Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.persiangulfAsia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.gmail.comView
28.1 Policy Matrix
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has chosen to adopt CoCCAʺs tested acceptable use-based policy matrix, recommendations for minimising harm in TLDs, and subject the .persiangulf TLD to the CoCCA Complaint Resolution Service (ʺCRSʺ). Any individual who has a concern regarding abuse involving a .persiangulf domain, glue record, or the CoCCA PCH or ISCʺs network services as they relate to .persiangulf needs to lodge a complaint via the CRS. CoCCAʹs policy regarding glue records is quite simple, Registrars cannot create or use a host if the super-ordinate domain does not exist. When a domain is purged from the SRS CoCCA automatically deletes any glue records. All other glue record related issues can be dealt with via the CRS.

The CoCCA Best practice policy matrix has been developed over a decade and has currently been adopted by 16 TLDs. It was developed for (and by) ccTLDs managers that desired to operate an efficient standards–based SRS system complemented by a policy environment that addressed a registrants use of a string as well as the more traditional gTLD emphasis rights to string.

A key element of CoCCA’s policy matrix is that it provides for registry-level suspensions where there is evidence of AUP violations. The .persiangulf TLD will join other TLDs that utilize the CoCCA’s single-desk CRS. The CRS provides a framework for the public, law enforcement, regulatory bodies and intellectual property owners to swiftly address concerns regarding the use of .persiangulf domains, and the COCCA network. The AUP can be used to address concerns regarding a domain or any other resource record that appears in the .persiangulf zone.

The CRS procedure provides an effective alternative to the court system while allowing for Complaints against domains to be handled in a way treats each complaint in a fair and equal manor and allows for all affected parties to present evidence and arguments in a constructive forum.

In certain cases, it may be necessary for the CRS to trigger a Critical Issue Suspension, which suspends service of a domain, or removes a host record, when there is a compelling and demonstrable threat to the stability of the Internet, critical infrastructure or public safety. The intent of any CIS is to minimize any abuse that may occur in a timely manor. Any CIS may be appealed through the CoCCA ombudsman’s Amicable Complaint Resolution service.
28.1 Contractual Framework
Under the proposed framework Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will bind registrants to a .persiangulf TLD Registrant Agreement (“RA”). This RA is a collateral agreement that supersedes any Registrar – Registrant agreement and binds all Registrants to the .persiangulf AUP, Privacy and WHOIS policy, CoCCA CRS and any other requirements or dispute mechanisms mandated by ICANN.

The draft .persiangulf AUP follows below in sections 28.4. The RA and WHOIS and Privacy Policy may be viewed at http:⁄⁄coccaregistry.net⁄.persiangulf⁄policy
28.2 Minimizing Harm, Pro-active Measures
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will adopt the following five (5) key provisions of CoCCA’s already field - tested policies and technology aimed at preventing and mitigating abuse.
28.2.1 ʺTrust but Verifyʺ
Applicants for .persiangulf registrations must confirm to the registry that they agree to be bound by the registrant agreement and confirm the accuracy of contact details lodged by the Registrar with the registry. Until the Registrant or Administrative contact confirm their contact details with the Registry directly, and view accept the Registrant Agreement .persiangulf domains are excluded from the zone. See Life-Cycle Policy.

Automated Activation processes are already in place for 12 TLD currently using the CoCCA SRS. The process involves direct registry – registrant communication using email details provided to the registry by the Registrar. An automated email is sent to the Registrant and Admin contact that contains a link. The recipient must click on the link where they are directed to a web page that 1) displays the contact information the Registrar provided, 2) displays the .persiangulf RA and AUP policy.

All responses (positive or negative) are lodged against the domains permanent history in the SRS and the time: date ⁄ IP address stored.

The process also allows the registry the opportunity to independently verify the accuracy of contact data supplied by the registrar, or at least that there is a functioning email - improving WHOIS accuracy. The SRS uses dynamically generated images as a challenge-response verification to prevent automated processes activating domains and to directly collect and store additional identifying information about individuals Activating a domain, which can be utilised to control fraud or investigate cyber crimes.

Although registrars are required to advise registrants of the TLD policies and conditions, with the prevalence of highly automated registration systems and expansive reseller networks it cannot be guaranteed that registrants have reviewed or agreed to the policy.

The registrant or administrative contact must confirm the accuracy of the WHOIS data on not only on Registration but also the anniversary of Registration and Renewal. On any change of Registrant or Transfer the new Registrant must also agree to the RA and AUP directly with the Registry before the changes to the contacts are committed in the registry.

These procedures and the underlying technology are in use now and undergoing constant refinement in response to Registrar and Registrant suggestions.
28.2.2 Registrants’ rights to a limited license
The .persiangulf RA and AUP limit a registrants’ rights to a limited license to use but not to sub-license the use of any portion of the allocated SLD, subject to continuing compliance with all policies in place during that time. Registrants must warrant they will not assign the licence or sub-license any sub-domain without:

(a) securing the sub-licenseeʹs agreement to the RA, AUP and all other applicable policies; and
(b) obtaining the registryʹs consent in writing.

Rationale: It has occurred that registrants have registered a second level domain in order to set up what amounts to a third level registry, effectively sub-licensing to third parties the use of portions of their allocated second level domain. Most abuse seems to occur in lower level domains created by Registrants or third parties.

The .persiangulf TLD policy is recursive, however combating abusive activity in a TLD is complicated if the registry has no information as to the user of the subordinate domain or any way to suspend a single domain created by a registrant at a subordinate level.
28.2.3 Fast flux mitigation
Fast flux mitigation - queue for manual intervention by SRS admins all DNS delegation modifications that exceed four (4) requests in any 28 day period or three (3) in a one week period.

Rationale: This minimizes a registrant’s ability to frequently redelegate a domain, in order to overcome service limitations imposed by Internet service providers. Frequent redelegation may also assist a malicious user to obscure their identity. Limiting frequent redelegations enhances the effectiveness of service termination as a sanction by an Internet service provider.
28.2.4 Anycast Resiliency
A denial of service attack from, say, a single ISP will usually only affect a single node. All other nodes in the world will not notice anything about the attack and the rest of the Internet will thus not notice it either. A local attack is therefore only affecting the local neighborhood. Distributed denial of service attacks usually affects a few nodes only, but because the attack is spread out between nodes, so is the amount of traffic flowing to each node. With 80+ noes and two Anycast networks, the .persiangulf TLD is well protected against abuse targeting the .persiangulf DNS resolvers.
28.2.5 High Risk Strings
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will require manual intervention by the registry operator before domains that contain various strings such as ʺbankʺ, ʺsecureʺ, ʺPayPal” etc., go into the zone. A comprehensive list of high-risk strings
28.2.6 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. CERT Law Enforcement Collaboration
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will provide CERT, Law Enforcement and other interested parties direct read - only Access to the SRS on application for research and other activities related to identifying and mitigating abuse. The CoCCA already provides direct access to the Australian Government CERT.

The CoCCA SRS contains a variety of login types with various permissions, one such type is “Cert ⁄ Law Enforcement” which allows GUI - based query as well as EPP and Zone Access.
28.3 COCCA Complaint Resolution Service
The Complaint Resolution Service (“CRS”) provides a transparent, efficient and cost effective way for the public, law enforcement, regulatory bodies and intellectual property owners to have their concerns addressed regarding use of a TLD managers network or SRS services. The CRS provides a single framework in which cyber-crime, accessibility of prohibited Internet content and abuse of intellectual property rights are addressed. The framework relies on three tiers of review: immediate action to protect the public interest, amicable complaint resolution lead by an independent Ombudsman, and where applicable, adjudication by an Expert. The CRS provides an efficient and swift alternative to the Courts.

All complaints made against a domain to CoCCA are referred through the CRS protocol. When a complaint is filed, a CoCCA Complaints Officer (CCO) ensures that it meets the necessary criteria. If it does, notice is sent to involved parties and CRS Proceedings begin. If a Registrant responds to the complaint, it may be referred to an Ombudsman for Amicable Complaint Resolution (ACR). If ACR does not achieve acceptable resolution, binding arbitration by an Expert be requested by the Complainant.

In some cases, a Critical Issue Suspension (CIS) may become necessary. If a CIS has been determined to be necessary, the domain, or other resource record in a zone will be disabled until a resolution is found using the CRS protocol. A CIS is triggered in cases where there is a compelling and demonstrable threat to the stability of the Internet, critical infrastructure or public safety. A CIS does not terminate the license to a domain, and cannot be used to trigger the transfer a domain - it simply suspends resolution.
CRS Overview Diagram – cocca-crs1.pdf


28.4 .PERSIANGULF Acceptable Use Policy

This Acceptable Use Policy (ʺAUPʺ) sets out the actions prohibited to users of the Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. (AGITSys) (“applicant”) network. “Users” are defined as anyone who uses or accesses the .PERSIANGULF domain SRS, who has responsibility for one or more host records in the .PERSIANGULF zone files generated from the .PERSIANGULF SRS, registrants of a .PERSIANGULF Top Level (“TLD”) Domain name (“.PERSIANGULF Domain name”), and⁄or users of hardware, name servers, bandwidth, telecommunications transport, zone files or e-mail routing services or of any other domain name resolution systems and services in the .PERSIANGULF SRS and zone. Exceptions for use will be made for sites that denigrate the Persian Language, Culture and History.
This AUP policy applies recursively to all Domain names (which end in the suffix .PERSIANGULF), including second-level .PERSIANGULF Domain names (such as 〈nic.PERSIANGULF〉) and sub second-level domains (such as 〈example.nic.PERSIANGULF〉) which are maintained in the authoritative .PERSIANGULF register (managed by AGITSys); and those that are created outside the AGITSys TLD register and resolve as a result of sub-delegation by a Registrant.
No reference in this document constitutes a license to sub-delegate or otherwise sub-license any right obtained under the .PERSIANGULF Registrant Agreement, this AUP or other applicable .PERSIANGULF TLD Policies.
This AUP is in addition to rules governing qualifications for registration. Use of a .PERSIANGULF Domain name or the AGITSys Network in a manner that contravenes this AUP, may result in the suspension or revocation of a registrant’s right to use a .PERSIANGULF Domain name or to continue to be recognized as the registrant of a .PERSIANGULF Domain name. Suspension or revocation may apply to one or more .PERSIANGULF Domain names for which User is a registrant in addition to a particular .PERSIANGULF Domain name which may have given rise to a particular complaint.
AGITSys reserves the right to modify or update this AUP at any time and any such modifications or restatements shall be posted on AGITSys’ website at http:⁄⁄registry.PERSIANGUF⁄legal⁄aup.htm from time to time. AGITSys will use reasonable commercial efforts to inform designated contacts in the event of changes to this AUP. Such efforts may include posting the revised AUP on AGITSys’ website and⁄or sending email notice that this AUP has been modified or updated.
INTRODUCTION
AGITSys supports the free flow of information and ideas over the Internet.
AGITSys may discontinue, suspend, or modify the services provided to the registrant of an .PERSIANGULF Domain name (for example, through modification of .PERSIANGULF zone files), to address alleged violations of this AUP (described further below). AGITSys may determine in its sole discretion whether use of the AGITSys network or a .PERSIANGULF Domain name is prima facie violation of this AUP. AGITSys or affected parties may utilize the AGITSys AUP CRS and⁄or the courts in the jurisdiction and venue specified in the Registrant Agreement to resolve disputes over interpretation and implementation of this AUP, as described more fully in the AGITSys AUP CRS.
Users of the AGITSys Network are obliged and required to ensure that their use of a .PERSIANGULF Domain name or the AGITSys Network is at all times lawful and in accordance with the requirements of this AUP and applicable laws and regulations of Turkey.
This AUP should be read in conjunction with the AGITSys Registrant Agreement, Complaint Resolution Policy, Privacy Policy, Acceptable Use Policy, and other applicable agreements, policies, laws and regulations. By way of example, and without limitation, the Registrant Agreement sets forth representations and warranties and other terms and conditions, breach of which may constitute non-compliance with this AUP.
PROHIBITED USE
A “Prohibited use” of the AGITSys Network or a .PERSIANGULF Domain name is a use which is expressly prohibited by provisions of this AUP. The non-exhaustive list of restrictions pertaining to use of the AGITSys Network and .PERSIANGULF Domain names in relation to various purposes and activities are as follows. Registration of one or more .PERSIANGULF Domain names or access to services provided by AGITSys may be cancelled or suspended for any breach of, or non-compliance with this AUP:
1. COMPLIANCE WITH AGITSys AUP
1.1 The AGITSys Network and .PERSIANGULF Domain names must be used for lawful purposes and comply with this AUP. The creation, transmission, distribution, storage of, or linking to any material in violation of applicable law or regulation or this AUP is prohibited. This may include, but is not limited to, the following:
(1.1) Communication, publication or distribution of material (including through links or framing) that infringes upon the intellectual and⁄or industrial property rights of another person. Intellectual and⁄or industrial property rights include, but are not limited to: copyrights (including future copyright), design rights, patents, patent applications, trademarks, rights of personality, and trade secret information.
(1.2) Communication, publication or distribution of material (including through links or framing) that denigrates the Persian Language, Culture and History.
(1.3) Registration or use of a .PERSIANGULF Domain name in circumstances in which, in the sole discretion of the AGITSys:
(1.3.a) The .PERSIANGULF Domain name is identical or confusingly similar to a personal name, company, business or other legal or trading name as registered with the relevant Turkish agency, or a trade or service mark in which a third party complainant has uncontested rights, including without limitation in circumstances in which:
(1.3.a.i) The use deceives or confuses others in relation to goods or services for which a trade mark is registered in Turkey, or in respect of similar goods or closely related services, against the wishes of the registered proprietor of the trade mark; or
(1.3.a.ii) The use deceives or confuses others in relation to goods or services in respect of which an unregistered trade mark or service mark has become distinctive of the goods or services of a third party complainant, and in which the third party complainant has established a sufficient reputation in Turkey, against the wishes of the third party complainant; or
(1.3.a.iii) The use trades on or passes-off a .PERSIANGULF Domain name or a website or other content or services accessed through resolution of a .PERSIANGULF Domain as being the same as or endorsed, authorized, associated or affiliated with the established business, name or reputation of another; or
(1.3.a.iv) The use constitutes intentionally misleading or deceptive conduct in breach of AGITSys policy, or the laws of Turkey; or
(1.3.b) The .PERSIANGULF Domain name has been used in bad faith, including without limitation the following:
(1.3.b.i) The User has used the .PERSIANGULF Domain name primarily for the purpose of unlawfully disrupting the business or activities of another person; or
(1.3.b.ii) By using the .PERSIANGULF Domain name, the User has intentionally created a likelihood of confusion with respect to the third party complainant’s intellectual or industrial property rights and the source, sponsorship, affiliation, or endorsement of website(s), email, or other online locations or services or of a product or service available on or through resolution of a .PERSIANGULF Domain name;
(1.3.b.iii) For the purpose of selling, renting or otherwise transferring the Domain name to an entity or to a commercial competitor of an entity, for valuable consideration in excess of a User’s documented out-of-pocket costs directly associated with acquiring the Domain Name;
(1.3.b.iv) As a blocking registration against a name or mark in which a third party has superior intellectual or industrial property rights.
(1.4) A .PERSIANGULF Domain name registration which is part of a pattern of registrations where the User has registered domain names which correspond to well-known names or trademarks in which the User has no apparent rights, and the .PERSIANGULF Domain name is part of that pattern;
(1.5) The .PERSIANGULF Domain name was registered arising out of a relationship between two parties, and it was mutually agreed, as evidenced in writing, that the Registrant would be an entity other than that currently in the register.
(1.6) Unlawful communication, publication or distribution of registered and unregistered know-how, confidential information and trade secrets.
(1.7) Publication or distribution of content which, in the opinion of the AGITSys:
(1.7.a) is capable of disruption of systems in use by other Internet users or service providers (e.g. viruses or malware);
(1.7.b) seeks or apparently seeks authentication or login details used by operators of other Internet sites (e.g. phishing); or
(1.7.c) may mislead or deceive visitors to the site that the site has an affiliation with the operator of another Internet site (e.g. phishing).
(1.8) Communication, publication or distribution, either directly or by way of embedded links, of images or materials (including, but not limited to pornographic material and images or materials that a reasonable person as a member of the community of Turkey would consider to be obscene or indecent) where such communication, publication or distribution is prohibited by or constitutes an offence under the laws of Turkey, whether incorporated directly into or linked from a web site, email, posting to a news group, internet forum, instant messaging notice which makes use of domain name resolution services in the .PERSIANGULF TLD.
Material that a reasonable member of the community of Turkey would consider pornographic, indecent, and⁄or obscene or which is otherwise prohibited includes, by way of example and without limitation, real or manipulated images depicting child pornography, bestiality, excessively violent or sexually violent material, sexual activity, and material containing detailed instructions regarding how to commit a crime, an act of violence, or how to prepare and⁄or use illegal drugs
(1.9) Communication, publication or distribution of defamatory material or material that constitutes racial vilification.
(1.10) Communication, publication or distribution of material that constitutes an illegal threat or encourages conduct that may constitute a criminal offence.
(1.11) Communication, publication or distribution of material that is in contempt of the orders of a court or another authoritative government actor within Turkey.
(1.12) Use, communication, publication or distribution of software, technical information or other data that violates Turkey’s export control laws.
(1.13) Use, communication, publication or distribution of confidential or personal information or data including confidential or personal information about persons that collected without their knowledge or consent.
2. ELECTRONIC MAIL
2.1 AGITSys expressly prohibits Users of the AGITSys Network from engaging in the following activities:
(1.1) Communicating, transmitting or sending unsolicited bulk e-mail messages or other electronic communications (ʺjunk mailʺ or ʺSpamʺ) of any kind including, but not limited to, unsolicited commercial advertising, informational announcements, and political or religious tracts. Such messages or material may be sent only to those who have expressly requested it. If a recipient asks a User to stop sending such e-mails, then any further e-mail messages or other electronic communications would in such event constitute Spam and violate the provisions and requirements of this AUP.
(1.2) Communicating, transmitting or sending any material by e-mail or otherwise that harasses, or has the effect of harassing, another person or that threatens or encourages bodily harm or destruction of property including, but not limited to, malicious e-mail and flooding a User, site, or server with very large or numerous pieces of e-mail or illegitimate service requests.
(1.3) Communicating, transmitting, sending, creating, or forwarding fraudulent offers to sell or buy products, unsolicited offers of employment, messages about ʺMake-Money Fastʺ, ʺPyramidʺ or ʺPonziʺ type schemes or similar schemes, and ʺchain lettersʺ whether or not the recipient wishes to receive such messages.
(1.4) Adding, removing, modifying or forging AGITSys Network or other network header information with the effect of misleading or deceiving another person or attempting to impersonate another person by using forged headers or other identifying information (ʺSpoofingʺ).
(1.5) Causing or permitting the advertisement of a .PERSIANGULF Domain name in an unsolicited email communication.
3. DISRUPTION OF AGITSys NETWORK
3.1 No-one may use the AGITSys Network or a .PERSIANGULF Domain name for the purpose of:
(1.1) Restricting or inhibiting any person in their use or enjoyment of the AGITSys Network or a .PERSIANGULF Domain name or any service or product of AGITSys.
(1.2) Actually or purportedly reselling AGITSys services and products without the prior written consent of AGITSys.
(1.3) Transmitting any communications or activity, which may involve deceptive marketing practices such as the fraudulent offering of products, items, or services to any other party.
(1.4) Providing false or misleading information to AGITSys or to any other party through the AGITSys Network.
(1.5) Facilitating or aiding the transmission of confidential information, private, or stolen data such as credit card information (without the owner’s or cardholderʹs consent).
4. NETWORK INTEGRITY AND SECURITY
4.1 Users are prohibited from circumventing or attempting to circumvent the security of any host, network or accounts (ʺcrackingʺ or ʺhackingʺ) on, related to, or accessed through the AGITSys Network. This includes, but is not limited to:
(1.1) accessing data not intended for such user;
(1.2) logging into a server or account which such user is not expressly authorized to access;
(1.3) using, attempting to use, or attempting to ascertain a username or password without the express written consent of the operator of the service in relation to which the username or password is intended to function;
(1.4) probing the security of other networks;
(1.5) executing any form of network monitoring which is likely to intercept data not intended for such user.
4.2 Users are prohibited from effecting any network security breach or disruption of any Internet communications including, but not limited to:
(2.1) accessing data of which such User is not an intended recipient; or
(2.2) logging onto a server or account, which such User is not expressly authorized to access.
For the purposes of this section 4.2, ʺdisruptionʺ includes, but is not limited to:
port scans, TCP⁄UDP floods, packet spoofing;
forged routing information;
deliberate attempts to overload or disrupt a service or host;
using the AGITSys Network in connection with the use of any program, script, command, or sending messages with the intention or likelihood of interfering with another userʹs terminal session by any means, locally or by the Internet.
4.3 Users who compromise or disrupt AGITSys Network systems or security may incur criminal or civil liability. AGITSys will investigate any such incidents and will cooperate with law enforcement agencies if a crime is suspected to have taken place.
5. NON-EXCLUSIVE, NON-EXHAUSTIVE
This AUP is intended to provide guidance as to what constitutes acceptable use of the AGITSys Network and of .PERSIANGULF Domain names. However, the AUP is neither exhaustive nor exclusive.
6. COMPLAINTS
Persons who wish to notify AGITSys of abusive conduct in violation of this AUP may report the same pursuant to the AGITSys Acceptable Use Policy Enforcement Procedure, which is instituted by submitting to AGITSys a completed AGITSys Acceptable Use Policy Violation Complaint Form.
7. ENFORCEMENT
AGITSys may, in its sole discretion, suspend or terminate a Userʹs service for violation of any of the requirements or provisions of the AUP on receipt of a complaint if AGITSys believes:
(1.1.a) a violation of the AUP has or may have occurred; or
(1.1.b) suspension and⁄or termination may be in the public interest.
AGITSys may delegate its right to take any action to an Internet security agency or may act upon any report from an Internet security agency without prior notification to the User.
If AGITSys elects not to take immediate action, AGITSys may require Registrants and a complainant to utilise the AUP Complaint Resolution Service and Policy to ensure compliance with this AUP and remedy any violation or suspected violation within a reasonable time prior to suspension or terminating service.
8. LIMITATION OF LIABILITY
In no event shall AGITSys be liable to any User of the AGITSys Network, any customer, nor any third party for any direct, indirect, special or consequential damages for actions taken pursuant to this AUP, including, but not limited to, any lost profits, business interruption, loss of programs or other data, or otherwise, even if AGITSys was advised of the possibility of such damages. AGITSys’ liability for any breach of a condition or warranty implied by the Registrant Agreement or this AUP shall be limited to the maximum extent possible to one of the following (as AGITSys may determine):
(i) supplying the services again; or
(ii) paying the cost of having the services supplied again.
9. REMOVAL OF CONTENT RESPONSIBILITY
At its sole discretion, AGITSys reserves the right to:
(i) Remove or alter content, zone file data or other material from its servers provided by any person that violates the provisions or requirements of this AUP;
(ii) re-delegate, redirect or otherwise divert traffic intended for any service;
(iii) notify operators of Internet security monitoring, virus scanning services and⁄or law enforcement authorities of any apparent breach of this AUP or .PERSIANGULF TLD Policies; and⁄or
(iv) terminate access to the AGITSys Network by any person that AGITSys determines has violated the provisions or requirements of this AUP.
In any regard, AGITSys is not responsible for the content or message of any newsgroup posting, e-mail message, or web site regardless of whether access to such content or message was facilitated by the AGITSys Network. AGITSys does not have any duty to take any action with respect to such content or message by creating this AUP, and Users of the AGITSys Network are obliged and required to ensure that their use of a .PERSIANGULF Domain name or the AGITSys Network is at all times in accordance with the requirements of this AUP and any applicable laws and⁄or regulation.

28.5 CoCCA CRS - Policies and Procedures

1. Statement of Purpose

1.1. This Complaint Resolution Service (ʺCRSʺ) provides a transparent,
efficient and cost effective way for the public, law enforcement,
regulatory bodies and intellectual property owners to have their
concerns addressed regarding use of a TLD Managers network or
services.

1.2. The Service provides a single framework in which cyber-crime,
accessibility of prohibited Internet content via a memberʺs network or
services and abuse of intellectual property rights are addressed. The
framework relies on three tiers of review: immediate action to protect
the public interest, amicable complaint resolution lead by an
independent Ombudsman, and where applicable, adjudication by an
Expert. The CRS provides an efficient and swift alternative to the
Courts.

This document should be read in conjunction with the Acceptable Use
Policy (ʺAUPʺ) applicable to the domain ⁄ TLD you are considering
lodging a complaint against. If after having reviewed the applicable
AUP Policy it is determined a violation has occurred, a complaint may
be lodged by completing the CoCCA CRS Complaint form.

NOTE: IF YOU DO NOT LODGE THE SIGNED COMPLAINT FORM THAT FOLLOWS
BELLOW ON PAGES 8- 13 OF THIS DOCUMENT, YOUR COMPLAINT WILL NOT BE
REVIEWED.

Complaints will be reviewed in accordance with the following Steps:

Step One | Confirmation ⁄ Communication

A CoCCA Complaints Officer (ʺCCOʺ) will review all formally lodged
complaints for compliance with the CRS and the applicable AUP. If the
CCO considers that the Complaint does not address the matter covered
by the AUP, or is unsigned or otherwise violates this Procedure, the
Complainant will be promptly notified of the deficiencies identified.

The Complainant shall have five (5) Days from the receipt of
notification within which to correct the deficiencies and return the
Complaint, failing which the CCO will deem the Complaint to be
withdrawn. This will not prevent the Complainant from submitting a
different Complaint.

On receipt of the Complaint the CCO will lock domain and associated
records until a period of ten (10) Days after the COO and Parties are
notified of a Decision by the Ombudsman or and Expert, at which time
the domain name may be unlocked.

Step Two | Immediate Review of Request for Suspension in the Public Interest

On receipt of a properly lodged Complaint, the CCO will initiate a
review. When specifically requested by the Complainant the CCO may
initiate a Critical Issue Suspension (ʺCISʺ).

A request for a CIS may be granted in cases where there is a
compelling and demonstrable threat to the stability of the Internet,
critical infrastructure or public safety. A ʺcritical issue
suspensionʺ does not terminate the registrantʺs rights or their domain
license; it simply modifies the NS records in the zone temporarily
disabling resolution. All suspensions under the CRS, including a CIS,
may be appealed to the Ombudsmanʺs office for amicable resolution, an
Expert Panelist for binding arbitration or a court of competent
jurisdiction.

Where the CCO has triggered a CIS, notice will be sent to the
Registrant, Administrative Contact, Registrar and Ombudsman within 24
hours of triggering the CIS.

Step Three | Formal Notification

The CCO will send a copy of the Complaint to the Respondent (normally
the Registrant and⁄or Administrative Contact) and the TLD Sponsors
designated contact with an explanatory note within 5 days by:

a) Sending the Complaint by post, fax or e-mail to the Respondent at
the contact details shown as the Registrant or any other contacts in
the TLD Register for the Domain Name that is the subject of the
Complaint.

b) The CCO may also, at their discretion send the complaint to any
addresses provided to the CCO by the Complainant so far as this is
practicable.

c) Except as set forth otherwise, all written communication to a Party
or a partyʺs representative under the Policy or this Procedure shall
be made by fax, post or e-mail.

d) Communication shall be made in English, E-mail communications
(other than attachments) should be sent in plain text or PDF format so
far as this is practicable.

During the course of the proceedings under the CRS, if either Party
wishes to change its contact details it must notify the CCO of all
changes. However, no change shall be made in the Registrant
Information for the Domain Name without mutual agreement of the
parties or unless a settlement is reached.
Except as otherwise provided in this Procedure or as otherwise decided
by the CCO or if appointed, the Expert, all communications provided
for under this procedure shall be deemed to have been received:

a) if sent by courier, when singed for by the recipient;
b) if sent via the Internet, on the date that the communication was transmitted

Unless otherwise provided in this Procedure, the time periods provided
for under the Policy and this Procedure shall be calculated based on
the time zone of the CCO.

Any communication between:

a) the CCO and any Party shall be copied by the CCO to the other Party
and if appointed, the Ombudsman or Expert;

b) a Party to another Party shall be copied by the sender to the CCO.
The CCO will copy such correspondence to the Ombudsman or Expert, if
appointed.

Commencement of Complaint Resolution Service proceedings

The CCO will promptly notify the Parties by email of the date of the
Commencement of Complaint Resolution Service proceedings. The date
and time of transmission of such email in the time zone of the CCO
according to the email header generated by the CCOʺs transmitting
emails system will be the date of Commencement of CRS proceedings.

The Response

Within fifteen (15) Days of the date of Commencement of Complaint
Resolution Service proceedings, the Respondent may submit a Response.

The Respondent must send the Response to the CCO signed in electronic
form at the addresses set out in the explanatory coversheet. In
determining whether a Response was submitted in a timely manner, the
date and time of receipt (as determined by the CCOʺs receiving email
server) shall be considered by the CCO as the date and time of
submission, provided that such email i) contains a scanned copy of
documents which include signatures, ii) contains all attachments, iii)
is of a form and format which may be opened by the CCO. The Response
shall:

a) include any grounds that the Respondent wishes to rely upon to
rebut the Complainantʺs assertions;

b) specify whether the Respondent wishes to be contacted directly or
through an authorized representative, and set out the e-mail address,
telephone number, fax number, and postal address which should be used
in communications with the Respondent;

c) disclose to the CCO whether any legal proceedings have been
commenced or terminated in connection with the Domain Name(s) which is
the subject of the Complaint;

d) conclude with the following statement followed by the signature of
the Respondent or its authorized representative:

ʺThe information contained in the response is to the best of the
respondentʺs knowledge true and complete and the matters stated in
this response comply with the Policy and Procedure and applicable
law.ʺ

Within (3) Days following the receipt of a signed copy of the
Response, the CCO will forward the Response to the Complainant. If
the Respondent does not submit a Response, the Domain will be
suspended 15 days after the CRS proceedings commence.

Reply by the Complainant

Within five (5) Days of receiving the Respondentʺs Response from the
CCO, the Complainant may submit a Reply to the Respondentʺs Response,
which shall not exceed 2000 words (not including annexes). The Reply
should be confined to answering any new points raised in the Response
not previously dealt with in the Complaint.

Step Four | Amicable Complaint Resolution | Ombudsman

No Amicable Complaint Resolution (ʺACRʺ) will occur if the Respondent
does not file a Response. Within three (3) Days of the receipt of the
Complainantʺs Reply (or the expiry of the deadline to do so), the CCO
will arrange with the Ombudsmanʺs office for Amicable Complaint
Resolution to be conducted. ACR will be conducted in a manner that the
Ombudsman, at his or her sole discretion, considers appropriate.

Negotiations conducted between the Parties during ACR (including any
information obtained from or in connection to negotiations) shall be
confidential as between the Parties. Any such information will not be
shown to an Expert, should one latter be appointed. Neither the
Ombudsman nor any Party may reveal details of such negotiations to any
third parties unless a decision-making body of competent jurisdiction
orders disclosure. Neither Party shall use any information gained
during mediation for any ulterior or collateral purpose or include it
in any submission likely to be seen by any court or decision-making
body of competent jurisdiction or an arbitral tribunal of competent
jurisdiction in this Complaint or any later Complaint or litigation.

If the Parties reach a settlement during the ACR, then the existence,
nature and terms of the settlement shall be confidential as between
the Parties unless the Parties specifically agree otherwise, a court
or decision-making body of competent jurisdiction orders otherwise, or
applicable laws or regulations require it.

No binding verbal agreements can be reached as part of the ACR: any
settlement reached by the Parties must be in writing to be
enforceable.

If the Parties did not achieve an acceptable resolution through ACR
within ten (10) Days, the Ombudsman will send notice to the Parties
that the Complainant has the option to request appointment of an
Expert. The Complainant will have ten (10) Days upon receipt of the
notice from the Ombudsman to pay the applicable fees to CoCCA if he or
she wants to move forward with binding arbitration by an Expert.

Step Five | Appointment of the Expert and Timing of Decision (Optional)

If the Ombudsman does not receive the Complainantʺs request to refer
the matter to an Expert together with the applicable fees within ten
(10) Days, the Complaint will be deemed to have been withdrawn. This
will not prevent the Complainant submitting a different Complaint.

Within five (5) Days of the receipt of the applicable fees from the
Complainant, the Ombudsman will appoint an Expert on a rotational
basis from a list of Experts. An Expert may only be a person named in
the CoCCA list of Experts, which the Ombudsman will maintain and
publish along with the Expertsʺ qualifications. No Expertʺs
appointment will be challenged on the grounds that they are
insufficiently qualified. Once the Expert has been appointed, the
Parties will be notified of the name of the Expert appointed and the
date by which the Expert will forward, except in the case of
exceptional circumstances, his or her decision to the CCO and copy the
Ombudsman.

The Expert shall be both impartial and independent before accepting
the appointment. During the proceedings the Expert will disclose to
the Ombudsman any circumstances giving rise to the justifiable doubt
as to their impartiality or independence. The Ombudsman will have the
discretion to appoint a substitute Expert if necessary, in which case
the timetable will be adjusted accordingly.

In addition to the Complaint, and if applicable the Response, the
Reply, any appeal notice and appeal notice response, the Expert may
request further statements or documents from the Parties. However, the
Expert will not be obliged to consider any statements or documents
from the Parties which he or she has not received according to the
Policy or this Procedure or which he or she has not requested. The
Expert may request a further statement that will be limited to a
defined topic but will not be obliged to consider any material beyond
that requested.

Step Six | Expert Decision

The Expert will decide a Complaint on the basis of the Policy, the
Procedure and the submissions made by the Party. If, in the absence
of exceptional circumstances, a Party does not comply with any
provision in the Policy, Procedure or any request by the Ombudsman or
the Expert, the Expert may draw such inferences from the Partyʺs
non-compliance, as he or she deems appropriate.

Unless exceptional circumstances apply, an Expert shall forward his or
her Decision to the Ombudsman within ten (10) Days of his or her
appointment. The Decision shall be in writing and signed by the
Expert. It will provide the reasons on which the decision is based,
indicate the date on which it was made, the place the Decision was
made and identify the name of the Expert.

Within three (3) Days of the receipt of a Decision from the Expert,
the Ombudsman will communicate the full text of the Decision to each
Party via email with the date for the implementation of the Decision
in accordance with the Policy.

Effect of Court Proceedings

If, before or during the course of proceedings under the Complaint
Resolution Service, the Ombudsman is made aware that legal proceedings
have begun in or before an applicable court or decision-making body of
competent jurisdiction or an arbitral tribunal of competent
jurisdiction, and that such legal proceedings relate to a Domain Name
which is the subject of a Complaint, he or she will suspend the
Complaint Resolution Service proceedings pending the outcome of the
legal proceedings.

A Party must promptly notify the Ombudsman if it initiates or becomes
aware of legal proceedings in a court or decision-making body of
competent jurisdiction, or arbitral tribunal of competent jurisdiction
relating to a Domain Name that is the subject of a Complaint under the
proceedings of the Complaint Resolution Service.

Either party may request, before or during the Complaint Resolution
Service Proceedings, an interim measure of protection from a court.

Expert Fees

The applicable fees in respect of the referral of proceedings under
the Complaint Resolution Service to an Expert are (in United States
Dollars), for Complaints involving 1-5 Domain Names and only one
Complainant, $2500 plus applicable taxes, such as goods and services
taxes (ʺGSTʺ). For Complaints involving 6 or more Domain Names, and ⁄
or more than one Complainant, the Ombudsman will set a fee in
consultation with the Complainant. Fees are calculated on a
cost-recovery basis, and are passed on in their entirety to the
Expert(s). CoCCA does not charge for its mediation or administration
services in respect of the Complaint Resolution Service.

Exclusion of Liability

Neither CoCCA nor its councilors, officers, members, employees or
servants nor any Expert, Mediator or any employee of any Expert or
Mediator shall be liable to a Party for anything done or omitted,
whether negligently or otherwise, in connection with any proceedings
under the Complaint Resolution Service unless the act or omission is
shown to have been in bad faith.
gTLDFull Legal NameE-mail suffixDetail
.nowruzAsia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.nsline.comView
28.1 Policy Matrix
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has chosen to adopt CoCCAʺs tested acceptable use-based policy matrix, recommendations for minimising harm in TLDs, and subject the .nowruz TLD to the CoCCA Complaint Resolution Service (ʺCRSʺ). Any individual who has a concern regarding abuse involving a .nowruz domain, glue record, or the CoCCA PCH or ISCʺs network services as they relate to .nowruz needs to lodge a complaint via the CRS. CoCCAʹs policy regarding glue records is quite simple, Registrars cannot create or use a host if the super-ordinate domain does not exist. When a domain is purged from the SRS CoCCA automatically deletes any glue records. All other glue record related issues can be dealt with via the CRS.

The CoCCA Best practice policy matrix has been developed over a decade and has currently been adopted by 16 TLDs. It was developed for (and by) ccTLDs managers that desired to operate an efficient standards–based SRS system complemented by a policy environment that addressed a registrants use of a string as well as the more traditional gTLD emphasis rights to string.

A key element of CoCCA’s policy matrix is that it provides for registry-level suspensions where there is evidence of AUP violations. The .nowruz TLD will join other TLDs that utilize the CoCCA’s single-desk CRS. The CRS provides a framework for the public, law enforcement, regulatory bodies and intellectual property owners to swiftly address concerns regarding the use of .nowruz domains, and the COCCA network. The AUP can be used to address concerns regarding a domain or any other resource record that appears in the .nowruz zone.

The CRS procedure provides an effective alternative to the court system while allowing for Complaints against domains to be handled in a way treats each complaint in a fair and equal manor and allows for all affected parties to present evidence and arguments in a constructive forum.

In certain cases, it may be necessary for the CRS to trigger a Critical Issue Suspension, which suspends service of a domain, or removes a host record, when there is a compelling and demonstrable threat to the stability of the Internet, critical infrastructure or public safety. The intent of any CIS is to minimize any abuse that may occur in a timely manor. Any CIS may be appealed through the CoCCA ombudsman’s Amicable Complaint Resolution service.
28.1 Contractual Framework
Under the proposed framework Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will bind registrants to a .nowruz TLD Registrant Agreement (“RA”). This RA is a collateral agreement that supersedes any Registrar – Registrant agreement and binds all Registrants to the .nowruz AUP, Privacy and WHOIS policy, CoCCA CRS and any other requirements or dispute mechanisms mandated by ICANN.

The draft .nowruz AUP follows below in sections 28.4. The RA and WHOIS and Privacy Policy may be viewed at http:⁄⁄coccaregistry.net⁄.nowruz⁄policy
28.2 Minimizing Harm, Pro-active Measures
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will adopt the following five (5) key provisions of CoCCA’s already field - tested policies and technology aimed at preventing and mitigating abuse.
28.2.1 ʺTrust but Verifyʺ
Applicants for .nowruz registrations must confirm to the registry that they agree to be bound by the registrant agreement and confirm the accuracy of contact details lodged by the Registrar with the registry. Until the Registrant or Administrative contact confirm their contact details with the Registry directly, and view accept the Registrant Agreement .nowruz domains are excluded from the zone. See Life-Cycle Policy.

Automated Activation processes are already in place for 12 TLD currently using the CoCCA SRS. The process involves direct registry – registrant communication using email details provided to the registry by the Registrar. An automated email is sent to the Registrant and Admin contact that contains a link. The recipient must click on the link where they are directed to a web page that 1) displays the contact information the Registrar provided, 2) displays the .nowruz RA and AUP policy.

All responses (positive or negative) are lodged against the domains permanent history in the SRS and the time: date ⁄ IP address stored.

The process also allows the registry the opportunity to independently verify the accuracy of contact data supplied by the registrar, or at least that there is a functioning email - improving WHOIS accuracy. The SRS uses dynamically generated images as a challenge-response verification to prevent automated processes activating domains and to directly collect and store additional identifying information about individuals Activating a domain, which can be utilised to control fraud or investigate cyber crimes.

Although registrars are required to advise registrants of the TLD policies and conditions, with the prevalence of highly automated registration systems and expansive reseller networks it cannot be guaranteed that registrants have reviewed or agreed to the policy.

The registrant or administrative contact must confirm the accuracy of the WHOIS data on not only on Registration but also the anniversary of Registration and Renewal. On any change of Registrant or Transfer the new Registrant must also agree to the RA and AUP directly with the Registry before the changes to the contacts are committed in the registry.

These procedures and the underlying technology are in use now and undergoing constant refinement in response to Registrar and Registrant suggestions.
28.2.2 Registrants’ rights to a limited license
The .nowruz RA and AUP limit a registrants’ rights to a limited license to use but not to sub-license the use of any portion of the allocated SLD, subject to continuing compliance with all policies in place during that time. Registrants must warrant they will not assign the licence or sub-license any sub-domain without:

(a) securing the sub-licenseeʹs agreement to the RA, AUP and all other applicable policies; and
(b) obtaining the registryʹs consent in writing.

Rationale: It has occurred that registrants have registered a second level domain in order to set up what amounts to a third level registry, effectively sub-licensing to third parties the use of portions of their allocated second level domain. Most abuse seems to occur in lower level domains created by Registrants or third parties.

The .nowruz TLD policy is recursive, however combating abusive activity in a TLD is complicated if the registry has no information as to the user of the subordinate domain or any way to suspend a single domain created by a registrant at a subordinate level.
28.2.3 Fast flux mitigation
Fast flux mitigation - queue for manual intervention by SRS admins all DNS delegation modifications that exceed four (4) requests in any 28 day period or three (3) in a one week period.

Rationale: This minimizes a registrant’s ability to frequently redelegate a domain, in order to overcome service limitations imposed by Internet service providers. Frequent redelegation may also assist a malicious user to obscure their identity. Limiting frequent redelegations enhances the effectiveness of service termination as a sanction by an Internet service provider.
28.2.4 Anycast Resiliency
A denial of service attack from, say, a single ISP will usually only affect a single node. All other nodes in the world will not notice anything about the attack and the rest of the Internet will thus not notice it either. A local attack is therefore only affecting the local neighborhood. Distributed denial of service attacks usually affects a few nodes only, but because the attack is spread out between nodes, so is the amount of traffic flowing to each node. With 80+ noes and two Anycast networks, the .nowruz TLD is well protected against abuse targeting the .nowruz DNS resolvers.
28.2.5 High Risk Strings
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will require manual intervention by the registry operator before domains that contain various strings such as ʺbankʺ, ʺsecureʺ, ʺPayPal” etc., go into the zone. A comprehensive list of high-risk strings
28.2.6 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. CERT Law Enforcement Collaboration
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will provide CERT, Law Enforcement and other interested parties direct read - only Access to the SRS on application for research and other activities related to identifying and mitigating abuse. The CoCCA already provides direct access to the Australian Government CERT.

The CoCCA SRS contains a variety of login types with various permissions, one such type is “Cert ⁄ Law Enforcement” which allows GUI - based query as well as EPP and Zone Access.
28.3 COCCA Complaint Resolution Service
The Complaint Resolution Service (“CRS”) provides a transparent, efficient and cost effective way for the public, law enforcement, regulatory bodies and intellectual property owners to have their concerns addressed regarding use of a TLD managers network or SRS services. The CRS provides a single framework in which cyber-crime, accessibility of prohibited Internet content and abuse of intellectual property rights are addressed. The framework relies on three tiers of review: immediate action to protect the public interest, amicable complaint resolution lead by an independent Ombudsman, and where applicable, adjudication by an Expert. The CRS provides an efficient and swift alternative to the Courts.

All complaints made against a domain to CoCCA are referred through the CRS protocol. When a complaint is filed, a CoCCA Complaints Officer (CCO) ensures that it meets the necessary criteria. If it does, notice is sent to involved parties and CRS Proceedings begin. If a Registrant responds to the complaint, it may be referred to an Ombudsman for Amicable Complaint Resolution (ACR). If ACR does not achieve acceptable resolution, binding arbitration by an Expert be requested by the Complainant.

In some cases, a Critical Issue Suspension (CIS) may become necessary. If a CIS has been determined to be necessary, the domain, or other resource record in a zone will be disabled until a resolution is found using the CRS protocol. A CIS is triggered in cases where there is a compelling and demonstrable threat to the stability of the Internet, critical infrastructure or public safety. A CIS does not terminate the license to a domain, and cannot be used to trigger the transfer a domain - it simply suspends resolution.
CRS Overview Diagram – cocca-crs1.pdf


28.4. Acceptable use policy
INTRODUCTION
AGITSys supports the free flow of information and ideas over the Internet. AGITSys does not exercise editorial control over the content of any message or web site made accessible by domain name resolution services in the .NOWRUZ TLD.
AGITSys may discontinue, suspend, or modify the services provided to the registrant of an .NOWRUZ Domain name (for example, through modification of .NOWRUZ zone files), to address alleged violations of this AUP (described further below). AGITSys may determine in its sole discretion whether use of the AGITSys network or a .NOWRUZ Domain name is prima facie violation of this AUP. AGITSys or affected parties may utilize the AGITSys AUP CRS and⁄or the courts in the jurisdiction and venue specified in the Registrant Agreement to resolve disputes over interpretation and implementation of this AUP, as described more fully in the AGITSys AUP CRS.
Users of the AGITSys Network are obliged and required to ensure that their use of a .NOWRUZ Domain name or the AGITSys Network is at all times lawful and in accordance with the requirements of this AUP and applicable laws and regulations of Turkey.
This AUP should be read in conjunction with the AGITSys Registrant Agreement, Complaint Resolution Policy, Privacy Policy, Acceptable Use Policy, and other applicable agreements, policies, laws and regulations. By way of example, and without limitation, the Registrant Agreement sets forth representations and warranties and other terms and conditions, breach of which may constitute non-compliance with this AUP.
PROHIBITED USE
A “Prohibited use” of the AGITSys Network or a .NOWRUZ Domain name is a use which is expressly prohibited by provisions of this AUP. The non-exhaustive list of restrictions pertaining to use of the AGITSys Network and .NOWRUZ Domain names in relation to various purposes and activities are as follows. Registration of one or more .NOWRUZ Domain names or access to services provided by AGITSys may be cancelled or suspended for any breach of, or non-compliance with this AUP:
1. COMPLIANCE WITH AGITSys AUP
1.1 The AGITSys Network and .NOWRUZ Domain names must be used for lawful purposes and comply with this AUP. The creation, transmission, distribution, storage of, or linking to any material in violation of applicable law or regulation or this AUP is prohibited. This may include, but is not limited to, the following:
(1.1) Communication, publication or distribution of material (including through links or framing) that infringes upon the intellectual and⁄or industrial property rights of another person. Intellectual and⁄or industrial property rights include, but are not limited to: copyrights (including future copyright), design rights, patents, patent applications, trademarks, rights of personality, and trade secret information.
(1.2) Communication, publication or distribution of material (including through links or framing) that denigrates the Persian Language, Culture and History.

(1.3) Registration or use of a .NOWRUZ Domain name in circumstances in which, in the sole discretion of the AGITSys:
(1.3.a) The .NOWRUZ Domain name is identical or confusingly similar to a personal name, company, business or other legal or trading name as registered with the relevant Turkish agency, or a trade or service mark in which a third party complainant has uncontested rights, including without limitation in circumstances in which:
(1.3.a.i) The use deceives or confuses others in relation to goods or services for which a trade mark is registered in Turkey, or in respect of similar goods or closely related services, against the wishes of the registered proprietor of the trade mark; or
(1.3.a.ii) The use deceives or confuses others in relation to goods or services in respect of which an unregistered trade mark or service mark has become distinctive of the goods or services of a third party complainant, and in which the third party complainant has established a sufficient reputation in Turkey, against the wishes of the third party complainant; or
(1.3.a.iii) The use trades on or passes-off a .NOWRUZ Domain name or a website or other content or services accessed through resolution of a .NOWRUZ Domain as being the same as or endorsed, authorized, associated or affiliated with the established business, name or reputation of another; or
(1.3.a.iv) The use constitutes intentionally misleading or deceptive conduct in breach of AGITSys policy, or the laws of Turkey; or
(1.3.b) The .NOWRUZ Domain name has been used in bad faith, including without limitation the following:
(1.3.b.i) The User has used the .NOWRUZ Domain name primarily for the purpose of unlawfully disrupting the business or activities of another person; or
(1.3.b.ii) By using the .NOWRUZ Domain name, the User has intentionally created a likelihood of confusion with respect to the third party complainant’s intellectual or industrial property rights and the source, sponsorship, affiliation, or endorsement of website(s), email, or other online locations or services or of a product or service available on or through resolution of a .NOWRUZ Domain name;
(1.3.b.iii) For the purpose of selling, renting or otherwise transferring the Domain name to an entity or to a commercial competitor of an entity, for valuable consideration in excess of a User’s documented out-of-pocket costs directly associated with acquiring the Domain Name;
(1.3.b.iv) As a blocking registration against a name or mark in which a third party has superior intellectual or industrial property rights.
(1.4) A .NOWRUZ Domain name registration which is part of a pattern of registrations where the User has registered domain names which correspond to well-known names or trademarks in which the User has no apparent rights, and the .NOWRUZ Domain name is part of that pattern;
(1.5) The .NOWRUZ Domain name was registered arising out of a relationship between two parties, and it was mutually agreed, as evidenced in writing, that the Registrant would be an entity other than that currently in the register.
(1.6) Unlawful communication, publication or distribution of registered and unregistered know-how, confidential information and trade secrets.
(1.7) Publication or distribution of content which, in the opinion of the AGITSys:
(1.7.a) is capable of disruption of systems in use by other Internet users or service providers (e.g. viruses or malware);
(1.7.b) seeks or apparently seeks authentication or login details used by operators of other Internet sites (e.g. phishing); or
(1.7.c) may mislead or deceive visitors to the site that the site has an affiliation with the operator of another Internet site (e.g. phishing).
(1.8) Communication, publication or distribution, either directly or by way of embedded links, of images or materials (including, but not limited to pornographic material and images or materials that a reasonable person as a member of the community of Turkey would consider to be obscene or indecent) where such communication, publication or distribution is prohibited by or constitutes an offence under the laws of Turkey, whether incorporated directly into or linked from a web site, email, posting to a news group, internet forum, instant messaging notice which makes use of domain name resolution services in the .NOWRUZ TLD.
Material that a reasonable member of the community of Turkey would consider pornographic, indecent, and⁄or obscene or which is otherwise prohibited includes, by way of example and without limitation, real or manipulated images depicting child pornography, bestiality, excessively violent or sexually violent material, sexual activity, and material containing detailed instructions regarding how to commit a crime, an act of violence, or how to prepare and⁄or use illegal drugs
(1.9) Communication, publication or distribution of defamatory material or material that constitutes racial vilification.
(1.10) Communication, publication or distribution of material that constitutes an illegal threat or encourages conduct that may constitute a criminal offence.
(1.11) Communication, publication or distribution of material that is in contempt of the orders of a court or another authoritative government actor within Turkey.
(1.12) Use, communication, publication or distribution of software, technical information or other data that violates Turkey’s export control laws.
(1.13) Use, communication, publication or distribution of confidential or personal information or data including confidential or personal information about persons that collected without their knowledge or consent.
2. ELECTRONIC MAIL
2.1 AGITSys expressly prohibits Users of the AGITSys Network from engaging in the following activities:
(1.1) Communicating, transmitting or sending unsolicited bulk e-mail messages or other electronic communications (ʺjunk mailʺ or ʺSpamʺ) of any kind including, but not limited to, unsolicited commercial advertising, informational announcements, and political or religious tracts. Such messages or material may be sent only to those who have expressly requested it. If a recipient asks a User to stop sending such e-mails, then any further e-mail messages or other electronic communications would in such event constitute Spam and violate the provisions and requirements of this AUP.
(1.2) Communicating, transmitting or sending any material by e-mail or otherwise that harasses, or has the effect of harassing, another person or that threatens or encourages bodily harm or destruction of property including, but not limited to, malicious e-mail and flooding a User, site, or server with very large or numerous pieces of e-mail or illegitimate service requests.
(1.3) Communicating, transmitting, sending, creating, or forwarding fraudulent offers to sell or buy products, unsolicited offers of employment, messages about ʺMake-Money Fastʺ, ʺPyramidʺ or ʺPonziʺ type schemes or similar schemes, and ʺchain lettersʺ whether or not the recipient wishes to receive such messages.
(1.4) Adding, removing, modifying or forging AGITSys Network or other network header information with the effect of misleading or deceiving another person or attempting to impersonate another person by using forged headers or other identifying information (ʺSpoofingʺ).
(1.5) Causing or permitting the advertisement of a .NOWRUZ Domain name in an unsolicited email communication.
3. DISRUPTION OF AGITSys NETWORK
3.1 No-one may use the AGITSys Network or a .NOWRUZ Domain name for the purpose of:
(1.1) Restricting or inhibiting any person in their use or enjoyment of the AGITSys Network or a .NOWRUZ Domain name or any service or product of AGITSys.
(1.2) Actually or purportedly reselling AGITSys services and products without the prior written consent of AGITSys.
(1.3) Transmitting any communications or activity, which may involve deceptive marketing practices such as the fraudulent offering of products, items, or services to any other party.
(1.4) Providing false or misleading information to AGITSys or to any other party through the AGITSys Network.
(1.5) Facilitating or aiding the transmission of confidential information, private, or stolen data such as credit card information (without the owner’s or cardholderʹs consent).
4. NETWORK INTEGRITY AND SECURITY
4.1 Users are prohibited from circumventing or attempting to circumvent the security of any host, network or accounts (ʺcrackingʺ or ʺhackingʺ) on, related to, or accessed through the AGITSys Network. This includes, but is not limited to:
(1.1) accessing data not intended for such user;
(1.2) logging into a server or account which such user is not expressly authorized to access;
(1.3) using, attempting to use, or attempting to ascertain a username or password without the express written consent of the operator of the service in relation to which the username or password is intended to function;
(1.4) probing the security of other networks;
(1.5) executing any form of network monitoring which is likely to intercept data not intended for such user.
4.2 Users are prohibited from effecting any network security breach or disruption of any Internet communications including, but not limited to:
(2.1) accessing data of which such User is not an intended recipient; or
(2.2) logging onto a server or account, which such User is not expressly authorized to access.
For the purposes of this section 4.2, ʺdisruptionʺ includes, but is not limited to:
port scans, TCP⁄UDP floods, packet spoofing;
forged routing information;
deliberate attempts to overload or disrupt a service or host;
using the AGITSys Network in connection with the use of any program, script, command, or sending messages with the intention or likelihood of interfering with another userʹs terminal session by any means, locally or by the Internet.
4.3 Users who compromise or disrupt AGITSys Network systems or security may incur criminal or civil liability. AGITSys will investigate any such incidents and will cooperate with law enforcement agencies if a crime is suspected to have taken place.
5. NON-EXCLUSIVE, NON-EXHAUSTIVE
This AUP is intended to provide guidance as to what constitutes acceptable use of the AGITSys Network and of .NOWRUZ Domain names. However, the AUP is neither exhaustive nor exclusive.
6. COMPLAINTS
Persons who wish to notify AGITSys of abusive conduct in violation of this AUP may report the same pursuant to the AGITSys Acceptable Use Policy Enforcement Procedure, which is instituted by submitting to AGITSys a completed AGITSys Acceptable Use Policy Violation Complaint Form.
7. ENFORCEMENT
AGITSys may, in its sole discretion, suspend or terminate a Userʹs service for violation of any of the requirements or provisions of the AUP on receipt of a complaint if AGITSys believes:
(1.1.a) a violation of the AUP has or may have occurred; or
(1.1.b) suspension and⁄or termination may be in the public interest.
AGITSys may delegate its right to take any action to an Internet security agency or may act upon any report from an Internet security agency without prior notification to the User.
If AGITSys elects not to take immediate action, AGITSys may require Registrants and a complainant to utilise the AUP Complaint Resolution Service and Policy to ensure compliance with this AUP and remedy any violation or suspected violation within a reasonable time prior to suspension or terminating service.
8. LIMITATION OF LIABILITY
In no event shall AGITSys be liable to any User of the AGITSys Network, any customer, nor any third party for any direct, indirect, special or consequential damages for actions taken pursuant to this AUP, including, but not limited to, any lost profits, business interruption, loss of programs or other data, or otherwise, even if AGITSys was advised of the possibility of such damages. AGITSys’s liability for any breach of a condition or warranty implied by the Registrant Agreement or this AUP shall be limited to the maximum extent possible to one of the following (as AGITSys may determine):
(i) supplying the services again; or
(ii) paying the cost of having the services supplied again.
9. REMOVAL OF CONTENT RESPONSIBILITY
At its sole discretion, AGITSys reserves the right to:
(i) Remove or alter content, zone file data or other material from its servers provided by any person that violates the provisions or requirements of this AUP;
(ii) re-delegate, redirect or otherwise divert traffic intended for any service;
(iii) notify operators of Internet security monitoring, virus scanning services and⁄or law enforcement authorities of any apparent breach of this AUP or .NOWRUZ TLD Policies; and⁄or
(iv) terminate access to the AGITSys Network by any person that AGITSys determines has violated the provisions or requirements of this AUP.
In any regard, AGITSys is not responsible for the content or message of any newsgroup posting, e-mail message, or web site regardless of whether access to such content or message was facilitated by the AGITSys Network. AGITSys does not have any duty to take any action with respect to such content or message by creating this AUP, and Users of the AGITSys Network are obliged and required to ensure that their use of a .NOWRUZ Domain name or the AGITSys Network is at all times in accordance with the requirements of this AUP and any applicable laws and⁄or regulation.

28.5 CoCCA CRS - Policies and Procedures

1. Statement of Purpose

1.1. This Complaint Resolution Service (ʺCRSʺ) provides a transparent, efficient and cost effective way for the public, law enforcement, regulatory bodies and intellectual property owners to have their concerns addressed regarding use of a TLD Managers network or services.

1.2. The Service provides a single framework in which cyber-crime, accessibility of prohibited Internet content via a memberʺs network or services and abuse of intellectual property rights are addressed. The framework relies on three tiers of review: immediate action to protect the public interest, amicable complaint resolution lead by an independent Ombudsman, and where applicable, adjudication by an Expert. The CRS provides an efficient and swift alternative to the Courts.

This document should be read in conjunction with the Acceptable Use Policy (ʺAUPʺ) applicable to the domain ⁄ TLD you are considering lodging a complaint against. If after having reviewed the applicable AUP Policy it is determined a violation has occurred, a complaint may be lodged by completing the CoCCA CRS Complaint form.

NOTE: IF YOU DO NOT LODGE THE SIGNED COMPLAINT FORM THAT FOLLOWS BELLOW ON PAGES 8- 13 OF THIS DOCUMENT, YOUR COMPLAINT WILL NOT BE REVIEWED.

Complaints will be reviewed in accordance with the following Steps:

Step One | Confirmation ⁄ Communication

A CoCCA Complaints Officer (ʺCCOʺ) will review all formally lodged complaints for compliance with the CRS and the applicable AUP. If the CCO considers that the Complaint does not address the matter covered by the AUP, or is unsigned or otherwise violates this Procedure, theComplainant will be promptly notified of the deficiencies identified.

The Complainant shall have five (5) Days from the receipt of notification within which to correct the deficiencies and return the Complaint, failing which the CCO will deem the Complaint to bewithdrawn. This will not prevent the Complainant from submitting a different Complaint.

On receipt of the Complaint the CCO will lock domain and associated records until a period of ten (10) Days after the COO and Parties are notified of a Decision by the Ombudsman or and Expert, at which time the domain name may be unlocked.

Step Two | Immediate Review of Request for Suspension in the Public Interest

On receipt of a properly lodged Complaint, the CCO will initiate a review. When specifically requested by the Complainant the CCO may initiate a Critical Issue Suspension (ʺCISʺ).

A request for a CIS may be granted in cases where there is a compelling and demonstrable threat to the stability of the Internet, critical infrastructure or public safety. A ʺcritical issue suspensionʺ does not terminate the registrantʺs rights or their domain license; it simply modifies the NS records in the zone temporarily disabling resolution. All suspensions under the CRS, including a CIS, may be appealed to the Ombudsmanʺs office for amicable resolution, an
Expert Panelist for binding arbitration or a court of competent jurisdiction.

Where the CCO has triggered a CIS, notice will be sent to the Registrant, Administrative Contact, Registrar and Ombudsman within 24 hours of triggering the CIS.

Step Three | Formal Notification

The CCO will send a copy of the Complaint to the Respondent (normally the Registrant and⁄or Administrative Contact) and the TLD Sponsors designated contact with an explanatory note within 5 days by:

a) Sending the Complaint by post, fax or e-mail to the Respondent at the contact details shown as the Registrant or any other contacts in the TLD Register for the Domain Name that is the subject of the Complaint.

b) The CCO may also, at their discretion send the complaint to any addresses provided to the CCO by the Complainant so far as this is practicable.

c) Except as set forth otherwise, all written communication to a Party or a partyʺs representative under the Policy or this Procedure shallbe made by fax, post or e-mail.

d) Communication shall be made in English, E-mail communications (other than attachments) should be sent in plain text or PDF format so far as this is practicable.

During the course of the proceedings under the CRS, if either Party wishes to change its contact details it must notify the CCO of all changes. However, no change shall be made in the Registrant Information for the Domain Name without mutual agreement of the parties or unless a settlement is reached. Except as otherwise provided in this Procedure or as otherwise decided by the CCO or if appointed, the Expert, all communications provided for under this procedure shall be deemed to have been received:

a) if sent by courier, when singed for by the recipient;
b) if sent via the Internet, on the date that the communication was transmitted

Unless otherwise provided in this Procedure, the time periods provided for under the Policy and this Procedure shall be calculated based on the time zone of the CCO.

Any communication between:

a) the CCO and any Party shall be copied by the CCO to the other Party and if appointed, the Ombudsman or Expert;

b) a Party to another Party shall be copied by the sender to the CCO. The CCO will copy such correspondence to the Ombudsman or Expert, if appointed.

Commencement of Complaint Resolution Service proceedings

The CCO will promptly notify the Parties by email of the date of the Commencement of Complaint Resolution Service proceedings. The date
and time of transmission of such email in the time zone of the CCO according to the email header generated by the CCOʺs transmitting emails system will be the date of Commencement of CRS proceedings.

The Response

Within fifteen (15) Days of the date of Commencement of Complaint Resolution Service proceedings, the Respondent may submit a Response.

The Respondent must send the Response to the CCO signed in electronic form at the addresses set out in the explanatory coversheet. In determining whether a Response was submitted in a timely manner, the date and time of receipt (as determined by the CCOʺs receiving email server) shall be considered by the CCO as the date and time of submission, provided that such email i) contains a scanned copy of documents which include signatures, ii) contains all attachments, iii) is of a form and format which may be opened by the CCO. The Response shall:

a) include any grounds that the Respondent wishes to rely upon to rebut the Complainantʺs assertions;

b) specify whether the Respondent wishes to be contacted directly or through an authorized representative, and set out the e-mail address, telephone number, fax number, and postal address which should be used in communications with the Respondent;

c) disclose to the CCO whether any legal proceedings have been commenced or terminated in connection with the Domain Name(s) which is the subject of the Complaint;

d) conclude with the following statement followed by the signature of the Respondent or its authorized representative:

ʺThe information contained in the response is to the best of the respondentʺs knowledge true and complete and the matters stated in this response comply with the Policy and Procedure and applicable law.ʺ

Within (3) Days following the receipt of a signed copy of the Response, the CCO will forward the Response to the Complainant. If the Respondent does not submit a Response, the Domain will be suspended 15 days after the CRS proceedings commence.

Reply by the Complainant

Within five (5) Days of receiving the Respondentʺs Response from the CCO, the Complainant may submit a Reply to the Respondentʺs Response, which shall not exceed 2000 words (not including annexes). The Reply should be confined to answering any new points raised in the Response not previously dealt with in the Complaint.

Step Four | Amicable Complaint Resolution | Ombudsman

No Amicable Complaint Resolution (ʺACRʺ) will occur if the Respondent does not file a Response. Within three (3) Days of the receipt of the Complainantʺs Reply (or the expiry of the deadline to do so), the CCO will arrange with the Ombudsmanʺs office for Amicable Complaint Resolution to be conducted. ACR will be conducted in a manner that the Ombudsman, at his or her sole discretion, considers appropriate.

Negotiations conducted between the Parties during ACR (including any information obtained from or in connection to negotiations) shall be confidential as between the Parties. Any such information will not be shown to an Expert, should one latter be appointed. Neither the Ombudsman nor any Party may reveal details of such negotiations to any third parties unless a decision-making body of competent jurisdiction orders disclosure. Neither Party shall use any information gained during mediation for any ulterior or collateral purpose or include it in any submission likely to be seen by any court or decision-making body of competent jurisdiction or an arbitral tribunal of competent jurisdiction in this Complaint or any later Complaint or litigation.

If the Parties reach a settlement during the ACR, then the existence, nature and terms of the settlement shall be confidential as between the Parties unless the Parties specifically agree otherwise, a court or decision-making body of competent jurisdiction orders otherwise, or applicable laws or regulations require it.

No binding verbal agreements can be reached as part of the ACR: any
settlement reached by the Parties must be in writing to be
enforceable.

If the Parties did not achieve an acceptable resolution through ACR within ten (10) Days, the Ombudsman will send notice to the Parties that the Complainant has the option to request appointment of an Expert. The Complainant will have ten (10) Days upon receipt of the notice from the Ombudsman to pay the applicable fees to CoCCA if he or she wants to move forward with binding arbitration by an Expert.

Step Five | Appointment of the Expert and Timing of Decision (Optional)

If the Ombudsman does not receive the Complainantʺs request to refer the matter to an Expert together with the applicable fees within ten (10) Days, the Complaint will be deemed to have been withdrawn. This will not prevent the Complainant submitting a different Complaint.

Within five (5) Days of the receipt of the applicable fees from the Complainant, the Ombudsman will appoint an Expert on a rotational basis from a list of Experts. An Expert may only be a person named in the CoCCA list of Experts, which the Ombudsman will maintain and publish along with the Expertsʺ qualifications. No Expertʺs appointment will be challenged on the grounds that they are insufficiently qualified. Once the Expert has been appointed, the
Parties will be notified of the name of the Expert appointed and the date by which the Expert will forward, except in the case of exceptional circumstances, his or her decision to the CCO and copy the Ombudsman.

The Expert shall be both impartial and independent before accepting the appointment. During the proceedings the Expert will disclose to the Ombudsman any circumstances giving rise to the justifiable doubt as to their impartiality or independence. The Ombudsman will have the discretion to appoint a substitute Expert if necessary, in which case the timetable will be adjusted accordingly.

In addition to the Complaint, and if applicable the Response, the Reply, any appeal notice and appeal notice response, the Expert may request further statements or documents from the Parties. However, the Expert will not be obliged to consider any statements or documents from the Parties which he or she has not received according to the Policy or this Procedure or which he or she has not requested. The Expert may request a further statement that will be limited to a defined topic but will not be obliged to consider any material beyond that requested.

Step Six | Expert Decision

The Expert will decide a Complaint on the basis of the Policy, the Procedure and the submissions made by the Party. If, in the absence of exceptional circumstances, a Party does not comply with any provision in the Policy, Procedure or any request by the Ombudsman or the Expert, the Expert may draw such inferences from the Partyʺs non-compliance, as he or she deems appropriate.

Unless exceptional circumstances apply, an Expert shall forward his or her Decision to the Ombudsman within ten (10) Days of his or her appointment. The Decision shall be in writing and signed by the Expert. It will provide the reasons on which the decision is based, indicate the date on which it was made, the place the Decision was made and identify the name of the Expert. Within three (3) Days of the receipt of a Decision from the Expert, the Ombudsman will communicate the full text of the Decision to each Party via email with the date for the implementation of the Decision in accordance with the Policy.

Effect of Court Proceedings

If, before or during the course of proceedings under the Complaint Resolution Service, the Ombudsman is made aware that legal proceedings have begun in or before an applicable court or decision-making body of competent jurisdiction or an arbitral tribunal of competent jurisdiction, and that such legal proceedings relate to a Domain Name which is the subject of a Complaint, he or she will suspend the Complaint Resolution Service proceedings pending the outcome of the
legal proceedings.

A Party must promptly notify the Ombudsman if it initiates or becomes aware of legal proceedings in a court or decision-making body of competent jurisdiction, or arbitral tribunal of competent jurisdiction relating to a Domain Name that is the subject of a Complaint under the proceedings of the Complaint Resolution Service.

Either party may request, before or during the Complaint Resolution Service Proceedings, an interim measure of protection from a court.

Expert Fees

The applicable fees in respect of the referral of proceedings under the Complaint Resolution Service to an Expert are (in United States Dollars), for Complaints involving 1-5 Domain Names and only one Complainant, $2500 plus applicable taxes, such as goods and services taxes (ʺGSTʺ). For Complaints involving 6 or more Domain Names, and ⁄ or more than one Complainant, the Ombudsman will set a fee in consultation with the Complainant. Fees are calculated on a cost-recovery basis, and are passed on in their entirety to the
Expert(s). CoCCA does not charge for its mediation or administration services in respect of the Complaint Resolution Service.

Exclusion of Liability

Neither CoCCA nor its councilors, officers, members, employees or servants nor any Expert, Mediator or any employee of any Expert or Mediator shall be liable to a Party for anything done or omitted, whether negligently or otherwise, in connection with any proceedings under the Complaint Resolution Service unless the act or omission is shown to have been in bad faith.