Back

28 Abuse Prevention and Mitigation

gTLDFull Legal NameE-mail suffixDetail
.联通China United Network Communications Corporation Limitedchinaunicom.cnView
28.1 ABUSE PREVENTION AND MITIGATION

Strong abuse prevention of a new gTLD is an important benefit to the internet community. .联通, China Unicom and China Unicomʹs back-end registry services provider, Neustar Inc (Neustar), agree that a registry must not only aim for the highest standards of technical and operational competence, but also needs to act as a steward of the space on behalf of the Internet community and ICANN in promoting the public interest. Neustar brings extensive experience establishing and implementing registration policies. This experience will be leveraged to help China Unicom combat abusive and malicious domain activity within the new gTLD space.

As stated in response to Question 18, China Unicom’s registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. China Unicom will implement its draft registration policy as means of abuse prevention and mitigation ** (see end of document).

One of those public interest functions for a responsible domain name registry includes working towards the eradication of abusive domain name registrations, including, but not limited to, those resulting from:

- Illegal or fraudulent actions

- Spam

- Phishing

- Pharming

- Distribution of malware

- Fast flux hosting

- Botnets

- Distribution of child pornography

- Online sale or distribution of illegal pharmaceuticals.

More specifically, although traditionally botnets have used Internet Relay Chat (IRC) servers to control registry and the compromised PCs, or bots, for DDoS attacks and the theft of personal information, an increasingly popular technique, known as fast-flux DNS, allows botnets to use a multitude of servers to hide a key host or to create a highly-available control network. This ability to shift the attacker’s infrastructure over a multitude of servers in various countries creates an obstacle for law enforcement and security researchers to mitigate the effects of these botnets. But a point of weakness in this scheme is its dependence on DNS for its translation services. By taking an active role in researching and monitoring these sorts of botnets, China Unicom’s partner, Neustar, has developed the ability to efficiently work with various law enforcement and security communities to begin a new phase of mitigation of these types of threats.



POLICIES AND PROCEDURES TO MINIMIZE ABUSIVE REGISTRATIONS

A Registry must have the policies, resources, personnel, and expertise in place to combat such abusive DNS practices. As China Unicomʹs registry provider, Neustar is at the forefront of the prevention of such abusive practices and is one of the few registry operators to have actually developed and implemented an active “domain takedown” policy. We also believe that a strong program is essential given that registrants have a reasonable expectation that they are in control of the data associated with their domains, especially its presence in the DNS zone. Because domain names are sometimes used as a mechanism to enable various illegitimate activities on the Internet often the best preventative measure to thwart these attacks is to remove the names completely from the DNS before they can impart harm, not only to the domain name registrant, but also to millions of unsuspecting Internet users.

Removing the domain name from the zone has the effect of shutting down all activity associated with the domain name, including the use of all websites and e-mail. The use of this technique should not be entered into lightly. The China Unicom Registry will include the necessary action of removing a domain from the zone when its presence in the zone poses a threat to the security and stability of the infrastructure of the Internet or the registry.



ABUSE POINT OF CONTACT

As required by the Registry Agreement, China Unicom will establish and publish on its website a single abuse point of contact responsible for addressing inquiries from law enforcement and the public related to malicious and abusive conduct. China Unicom will also provide such information to ICANN prior to the delegation of any domain names in the TLD. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of malicious conduct complaints, and a telephone number and mailing address for the primary contact. We will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made. In addition, with respect to inquiries from ICANN-Accredited registrars, our registry services provider, Neustar, shall have an additional point of contact, as it does today, handling requests by registrars related to abusive domain name practices.



28.2 POLICIES REGARDING ABUSE COMPLAINTS

One of the key policies each new gTLD registry will need to have is an Acceptable Use Policy that clearly delineates the types of activities that constitute “abuse” and the repercussions associated with an abusive domain name registration. In addition, the policy will be incorporated into the applicable Registry-Registrar Agreement and reserve the right for the registry to take the appropriate actions based on the type of abuse. This will include locking down the domain name preventing any changes to the contact and nameserver information associated with the domain name, placing the domain name “on hold” rendering the domain name non-resolvable, transferring to the domain name to another registrar, and⁄or in cases in which the domain name is associated with an existing law enforcement investigation, substituting name servers to collect information about the DNS queries to assist the investigation.

China Unicom will adopt an Acceptable Use Policy that clearly defines the types of activities that will not be permitted in the TLD and reserves the right of the Applicant to lock, cancel, transfer or otherwise suspend or take down domain names violating the Acceptable Use Policy and allow the Registry where and when appropriate to share information with law enforcement. Each ICANN-Accredited Registrar must agree to pass through the Acceptable Use Policy to its resellers (if applicable) and ultimately to the TLD registrants. Below is the Registry’s initial Acceptable Use Policy that we will use in connection with the China Unicom.



.联通 REGISTRYʹS ACCEPTABLE USE POLICY

This Acceptable Use Policy gives the Registry the ability to quickly lock, cancel, transfer or take ownership of any .联通 domain name, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its registrar partners – and⁄or that may put the safety and security of any registrant or user at risk. The process also allows the Registry to take preventive measures to avoid any such criminal or security threats.

The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring by the Registry or its partners. In all cases, the Registry or its designees will alert Registry’s registrar partners about any identified threats, and will work closely with them to bring offending sites into compliance.

The following are some (but not all) activities that may be subject to rapid domain compliance:

- Phishing: the attempt to acquire personally identifiable information by masquerading as a website other than China Unicom.

- Pharming: the redirection of Internet users to websites other than those the user intends to visit, usually through unauthorized changes to the Hosts file on a victim’s computer or DNS records in DNS servers.

- Dissemination of Malware: the intentional creation and distribution of ʺmaliciousʺ software designed to infiltrate a computer system without the owner’s consent, including, without limitation, computer viruses, worms, key loggers, and Trojans.

- Fast Flux Hosting: a technique used to shelter Phishing, Pharming and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP address associated with fraudulent websites are changed rapidly so as to make the true location of the sites difficult to find.

- Botnetting: the development and use of a command, agent, motor, service, or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, (2) to generate direct denial of service (DDOS) attacks.

- Malicious Hacking: the attempt to gain unauthorized access (or exceed the level of authorized access) to a computer, information system, user account or profile, database, or security system.

- Child Pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

The .联通 Registry reserves the right, in its sole discretion, to take any administrative and operational actions necessary, including the use of computer forensics and information security technological services, among other things, in order to implement the Acceptable Use Policy. In addition, the Registry reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Registry as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by the Registry or any Registrar in connection with a domain name registration. Registry also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.



TAKING ACTION AGAINST ABUSIVE AND⁄OR MALICIOUS ACTIVITY

The Registry is committed to ensuring that those domain names associated with abuse or malicious conduct in violation of the Acceptable Use Policy are dealt with in a timely and decisive manner. These include taking action against those domain names that are being used to threaten the stability and security of the China Unicom registry, or is part of a real-time investigation by law enforcement.

Once a complaint is received from a trusted source, third-party, or detected by the Registry, the Registry will use commercially reasonable efforts to verify the information in the complaint. If that information can be verified to the best of the ability of the Registry, the sponsoring registrar will be notified and be given 12 hours to investigate the activity and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the Registry to keep the name in the zone. If the registrar has not taken the requested action after the 12-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry will place the domain on “ServerHold”. Although this action removes the domain name from the TLD zone, the domain name record still appears in the TLD WHOIS database so that the name and entities can be investigated by law enforcement should they desire to get involved.



COORDINATION WITH LAW ENFORCEMENT

With the assistance of Neustar as its back-end registry services provider, China Unicom can meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. The Registry will respond to legitimate law enforcement inquiries within one business day from receiving the request. Such response shall include, at a minimum, an acknowledgement of receipt of the request, Questions or comments concerning the request, and an outline of the next steps to be taken by China Unicom for rapid resolution of the request.

In the event such request involves any of the activities which can be validated by the Registry and involves the type of activity set forth in the Acceptable Use Policy, the sponsoring registrar is then given 12 hours to investigate the activity further and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the registry to keep the name in the zone. If the registrar has not taken the requested action after the 12-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry will place the domain on “serverHold”.




28.3 MEASURES FOR REMOVAL OF ORPHAN GLUE RECORDS

As the Security and Stability Advisory Committee of ICANN (SSAC) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the “dominant use of orphaned glue supports the correct and ordinary operation of the DNS.” See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.

While orphan glue often support correct and ordinary operation of the DNS, we understand that such glue records can be used maliciously to point to name servers that host domains used in illegal phishing, bot-nets, malware, and other abusive behaviors. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in DNS. Therefore, when the Registry has written evidence of actual abuse of orphaned glue, the Registry will take action to remove those records from the zone to mitigate such malicious conduct.

Neustar run a daily audit of entries in its DNS systems and compares those with its provisioning system. This serves as an umbrella protection to make sure that items in the DNS zone are valid. Any DNS record that shows up in the DNS zone but not in the provisioning system will be flagged for investigation and removed if necessary. This daily DNS audit serves to not only prevent orphaned hosts but also other records that should not be in the zone.


In addition, if either China Unicom or Neustar become aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.




28.4 MEASURES TO PROMOTE WHOIS ACCURACY


China Unicom acknowledges that ICANN has developed a number of mechanisms over the past decade that are intended to address the issue of inaccurate WHOIS information. Such measures alone have not proven to be sufficient and China Unicom will offer a mechanism whereby third parties can submit complaints directly to the Applicant (as opposed to ICANN or the sponsoring Registrar) about inaccurate or incomplete WHOIS data. Such information shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their registrants. Thirty days after forwarding the complaint to the registrar, China Unicom will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.


In addition, China Unicom shall on its own initiative, no less than twice per year, perform a manual review of a random sampling of China Unicom domain names to test the accuracy of the WHOIS information. Although this will not include verifying the actual information in the WHOIS record, China Unicom will be examining the WHOIS data for prima facie evidence of inaccuracies. In the event that such evidence exists, it shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their registrants. Thirty days after forwarding the complaint to the registrar, the Applicant will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, China Unicom reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.



28.4.1 AUTHENTICATION OF REGISTRANT INFORMATION

Authentication of registrant information as complete and accurate at time of registration. Measures to accomplish this could include performing background checks, verifying all contact information of principals mentioned in registration data, reviewing proof of establishment documentation, and other means.



28.4.2 MONITORING OF REGISTRATION DATA

Regular monitoring of registration data for accuracy and completeness, employing authentication methods, and establishing policies and procedures to address domain names with inaccurate or incomplete WHOIS data.



28.4.3 POLICIES AND PROCEDURES ENSURING COMPLIANCE

If relying on registrars to enforce measures, establishing policies and procedures to ensure compliance, which may include audits, financial incentives, penalties, or other means. Note that the requirements of the RAA will continue to apply to all ICANN-accredited registrars.



28.5 RESOURCING PLANS

Responsibility for abuse mitigation rests with a variety of functional groups.  The Abuse Monitoring team is primarily responsible for providing analysis and conducting investigations of reports of abuse.  The customer service team also plays an important role in assisting with the investigations, responded to customers, and notifying registrars of abusive domains.  Finally, the Policy⁄Legal team is responsible for developing the relevant policies and procedures. 
The necessary resources will be pulled from the pool of available resources described in detail in the response to Question 31. The following resources are available from those teams:

- Customer Support – 12 employees

- Policy⁄Legal – 2 employees


The resources are more than adequate to support the abuse mitigation procedures of the .联通 registry. 


** .联通’S DRAFT REGISTRATION POLICY



1. DOMAIN NAME LICENCES

Upon registration of a Domain Name, the Registrant holds a licence to use the Domain Name for a specified period of time in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.



2. SELECTION OF REGISTRARS

Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with clause 2.9 (a) of the Registry Agreement):

(i) be an accredited ICANN Registrar;

(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;

(iii) have experience of managing the Domain Names of major corporations;

(iv) have proven tools for domain name portfolio management;

(v) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of .联通;

(vi) demonstrate a sufficient level of security to protect against unauthorised access to the Domain Name records;

(vii) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;

(viii) provide multi-language support for the registration of IDNs;

(ix) comply with any re-validation of its Registry-Registrar agreement at such regular intervals as are determined by the Registry or as required by ICANN from time to time;

(x) meet applicable technical requirements of .联通; and

(xi) comply with all conditions, dependencies, policies and other requirements reasonably imposed by China Unicom, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.



3. ELIGIBLE REGISTRANTS

The Registrant must be:

(i) an Affiliate entity of China Unicom; or

(ii) an organisation explicitly authorised by China Unicom; or

(iii) a natural person explicitly authorised by China Unicom.

If the Registrant does not meet one of the above eligibility criteria, there is no entitlement to register a Domain Name under the .联通 TLD. If the Registrant ceases to be eligible at any time in the future, the .联通 Registry may cancel or suspend the licence to use the Domain Name immediately.



4. REGISTRY APPROVAL REQUIREMENT

Registration of Domain Names under the .联通 TLD must be approved by China Unicom in addition to meeting all requirements under the Registry Rules. China Unicom’s approval for a complete and validly submitted application will be authorised by:

(i) a head of appropriate department as nominated by China Unicom (“Authorisation Provider”); or

(ii) an authorised person as nominated by China Unicom (“Authorised Person”) and notified to the Registrar from time to time.

The Authorisation Provider will notify the Registrar of its decision.



5. REQUIRED CRITERIA FOR DOMAIN NAME REGISTRATION

An application for Domain Name registration must meet all the following criteria:

(i) availability;

a. the Domain Name is not already registered;

b. it is not reserved or blocked by the .联通 Registry; or

c. it meets all .联通 Registry’s technical requirements.

(ii) technical requirements;

a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);

b. use of characters selected from the list of supported characters as nominated by the .联通 Registry; and

c. any additional technical requirements as required by the .联通 Registry from time to time.

(iii) the Domain Name must be consistent with the mission and purposes of the .联通 TLD and consistent with the Domain Name registration policy of .联通, and include but not be limited to:

a. product name;

b. service name;

c. marketing term;

d. geographic identifier; or

e. any relevant name or term as approved by Authorisation Provider or Authorised Person.

(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.




6. OBLIGATION OF REGISTRANTS

The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.

The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.

The Registrant must represent and warrant that:

(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;

(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;

(iii) it is entitled to register the Domain Name;

(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;

(v) if the use of registered Domain Name is licensed to a third party,

a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and

b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.

(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and

(vii) it has appropriate consent and licences to allow for publication of registration data in the WHOIS database.




7. REGISTRANT CONTACT INFORMATION

The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;

(i) if the Registrant is a company or organisation:

a. name of a company or organisation;

b. registered office and principal place of business; and

c. contact details of the Registrant including e-mail address and telephone number;

(ii) if the Registrant is a natural person:

a. full name of the Registrant;

b. address of the Registrant; and

c. contact details of the Registrant including e-mail address and telephone number.


All Registrant contact information must be complete and accurate. Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.




8. REVOCATION OF DOMAIN NAMES

The Registrant acknowledges that the .联通 Registry may revoke a Domain Name immediately at its sole discretion:

(i) in the event the Registrant breaches any .联通 Registry Rules;

(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;

(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):

a. spamming;

b. intellectual property and privacy violations;

c. obscene speech or materials;

d. defamatory or abusive language;

e. forging headers, return addresses and internet protocol addresses;

f. illegal or unauthorised access to other computers or networks;

g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and

h. any other illegal or prohibited activities as determined by the .联通 Registry.

(iv) in order to protect the integrity and stability of the domain name system and the .联通 Registry;

(v) where such Domain Name is placed under reserved names list at any time; and

(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services.



9. USE OF SECOND OR THIRD LEVEL IDNs

In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:

(i) comply with any additional registration policy on IDNs for each language;

(ii) meet all technical requirement for the applicable IDN;

(iii) comply with the IDN tables used by the .联通 Registry as amended from time to time; and

(iv) meet any other additional technical requirements as required by the .联通 Registry.




10. USE OF GEOGRAPHIC NAMES

All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.

Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with China Unicom’s response to Question 22 Geographic Names.




11. RESERVED NAMES

The .联通 Registry may place certain names in its reserved list from time to time where:

(i) the .联通 Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the .联通 Registry;

(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;

(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the TLD; or

(iv) the .联通 Registry in its sole discretion decides certain names to be reserved for any reason.




12. ALLOCATION OF DOMAIN NAME

The .联通 Registry will register Domain Names on a first-come, first-served basis in accordance with the .联通 Registry Rules. The .联通 Registry does not provide pre-registration or reservation of Domain Names.




13. LIMITATION ON REGISTRATION ⁄ DOMAIN NAME LICENCES


There is no restriction on the number of Domain Names any Registrant may hold. The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the .联通 Registry Rules.



14. PROTECTION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS

The .联通 Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).




15. TERM OF REGISTRATION ⁄ RENEWAL

INITIAL TERM OF REGISTRATION:

A Domain Name can be registered for a period between one (1) to ten (10) years.


RENEWAL OF REGISTRATION:

(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.

(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of the registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.

(iii) The change of sponsorship of the registration of a Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.



CANCELLATION OF REGISTRATION:

The Registrant may cancel a Domain Name registration at any time by submitting its request in writing with the Registrar.



AUTO-RENEWAL:

Upon expiry of the Domain Name, the .联通 Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.

The .联通 Registry will implement the business rules for the renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.



16. TRANSFER OF DOMAIN NAMES BETWEEN REGISTRANTS

Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar. The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under the .联通 TLD. If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by the .联通 Registry to approve such transfer.



17. CHANGE OF REGISTRAR

If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the .联通 Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the .联通 Registry may suspend the Domain Name.

If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.



18. PRIVACY AND DATA PROTECTION

By registering a Domain Name, the registrant authorises the .联通 Registry to process personal information and other data required for the operation of the .联通 TLD. The .联通 Registry will only use the data for the operation of the .联通 Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.

The .联通 Registry may only transfer the data to third parties:

(i) with the Registrant’s consent;

(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or

(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.




19. WHOIS

The .联通 Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.

In order to prevent misuse of the WHOIS look up facility, the .联通 Registry requires that any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which will provide that:

(i) the WHOIS database is provided for information purposes only; and

(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.




20. PRICING ⁄ PAYMENT

The .联通 TLD does not charge a separate fee for the Registrar to register domain names, as the TLD is used only for the specified mission and purpose of .联通 TLD. China Unicom shall bear the cost of operating the .联通 Registry.

The .联通 Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.



21. DISPUTE RESOLUTION

The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.




22. COMPLIANCE WITH CONSENSUS AND TEMPORARY POLICIES

The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.



23. DEFINITIONS

Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:

(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or

(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or

(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.



Domain Name means a domain name registered directly under the .联通 TLD or for which a request or application for registration has been filed with the Registry;


ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).


Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;


Registry Agreement means the agreement between China Unicom and ICANN;


Registry Rules mean:

(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and

(ii) Registration policies provided and amended by the Registry from time to time.



Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name.



gTLDFull Legal NameE-mail suffixDetail
.williamhillWilliam Hill Organization Limitedwilliamhill.comView
28.1 Abuse Prevention and Mitigation

Strong abuse prevention of a new gTLD is an important benefit to the internet community. William Hill Organization Limited and its registry operator and back-end registry services provider, Neustar, agree that a registry must not only aim for the highest standards of technical and operational competence, but also needs to act as a steward of the space on behalf of the Internet community and ICANN in promoting the public interest. Neustar brings extensive experience establishing and implementing registration policies. This experience will be leveraged to help William Hill Organization Limited combat abusive and malicious domain activity within the new gTLD space.

As stated in response to Question 18, William Hill Organization Limitedʹs registration policy will address the minimum requirements mandated by ICANN including rights abuse prevention measures. William Hill Organization Limited will implement its draft registration policy as means of abuse prevention and mitigation ** (see end of document).

One of those public interest functions for a responsible registry includes working towards the eradication of abusive domain name registrations, including, but not limited to, those resulting from:
-illegal or fraudulent actions;
-spam;
-phishing;
-pharming; and
-distribution of malware;
-fast flux hosting;
-botnets;
-distribution of child pornography; and
-online sale or distribution of illegal pharmaceuticals.

More specifically, although traditionally botnets have used Internet Relay Chat (IRC) servers to control the Registry and the compromised PCs, or bots, for DDoS attacks and the theft of personal information, an increasingly popular technique, known as fast-flux DNS, allows botnets to use a multitude of servers to hide a key host or to create a highly-available control network. This ability to shift the attacker’s infrastructure over a multitude of servers in various countries creates an obstacle for law enforcement and security researchers to mitigate the effects of these botnets. A point of weakness in this scheme, however, is its dependence on DNS for its translation services. By taking an active role in researching and monitoring these sorts of botnets, William Hill Organization Limited, through its partner, Neustar, has developed the ability to work efficiently with various law enforcement and security communities to begin a new phase of mitigation of these types of threats.

Policies and Procedures to Minimize Abusive Registrations

By its very nature of being a restricted gTLD and one intended to benefit Internet users by ensuring increased trust, convenience and confidence through the elimination of user confusion and William Hill Organization Limited authenticity, the .williamhill gTLD will be a space designed to prevent abuse. As stated in response to Question 18, it is initially intended that the .williamhill gTLD will only have a limited number of domain names registered and will not be available to the general public.

Registrations at the initial stage will be limited solely to William Hill Organization Limited and its affiliated entities. Strict rules will be in place on the use that these entities may make of the domain names and they will have to all live up to the highest of corporate standards that are in place with respect to corporate domain name registrations in general. All domain name registrations shall be subject to immediate take down in the event that those corporate standards are violated.

To the extent that the use of the .williamhill gTLD expands and evolves, and William Hill Organization Limited decides to allow the registration of .williamhill, domain names to unaffiliated entities, William Hill Organization Limited recognizes that it must have the policies, resources, personnel, and expertise in place to combat abusive practices such abusive DNS practices. In fact, William Hill Organization Limited selected Neustar as its registry back-end services provider, because it recognizes that Neustar is at the forefront of the prevention of such as abusive practices and is one of the few operators of domain name registries to have actually developed and implemented an active “domain takedown” policy.

William Hill Organization Limited recognizes that the active abuse prevention policies that must be implemented in connection with the .williamhill gTLD stem from the notion that Registrants have a reasonable expectation that they are in control of the data associated with their domain names, especially its presence in the DNS zone. Because domain names are sometimes used as a mechanism to enable various illegitimate activities on the Internet, often the best preventative measure to thwart these attacks is to remove the names completely from the DNS before they can impart harm, not only to the domain name Registrant, but also to millions of unsuspecting Internet users.

Removing the domain name from the zone has the effect of shutting down all activity associated with the domain name, including the use of all websites and e-mail. The use of this technique should not be entered into lightly. William Hill Organization Limited has an extensive, defined, and documented process for taking the necessary action of removing a domain from the zone when its presence in the zone poses a threat to the security and stability of the infrastructure of the Internet or the Registry.

Abuse Point of Contact

As required by the Registry Agreement, William Hill Organization Limited will establish and publish on its website a single abuse point of contact responsible for addressing inquiries from law enforcement and the public related to malicious and abusive conduct. William Hill Organization Limited will also provide such information to ICANN prior to the delegation of any domain names in the TLD. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of malicious conduct complaints, and a telephone number and mailing address for the primary contact. Such information will be kept accurate and up to date and will be provided to ICANN if and when changes are made. In addition, with respect to inquiries from ICANN-Accredited Registrars, William Hill Organization Limited’s registry back-end services provider, Neustar, shall have an additional point of contact, as it does today, handling requests by Registrars related to abusive domain name practices.

28.2 Policies Regarding Abuse Complaints

William Hill Organization Limited recognizes that one of the key policies each new gTLD registry will need to have is an Acceptable Use Policy that clearly delineates the types of activities that constitute “abuse” and the repercussions associated with an abusive domain name registration. This is especially the case in which domain name registrations will be accepted by unaffiliated entities.

In addition, if William Hill Organization Limited allows registrations from unaffiliated entities, these abuse policies will be incorporated into the applicable Registry-Registrar Agreement. Such Agreements will reserve the right for the Registry to take the appropriate actions based on the type of abuse. This will include locking down the domain name preventing any changes to the contact and nameserver information associated with the domain name, placing the domain name “on hold” rendering the domain name non-resolvable, transferring to the domain name to another Registrar, and⁄or in cases in which the domain name is associated with an existing law enforcement investigation, substituting name servers to collect information about the DNS queries to assist the investigation.

William Hill Organization Limited will adopt an Acceptable Use Policy that clearly defines the types of activities that will not be permitted in the TLD and reserves the right of William Hill Organization Limited to cancel, transfer, or otherwise suspend or take down a domain name that violates the Acceptable Use Policy and allow William Hill Organization Limited – where and when appropriate – to share information with law enforcement agencies. Each ICANN-Accredited Registrar must agree to pass through the Acceptable Use Policy to its Reseller(s) (if applicable) and ultimately to the domain name registrant(s) in the TLD.

Below is the proposed initial Acceptable Use Policy for the .williamhill registry:

“This Acceptable Use Policy gives the Registry the ability to quickly lock, cancel, transfer or take ownership of any domain name registered in the .williamhill TLD, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its Registrar partners – and⁄or that may put the safety and security of any Registrant or user at risk. The process also allows the Registry to take preventive measures to avoid any such criminal or security threats.

The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring of Neustarʹs industry leading security monitoring labs. In all cases, William Hill Organization Limited through its registry back-end services provider, Neustar, will first alert its Registrar partners about any identified threats, and will work closely with them to bring offending sites into compliance.”

The following are some (but not all) activities that may be subject to rapid domain compliance:
- Phishing: the attempt to acquire personally identifiable information by masquerading as a website other than William Hill Organization Limited’s own website.
- Pharming: the redirection of Internet users to websites other than those the user intends to visit, usually through unauthorized changes to the Host;s file on a victim’s computer or DNS records in DNS servers.
- Dissemination of Malware: the intentional creation and distribution of ʺmaliciousʺ software designed to infiltrate a computer system without the owner’s consent, including, without limitation, computer viruses, worms, key loggers, and Trojans.
- Fast Flux Hosting: a technique used to shelter Phishing, Pharming and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP address associated with fraudulent websites are changed rapidly so as to make the true location of the sites difficult to find.
- Botnetting: the development and use of a command, agent, motor, service, or software which is implemented: (1) to remotely control the computer or computer system of an Internet user without their knowledge or consent, or (2) to generate direct denial of service (DDOS) attacks.
- Malicious Hacking: the attempt to gain unauthorized access (or exceed the level of authorized access) to a computer, information system, user account or profile, database, or security system.
- Child Pornography: the storage, publication, display and⁄or dissemination of pornographic materials depicting individuals under the age of majority in the relevant jurisdiction.

The Registry reserves the right, in its sole discretion, to take any administrative and operational actions necessary, including the use of computer forensics and information security technological services, among other things, in order to implement the Acceptable Use Policy. In addition, the Registry reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion: (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Registry as well as its affiliates, subsidiaries, officers, directors, and employees; (4) in accordance with the terms of the Registrant Registration Agreement; or (5) to correct mistakes made by the Registry or any Registrar in connection with a domain name registration. The Registry also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.

Coordination with Law Enforcement

With the assistance of Neustar as its back-end registry services provider, William Hill Organization Limited shall meet its obligations under Section 2.8 of the Registry Agreement where required to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. William Hill Organization Limited will respond to legitimate law enforcement inquiries within one business day from receiving the request. Such response shall include, at a minimum, an acknowledgement of receipt of the request, Questions or comments concerning the request, and an outline of the next steps to be taken by William Hill Organization Limited for rapid resolution of the request.

In the event such request involves any of the activities which can be validated by William Hill Organization Limited and involves the type of activity set forth in the Acceptable Use Policy, the sponsoring registrar is then given 12 hours to investigate the activity further and either take down the domain name by placing the domain name on hold or by deleting the domain name in its entirety or providing a compelling argument to the registry to keep the name in the zone. If the registrar has not taken the requested action after the 12-hour period (i.e., is unresponsive to the request or refuses to take action), the Registry will place the domain on “serverHold”.

28.3 Measures for Removal of Orphan Glue Records

As the Security and Stability Advisory Committee of ICANN (SSAC) rightly acknowledges, although orphaned glue records may be used for abusive or malicious purposes, the “dominant use of orphaned glue supports the correct and ordinary operation of the DNS.” See http:⁄⁄www.icann.org⁄en⁄committees⁄security⁄sac048.pdf.

While orphan glue records often support a correct and ordinary operation of the DNS, we understand that such glue records can be used maliciously, for instance to point to name servers that host domains used in illegal phishing, bot-nets, malware, and other abusive behaviors. Problems occur when the parent domain of the glue record is deleted but its children glue records still remain in the DNS. Therefore, when the Registry has written evidence of actual abuse of orphaned glue records, the Registry will take action to remove those records from the zone to mitigate such malicious conduct.

Neustar runs a daily audit of entries in its DNS systems and compares those with its provisioning system. This serves as an umbrella protection to make sure that items in the DNS zone are valid. Any DNS record that shows up in the DNS zone but not in the provisioning system will be flagged for investigation and removed if necessary. This daily DNS audit serves to not only prevent orphaned hosts but also other records that should not be in the zone.

In addition, if either William Hill Organization Limited or Neustar become aware of actual abuse on orphaned glue after receiving written notification by a third party through its Abuse Contact or through its customer support, such glue records will be removed from the zone.

28.4 Measures to Promote WHOIS Accuracy

As the .williamhill gTLD will only be available to affiliate entities of William Hill Organization Limited, initially, the WHOIS database should be by its very nature accurate. The only data in the WHOIS database for these initial registrations will be that of William Hill Organization Limited and its affiliated entities. There will be little or no personal information in that database and the data will be that of the businesses themselves. Contact information for William Hill Organization Limited and its affiliates are already widely known and there is no incentive, unlike in other gTLDs, for the provision of false or inaccurate WHOIS data.

To the extent that William Hill Organization Limited decides subsequently to open up .williamhill gTLD to unaffiliated entities, maintaining an accurate, reliable and up-to-date WHOIS database will be of paramount concern. William Hill Organization Limited will provide a publicly available and searchable WHOIS look up facility, where information about the domain name status, registrant information including administrative and technical contact details can be found in accordance with Specification 4 of the Registry Agreement. In order to prevent misuse of the WHOIS look up facility, William Hill Organization Limited will utilize measures including a requirement where any person submitting a WHOIS database query is required to read and agree to the terms and conditions in accordance with the registration policy. This will include the terms of use that the WHOIS database is provided for information purposes only and that the user agrees not to use the information for any other purposes such as allowing or enabling the transmission of unsolicited commercial advertising or other communication.

William Hill Organization Limited acknowledges that ICANN has developed a number of mechanisms over the past decade that are intended to address the issue of inaccurate WHOIS information. Such measures alone have not proven to be sufficient and William Hill Organization Limited will offer a mechanism whereby third parties can submit complaints about inaccurate WHOIS data directly to the William Hill Organization Limited (as opposed to ICANN or the sponsoring Registrar). Such information shall be forwarded to the sponsoring Registrar, who shall be required to address those complaints with their Registrants. Thirty days after forwarding the complaint to the Registrar, William Hill Organization Limited will examine the current WHOIS data for names that were alleged to be inaccurate to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the Registrar has failed to take any action, or it is clear that the Registrant was either unwilling or unable to correct the inaccuracies, William Hill Organization Limited reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.

28.4.1 Authentication of Registrant Information

Initially, William Hill Organization Limited will only allow domain name registrations from its own corporate entity and from other affiliated entities which it has authenticated. All information will be verified by William Hill Organization Limited as complete and accurate at the time of registration.

28.4.2 Monitoring of Registration Data

As a restricted gTLD, initially, William Hill Organization Limited will ensure that all registration data is kept accurate, reliable and up-to-date. To the extent that William Hill Organization Limited subsequently allows registrations by unaffiliated third parties, William Hill Organization Limited commits to conduct regular audits to monitor registration data for accuracy and completeness, and establish policies and procedures to address domain names with inaccurate or incomplete WHOIS data.

28.5 Resourcing Plans

Ordinarily, for an unrestricted gTLD, responsibility for abuse mitigation rests would rest with a variety of functional groups that would be tasked with providing analysis and conducting investigations of reports of abuse. Given that the .williamhill gTLD will be restricted for the internal use of William Hill Organization Limited and its affiliated entities, the resource needs will be limited. That said, William Hill Organization Limited has outsourced its domain name registry functions to Neustar, who has an extensive team of engineering, support, product and legal personnel that can handle any complaints received on malicious or abusive conduct.

The necessary resources will be pulled from the pool of available resources described in detail in the response to Question 31 as needed. The following resources are available from these teams:
- customer support – 12 employees;
- policy ⁄ legal – 2 employees.

In our view, these resources are more than adequate to support the abuse mitigation procedures of the .williamhill Registry.


** William Hill Organization Limited’s draft Registration Policy

Domain Name Licenses Upon registration of a Domain Name, the Registrant holds a license to use the Domain Name for a specified period in accordance with the Registry Rules. Domain Names may be registered and renewed for 1, 2, 3, 4, 5, 6, 7, 8, 9 or 10 years.
Selection of Registrars Registrars eligible to register domain names must meet the following non-discriminatory criteria (in compliance with clause 2.9 (a) of the Registry Agreement):
(i) be an accredited ICANN Registrar;
(ii) demonstrate a level of understanding of the Domain Name registration policies of the Registry;
(iii) have experience managing the Domain Names of major corporations;
(iv) have proven tools for domain name portfolio management;
(v) have business processes to perform automated validation (and any additional human checks as required by the Registry) of the eligibility of the domain name for registration according to the Domain Name policies of the William Hill Organization Limited;
(vi) demonstrate a sufficient level of security to protect against unauthorized access to the Domain Name records;
(vii) demonstrate experience and have appropriate resources in managing abuse prevention, mitigation and responses;
(viii) provide multi-language support for the registration of IDNs;
(ix) comply with any re-validation of its Registry-Registrar agreement at a regular interval as determined by the Registry or as required by ICANN from time to time;
(x) meet applicable technical requirements of the William Hill Organization Limited; and
(xi) comply with all conditions, dependencies, policies and other requirements reasonably imposed by William Hill Organization Limited, including maintenance of suitable systems and applications that are capable of interacting with the Registry system.

Eligible Registrants The Registrant must be:
(i) an Affiliate entity of William Hill Organization Limited; or
(ii) an organisation explicitly authorized by William Hill Organization Limited; or
(iii) a natural person explicitly authorized by William Hill Organization Limited.

If the Registrant does not meet one of the above eligibility criteria, there is no entitlement to register a Domain Name under the .williamhill, .
If the Registrant ceases to be eligible at any time in future, the Registry may cancel or suspend the licence to use the Domain Name immediately.
Registry approval requirement
Registration of Domain Names under .williamhill, must be approved by William Hill Organization Limited in addition to meeting all requirements under the Registry Rules. William Hill Organization Limited’s approval for complete and valid application submitted will be authorised by:
(i) William Hill Hostmaster (hostmaster@williamhill.com) (“Authorization Provider”); or
(ii) an authorized person as nominated by William Hill Organization Limited (“Authorised Person”) and notified to Registrar from time to time.

Authorisation Provider will notify the Registrar of its decision.
Required criteria for Domain Name registration
An application for Domain Name registration must meet all the following criteria:
(i) availability;
a. the Domain Name is not already registered;
b. it is not reserved or blocked by the Registry; or
c. it meets all Registry’s technical requirements;
(ii) technical requirements;
a. a maximum of 63 characters (after its conversion into the ASCII for IDNs);
b. use of characters selected from the list of supported characters as nominated by the Registry;
(iii) the Domain Name must be consistent with the mission and purposes of the gTLD and consistent with the Domain Name registration policy of William Hill Organization Limited, and include but not be limited to:
a. product name;
b. service name;
c. marketing term;
d. geographic identifier; or
e. any relevant name or term as approved by Authorisation Provider or Authorised Person.
(iv) compliance with all requirements under the Registry Rules: the Registrant must comply with all provisions contained in the Registry Rules.

Obligation of Registrants
The Registrant must enter into an agreement with the Registrar for Domain Name registration under which the Registrant will be bound by the Registry Rules specified through the Registry-Registrar agreement as amended by the Registry from time to time.
The Registrant must also agree to be bound by the minimum requirements in clause 3.7.7 of ICANNʹs Registrar accreditation agreement.
The Registrant represents and warrants that:
(i) it meets, and will continue to meet, the eligibility criteria at all times and must notify the Registrar if it ceases to meet such criteria;
(ii) the registration, renewal and use of the Domain Name does not violate any third party intellectual property rights, applicable laws or regulation;
(iii) it is entitled to register the Domain Name;
(iv) the registration and use of the Domain Name is made in good faith and for a lawful purpose;
(v) if the use of registered Domain Name is licensed to a third party,
a. the Registrant must have a licencing agreement with the licensee for the use of the Domain Name that is not less onerous than the obligation of the Registrant contained in the Registry Rules; and
b. where there is a breach of any provisions contained in the Registry Rules by the licensee of the Domain Name, Registry may revoke the Domain Name at its sole discretion.
(vi) it owns or otherwise has the right to provide all registration data (including personal information) for each Domain Name registered and provision of such registrant data complies with all applicable data protection laws and regulations; and
(vii) It has appropriate consent and licences to allow for publication of registration data in the WHOIS database.

Registrant contact information
The Registrant must provide complete and accurate contact information of the Registrant (in accordance with clause 3.7.7.1 of the ICANN’s Registrar accreditation agreement), including but not limited to the following;
(i) if the Registrant is a company or organization:
a. name of a company or organization;
b. registered office and principal place of business; and
c. contact details of the Registrant including e-mail address and telephone number;
(ii) if the Registrant is a natural person:
a. full name of the Registrant;
b. address of the Registrant; and
c. contact details of the Registrant including e-mail address and telephone number.

All Registrant contact information must be complete and accurate.
Any changes to such Registrant information must be promptly notified to the Registrar, and no later than one (1) month of such change.

Revocation of Domain Names
The Registrant acknowledges that the Registry may revoke a Domain Name immediately at its sole discretion:
(i) in the event the Registrant breaches any Registry Rules;
(ii) to comply with applicable law, court order, government rule or under any dispute resolution processes;
(iii) where such Domain Name is used for any of the following prohibited activities (Prohibited Activities):
a. spamming;
b. intellectual property and privacy violations;
c. obscene speech or materials;
d. defamatory or abusive language;
e. forging headers, return addresses and internet protocol addresses;’
f. illegal or unauthorised access to other computers or networks;
g. distribution of internet viruses, worms, Trojan horses or other destructive activities; and
h. any other illegal or prohibited activities as determined by the Registry.
(iv) in order to protect the integrity and stability of the domain name system and the Registry;
(v) where such Domain Name is placed under reserved names list at any time; and
(vi) where Registrant fails to make payment to the Registrar for registration, renewal or any other relevant services.

Use of second or third level IDNs
In addition to meeting all required criteria for registration of domain names above, an application for an IDN Domain Name must:
(i) meet all technical requirement for the applicable IDN;
(ii) comply with the IDN tables used by the Registry as amended from time to time; and

Use of Geographic names
All two-character labels and country and territory names will be initially reserved in accordance with specification 5 of the Registry Agreement.
Upon approval from ICANN and any other guidelines by applicable governments and ICANN’s Governmental Advisory Committee, the Registry may release the two-character labels and country and territory names in accordance with William Hill Organization Limited’s response to Question 22 Geographic Names.
Reserved Names The Registry may place certain names in its reserved list from time to time where:
(i) the Registry believes in its sole discretion that use of such names may pose a risk to the operational stability or integrity of the Registry;
(ii) in accordance with ICANN’s specifications contained in the Registry Agreement, guidelines or recommendations;
(iii) there is a risk of trademark infringement or where the name otherwise may cause confusion taking into consideration the mission and purpose of the gTLD; or
(iv) the Registry in its sole discretion decides certain names to be reserved for any reason.

Allocation of Domain Name
The Registry will register Domain Names on a first-come, first-served basis in accordance with the Registry Rules.
The Registry does not provide pre-registration or reservation of Domain Names.

Limitation on registration ⁄ Domain Name licences
There is no restriction on the number of Domain Names any Registrant may hold.
The Registrant may further licence the use of the Domain Name to any third parties provided that the Registrant enters into an agreement with such third parties on the terms not less onerous than its obligations under the Registry Rules.
Protection of third party intellectual property rights
The Registry will implement all rights protection measures as required by ICANN in clause 2.8 of the Registry Agreement, including the use of the Uniform Rapid Suspension (URS) procedure, and Uniform Domain Name Dispute Resolution Policy (UDRP).

Term of registration ⁄ renewal Initial term of registration:
A Domain Name can be registered for a period between one (1) to ten (10) years.
Renewal of registration:
(i) The term may be extended at any time for a period between one (1) to ten (10) years, provided that the total aggregate term of the Domain Name does not exceed ten (10) years at any time.
(ii) Upon change of sponsorship of the Domain Name from one Registrar to another, according to Part A of the ICANN Policy on Transfer of Registrations between Registrars, the term of registration of registered Domain Name will be extended by one year, provided that the maximum term of registration at any time does not exceed ten (10) years.
(iii) The change of sponsorship of registration of Domain Name from one Registrar to another, accordingly to Part B of the ICANN Policy on Transfer of Registrations between Registrars will not result in the extension of the term of registration.

Cancellation of registration:
The Registrant may cancel a Domain Name registration at any time by submitting its request with the Registrar.
Auto-renewal:
Upon expiry of the Domain Name, the Registry will auto-renew the Domain Name for a one year term (1) year term unless the Registrant submits its intention not to renew the Domain Name.
The Registry will implement the business rules for renewal of Domain Names documented in appendix 7 of the .com Registry Agreement.
Transfer of Domain Names between registrants
Any transfer of a Domain Name between Registrants must be approved by the Registry through the Registrar.
The legal heirs of the Registrant or purchaser of the Registrant may request the transfer provided that they meet the eligibility criteria for registration under .williamhill, .
If the Registrant becomes subject to insolvency or any other proceeding, the administrator may request the transfer. The transferee must provide appropriate documentation as required by Registry to approve such transfer.
Change of Registrar
If the agreement between the Registry and the Registrar is terminated and if the Registrar has not transferred its Domain Name portfolio to another Registrar, the Registry will notify affected Registrants. The Registrants must select a new Registrar within one (1) month following such notice from the Registry. If the Registrant fails to appoint a new Registrar within the timeframe set out above, the Registry may suspend the Domain Name.
If the Registrant wishes to change the Registrar, the Registrant must obtain the auth-info code from the Registrantʹs current Registrar, and request a transfer through the gaining Registrar in compliance with ICANNʹs Inter-Registrar transfer policy.

Privacy and Data Protection
By registering a Domain Name, the registrant authorises the Registry to process personal information and other data required for the operation of the .williamhill. The Registry will only use the data for the operation of the Registry including but not limited to its internal use, communication with the Registrant, and provision of WHOIS look-up facility.
The Registry may only transfer the data to third parties:
(i) with the Registrant’s consent;
(ii) in order to comply with laws, regulations or orders by a competent public authority and any Alternative Dispute Resolution (ADR) providers; or
(iii) for a publicly available and searchable WHOIS look-up facility, in accordance with specification 4 of the Registry Agreement.

WHOIS The Registry provides a publicly available and searchable WHOIS look up facility, where information about the Domain Nameʹs status (including creation and expiry dates), and registrant, administrative and the technical contact administering the Domain Name can be found, in accordance with specification 4 of the Registry Agreement.
In order to prevent misuse of the WHOIS look up facility, the Registry requires any person submitting a WHOIS database query will be required to read and agree to the terms and conditions, which informs that:
(i) the WHOIS database is provided for information purposes only; and
(ii) the user agrees not to use the WHOIS information to allow or enable the transmission of unsolicited commercial advertising or other communication via email or other methods to the Registrants.

Pricing ⁄ Payment
The new gTLD does not charge a separate fee for the Registrar to register domain names, as the gTLD is used only for the mission and purpose of William Hill Organization Limited. William Hill Organization Limited bears the cost of operating the Registry.
The Registry will provide Registrars with 30 days’ notice of any price change for new registrations, and 180 days advance notice of any price change for renewals in accordance with clause 2.10 of the Registry Agreement.

Dispute Resolution
The Registrant agrees to be bound by ICANN’s Dispute Resolution Policies in respect of all disputes in connection with the Domain Name.

Compliance with Consensus and Temporary Policies
The Registrant agrees to be bound by all applicable consensus and temporary policies as required and mandated by ICANN.

Definitions
Affiliate means in relation to a party any corporation or other business entity controlling, controlled by, or under common control of that party and for the purposes of this definition, a corporation or other business entity shall be deemed to control another corporation or business entity if it owns directly or indirectly:
(i) fifty percent (50%) or more of the voting securities or voting interest in any such corporation or other entity; or
(ii) fifty percent (50%) or more of the interest in the profit or income in the case of a business entity other than a corporation; or
(iii) in the case of a partnership, any other compatible interest equal to at least a fifty percent (50%) share in the general partner.

Domain Name means a domain name registered directly under the .williamhill or for which a request or application for registration has been filed with the Registry;
ICANN’s Dispute Policy means the dispute policy currently known as the Uniform Domain Name Dispute Resolution Policy (UDRP) issued and as may be updated from time to time by the Internet Corporation of Assigned Names and Number (ICANN) and the Uniform Rapid Suspension (URS) (see Specification 7 of the Registry Agreement).
Registrar means an ICANN accredited registrar which enters into and is in compliance with the registry-registrar agreement for the TLD, and which provides domain name registration services to Registrants;
Registry means Neustar Inc
Registry Agreement means the agreement between William Hill Organization Limited and ICANN;
Registry Rules mean:
(i) Registration terms and conditions agreed between the Registry and Registrant for registration of a Domain Name; and
(ii) Registration policies provided and amended by the Registry from time to time.

Registrant means a natural person, company or organisation who holds a Domain Name registration or who has requested or applied for the registration of a Domain Name;