidelines, if the complainant prevails, the “registry operator shall suspend the domain name, which shall remain suspended for the balance of the registration period and would not resolve to the original web site. The nameservers shall be redirected to an informational web page provided by the URS provider about the URS. The WHOIS for the domain name shall continue to display all of the information of the original registrant except for the redirection of the nameservers. In addition, the WHOIS shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.”

Rights protection via the RRA
The following will be memorialized and be made binding via the Registry-Registrar and Registrar-Registrant Agreements:

• The registry operator may reject a registration request or a reservation request, or may delete, revoke, suspend, cancel, or transfer a registration or reservation under the following criteria:
a. to enforce registry policies and ICANN requirements; each as amended from time to time;
b. that is not accompanied by complete and accurate information as required by ICANN requirements and⁄or registry policies or where required information is not updated and⁄or corrected as required by ICANN requirements and⁄or registry policies;
c. to protect the integrity and stability of the registry, its operations, and the TLD system;
d. to comply with any applicable law, regulation, holding, order, or decision issued by a court, administrative authority, or dispute resolution service provider with jurisdiction over the registry;
e. to establish, assert, or defend the legal rights of the registry or a third party or to avoid any civil or criminal liability on the part of the registry and⁄or its affiliates, subsidiaries, officers, directors, representatives, employees, contractors, and stockholders;
f. to correct mistakes made by the registry or any accredited registrar in connection with a registration; or
g. as otherwise provided in the Registry-Registrar Agreement and⁄or the Registrar-Registrant Agreement.

Reducing opportunities for behaviors such as phishing or pharming
In its response to question #28, the Applicant has described its anti-abuse program. Rather than repeating the policies and procedures here, please see the response to question #28 for full details.

These procedures will sometimes allow the registry operator to identify the domain name portfolios of phishers, and suspend those portfolios before all of the domains in them are used. This will reduce damage to Internet users and the brands that such phishers target.

Every six months, the Anti-Phishing Working Group (APWG) publishes its latest Global Phishing Survey. (See http:⁄⁄www.apwg.org⁄resources.html#apwg). Each edition of this study contains an analysis of how phishers construct phishing URLs and register domain names. The registry operator, together with its Back-End Operator will continue to track that report and ongoing trends. APWG studies show that in the first half of 2011, just two percent of the domain names used for phishing (or 12% of malicious phishing registrations) contained a targeted brand name or misspelling thereof. According to the APWG, in the year July 2010 through June 2011, there were only about 5,700 known brand-or-misspelling phishing domains registered in all TLDs worldwide.

The demonstrated phishing problem is therefore a tiny percentage of domain registrations overall, and should be balanced against the impact that filtering or denying incoming domain registrations in an open registration period may have upon other parties. The number of potential variations and misspellings of target brand names is very large, and attempts to deny registrations containing them might infringe upon the rights of other trademark holders. For example, misspellings of “Google” include “goggle” and “boggle” – but “goggle” and “boggle” are trademarked terms in use by multiple trademark owners across the globe. Therefore preemptive blocking of variations of for instance “Google” by the registry could infringe upon the rights of other legitimate registrants, and favor one registrant in one country over multiple potential registrants in that or other jurisdictions. This variant or misspelling problem is why ICANN specified that only exact domain name string matches will be addressed by the Trademark Clearinghouse. In addition, most generic words are trademarked, and trademarked terms may be found within larger words that would be legitimate for registrants to register.

For these reasons, the registry operator does not plan on heuristics based filtering or denying registrations as they come to the registry during the Land Rush and Open Registration periods based on misspelling detection algorithms. Instead, the Applicant may prefer an approach that addresses registered domain names (rather than potentially registered domains). This approach will not infringe upon the rights of legitimate and eligible registrants to register domains, and allows the Applicant’s internal controls as well as community-developed UDRP and URS policies and procedures, if needed, to deal with complaints should there be any.

Afilias is a member of various security fora which provide access to lists of names in each TLD which may be used for malicious purposes. Such identified names will be subject to the TLD anti-abuse policy, including rapid suspensions after due process.

With specific respect to phishing and pharming, it should be noted by ICANN that the .HERMES TLD will, at least in first instance, operate as a single-registrant TLD in which Applicant has direct control over each registrant (they are typically on staff or otherwise contractually bound) and how each registration may be used. Since all criminal activity (such as phishing and pharming) is precluded by the mission, values and policies of the registry operator (and its parent organization), criminal activity is not expected to be a problem. If such activity occurs due to hacking or other compromises, the registry operator will take prompt and effective steps to eliminate the activity.


Rights protection resourcing plans
Since its founding, Afilias has been focused on delivering secure, stable and reliable registry services. Several essential management and staff who designed and launched the Afilias registry in 2001 and expanded the number of TLDs supported, all while maintaining strict service levels over the past decade, are still in place today. This base of experience will be reflected in the support for the .HERMES TLD. Afilias operates in a matrix structure, which allows its staff to be allocated to various critical functions in both a dedicated and a shared manner. With a team of specialists and generalists, the Afilias project management methodology enables efficient and effective use of the staff in a focused way.

Supporting RPMs requires several departments within the registry operator as well as within Afilias, its registry services provider. The implementation of Sunrise and the Trademark Claims service and on-going RPM activities will pull from the 102 Afilias staff members of the engineering, product management, development, security and policy teams at Afilias and the IP (or other appropriate) department at the registry operator and the support staff of service providers to the registry operator. Support staff will be on duty 24x7. A trademark validator will also be assigned within the registry operator, whose responsibilities may require as much as 50% of full-time employment if the domains under management were to exceed several million. No additional hardware or software resources are required to support this as the Applicant’s registry services provider, Afilias, has fully-operational capabilities to manage abuse today.