29 Rights Protection Mechanisms

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.ummahUmmah Digital Limitedgmail.comView

Rights Protection is something CoCCA has prioritized by necessity throughout its nine-year history. The policy matrix adopted by UMMAH DIGITAL for the .UMMAH TLD will subject registrants to several layers of complaint and dispute resolution - the CoCCA Complaint Resolution Service, UDRP proceedings and URS proceedings. UMMAH DIGITAL will employ established methods for handling Sunrise and Trademark Claims as outlined below, guided by the Specification requirements of the proposed Registry Agreement.

CoCCA offers a wide range of services including, a wildcard registration program to block variants of a domain for Trademark holders as well as an ʺAlertʺ service included in the Premium RDDS service that any interested party can subscribe to - alerting them if a specific string is registered in any CoCCA managed TLD. CoCCA recognizes that ICANN has not completed the Trademark Clearing House (TMCH) program. CoCCA has in the past integrated it’s SRS with the Clearinghouse for Intellectual Property, while CoCCA cannot fully describe the details of implementation for this application based on incomplete work, CoCCA intends to comply and⁄or exceed the final ICANN program.

In particular, CoCCA offers the following procedures to help protect the rights of trademark owners:

Sunrise Services
Trademark Claims Service
Name Selection Policy
Acceptable Use Policy
Unqualified Registration Safeguards
Wildcard Registrations⁄Alert services
Clearinghouse of Intellectual Property API
Thick WHOIS
RPM Compliance auditing of Registrars
UDRP, URS, PDDRP and RRDRP and CoCCA CRS
Limited License
Rapid Takedown & Suspension (Critical Issue Suspensions)
Scanning & Malware Mitigation
Phishing Mitigation
Fast Flux Mitigation
DNSSEC Deployment
Law Enforcement and Anti-Abuse Community Collaboration

29.1 Registration Abuse Prevention Mechanismʹs Pre Launch

To support UMMAH DIGITALʹs objectives, CoCCA will implement specific measures in compliance with ICANN’s Applicant Guide Book. At a minimum, ICANN states that UMMAH DIGITAL must offer sunrise registration for a period of thirty days during pre-launch in conjunction with the Trademark Clearing House.

CoCCA’s RPM framework and technology contains several levels of safeguards to deter unqualified registration and other malicious behaviors during pre-launch. This not only exceeds requirements, but also provides customers of the TLD predictably in service offerings and protections.

29.1.1 Sunrise & Land-rush

To meet the ICANN requirement of a 30-day Sunrise process for those with verifiable trademark rights or owners of exact matching strings in other TLDs, CoCCA shall implement for UMMAH DIGITAL a Sunrise period for domain registrations. The validations of domains names that are an identical match will occur via the Trademark Clearinghouse via notice by UMMAH DIGITAL or UMMAH DIGITAL approved Registrar. The CoCCA SRS will store and make available via the SRS all documents lodged in support of a Sunrise Application.

During the Sunrise, UMMAH DIGITAL will be responsible for determining eligibility of the registration and it will require the Registrant to affirm that they meet Sunrise Eligibility Requirements (SERs) and incorporate a Sunrise Dispute Resolution Policy (SDRP).

The Sunrise will be followed by a 30 day Registration Land-rush for members of the community⁄business owners⁄non-governmental organizations, etc. The process will end in General Availability or Open Registration. Eligible Trademark holders may continue to register marks on an ongoing basis.

29.1.2 Trademark Claims Service

Per ICANNʹs Applicant Guide Book, UMMAH DIGITAL is required to provide a Trademark Claims service during pre-launch phases and for at least 60 days from the date of open registration. During the Trademark Claims period, UMMAH DIGITAL or the Registrar will provide notice to the prospective registrants where an identical match is identified in the Trademark Clearinghouse. The notice will include warranties that the prospective Registrant must understand and adhere to that the domain will not infringe on the rights of the respective Trademark holder. A notice will also be sent to the designated Trademark holder of marks where an identical match has been identified.

29.1.3 Name Selection Policy

The .UMMAH TLD will enforce a name selection policy that ensures that all names registered in the gTLD will be in compliance with ICANN mandated technical standards. These include restrictions on 2 character names, tagged names, and reserved names for Registry Operations. All names must also be in compliance with all applicable RFCs governing the composition of domain names. Registrations of Country, Geographical and Territory Names will only be allowed in compliance with the restrictions as outlined in the answer to Question 22.

Additionally, UMMAH DIGITAL requires that domain names within the .UMMAH TLD should consist of proper characters unique within top-level domain, followed by the characters
ʺ.UMMAHʺ. Domain names should meet the following technical requirements; They shall:
* contain no more than 63 characters;
* begin and end with a letter or a digit;
* contain no characters different from letters, figures and a hyphen (allowable characters are the letters of the Roman alphabet; capital and lowercase letters do not differ);
* contain no hyphens simultaneously in the third and forth positions.

Acceptable Use Policy

UMMAH DIGITAL has developed an Acceptable Use Policy (AUP) framework that is referenced in the answer to Question 28. This AUP clearly defines what type of behavior is expressly prohibited in conjunction with the use of a .UMMAH domain name. UMMAH DIGITAL will require, through both the Registry Registrar Agreement (RRA), and a Registry Registrant Agreement (RA) that this AUP be accepted by a registrant prior to activation of a domain in the .UMMAH TLD.

29.2 Rights Protection Mechanismʹs Post Launch

CoCCA offers a suite of post-launch Rights Protection Mechanisms. UMMAH DIGITAL, supported by CoCCA services, will promote the security and stability of the TLD with the following:

* Unqualified Registration Safeguards
* Wildcard Registration Alert services
* Clearinghouse of Intellectual Property API
* Thick WHOIS
* RPM Compliance auditing of Registrars
* UDRP, URS, CRS
* Limited License
* Rapid Takedown & Suspension (Critical Issue Suspensions)
* Phishing Mitigation
* Scanning Malware Mitigation
* Fast Flux Mitigation
* DNSSEC Deployment
* Law Enforcement and Anti-Abuse Community Collaboration

29.2.1 Unqualified Registration Safeguards

UMMAH DIGITAL plans to adopt the CoCCA Acceptable Use Policy (AUP) and Complaint Resolution Service Policy (CRS) as part of the operation of the .UMMAH gTLD.

The CoCCA model differs from the ʺclassicʺ gTLD shared registry system in that Registrants are bound by a collateral agreement between themselves and the TLD Operator. This collateral agreement binds them to the .UMMAH TLD AUP policy, RDDS policy, CoCCAʹs Complaint Resolution Service and well as UDRP and URS. The .UMMAH AUP policy (attached) contains a variety of provisions aimed at protecting rights:

“1.1. UMMAH DIGITAL’s Network or .UMMAH Registry Services provider and .UMMAH Domain names must be used only for lawful purposes and must comply at all times with this AUP. The creation, transmission, distribution, storage of, or linking to any material in violation of applicable law or regulation or this AUP is prohibited. This may include, but is not limited to, the following:
(1) Communication, publication or distribution of material (including through links or framing) that infringes upon the intellectual and⁄or industrial property rights of another person. Intellectual and⁄or industrial property rights include, but are not limited to: copyrights (including future copyright), design rights, patents, patent applications, trade marks, rights of personality, and trade secret information.
(2) Registration or use of a .UMMAH Domain name in circumstances in which, in the sole discretion of UMMAH DIGITAL:
(a) The .UMMAH Domain name is identical or confusingly similar to a personal name, company, business or other legal or trading name as registered with the relevant country agency, or a trade or service mark in which a third party complainant has uncontested rights, including without limitation in circumstances in which:
(i) The use deceives or confuses others in relation to goods or services for which a trade mark is registered in Gambia, or in respect of similar goods or closely related services, against the wishes of the registered proprietor of the trade mark; or
(ii) The use deceives or confuses others in relation to goods or services in respect of which an unregistered trade mark or service mark has become distinctive of the goods or services of a third party complainant, and in which the third party complainant has established a sufficient reputation in Gambia, against the wishes of the third party complainant; or
(iii) The use trades on or passes-off a .UMMAH Domain name or a website or other content or services accessed through resolution of a .UMMAH Domain as being the same as or endorsed, authorized, associated or affiliated with the established business, name or reputation of another; or
(iv) The registration or use may tend to mislead or deceive Internet users or consumers in breach of UMMAH DIGITAL policy, or the laws of Gambia; or
(b) The .UMMAH Domain name has been used in bad faith, including without limitation the following:
(i) The User has used the .UMMAH Domain name primarily for the purpose of unlawfully disrupting the business or activities of another person; or
(ii) By using the .UMMAH Domain name, the User has intentionally created a likelihood of confusion with respect to the third party complainant’s intellectual or industrial property rights and the source, sponsorship, affiliation, or endorsement of website(s), email, or other online locations or services or of a product or service available on or through resolution of a .UMMAH Domain name; or
(iii) For the purpose of selling, renting or otherwise transferring the Domain name to an entity or to a commercial competitor of an entity, for valuable consideration in excess of a User’s documented out-of-pocket costs directly associated with acquiring the Domain Name; or
(iv) As a blocking registration against a name or mark in which a third party has superior intellectual or industrial property rights.
(3) A .UMMAH Domain name registration which is part of a pattern of registrations where the User has registered domain names which correspond to well known names or trade marks in which the User has no apparent rights, and the .UMMAH Domain name is part of that pattern.
(4) The .UMMAH Domain name was registered arising out of a relationship between two parties, and it was mutually agreed, as evidenced in writing, that the Registrant would be an entity other than that currently in the register.
(5) Unlawful communication, publication or distribution of registered and unregistered know-how, confidential information and trade secrets.
(6) Publication of web content which, in the opinion of the UMMAH DIGITAL:
(a) is capable of disruption of systems in use by other Internet users or service providers (e.g. viruses or malware);
(b) seeks or apparently seeks authentication or login details used by operators of other Internet sites (e.g. phishing); or
(c) may mislead or deceive visitors to the site that the site has an affiliation with the operator of another Internet site (e.g. phishing).
(7) Communication, publication or distribution, either directly or by way of embedded links, of images or materials (including, but not limited to pornographic material and images or materials that a reasonable person as a member of the Internet community of Gambia and⁄or of the Islamic community would consider to be obscene or indecent) where such communication, publication or distribution is prohibited by or constitutes an offence, whether incorporated directly into or linked from a web site, email, posting to a news group, Internet forum, instant messaging notice which makes use of domain name resolution services in the .UMMAH TLD.
Material that a reasonable member of the community of Gambia and⁄or of the Islamic community would consider pornographic, indecent, and⁄or obscene or which is otherwise prohibited includes, by way of example and without limitation, real or manipulated images depicting pornography, bestiality, excessively violent or sexually violent material, sexual activity, material containing detailed instructions regarding how to commit a crime, an act of violence, or how to prepare and⁄or use illegal drugs, material that promotes violence or hatred against individuals or groups on the basis of age, gender, race, ethnic origin, sexual orientation, religion, disability or veteran status, and material that promotes war, acts of terrorism, bullying or social discord. ʺ

Although registrars are required to advise registrants of the TLD policies and conditions, with the prevalence of highly automated registration systems and expansive reseller networks it cannot be guaranteed that registrants have reviewed or agreed to the policy. An email reiterating these policies will be sent to each registrant to ensure that new applicants are made aware of and confirm their agreement to the RA and .UMMAH TLD policies before a domain is delegated with the Registrants nominated hosts.

The same Activation process allows CoCCA the opportunity to verify the accuracy of customer data supplied by the registrar, the use of dynamically generated images as challenge-response verification prevents automated processes from activating domains.

29.2.2 Wildcard Registrations

CoCCAʹs SRS currently supports a Wildcard Registration option, which it will extend to all new gTLDs in which a brand owner⁄trademark holder may register a domain and then upload evidence of the trademark or other asserted rights via PDF in the SRS GUI.

The Registrant may then they apply online to request a *.name or other wildcard block using java regular expressions for that text string. CoCCA will manually review the request for potential conflicts with other strings or generic words. CoCCA and the brand owner (or their agents) will work jointly to develop Wildcard logic which best achieves the desired result without negatively impacting other SRS users.

If approval is granted, an attempt to register any domain that triggers the wildcard string returns ʺnot available for policy reasonsʺ via EPP or GUI. A WHOIS query would return the information on the Primary domain. The CoCCA SRS treats any match as a variant of the Primary. Updating the WHOIS contact information, transfer of the Primary to another registrar etc. are automatically reflected in the variants.

The domain must be kept current and WHOIS details up to date in order for the Wildcard Registration to remain in effect. If the Primary registration lapses or is subject to a CoCCA CRS ruling, UDRP, or URS that results in a transfer of the domain to another entity, the Wildcard is removed.

29.2.3 Alert Services

Subscribers to the Premium RDDS service may request email and⁄or EPP polling alerts if a domain matching a given string is registered.

29.2.4 Clearing House for Intellectual Property (CHIP)

CHIP is a new technology that is designed to allow trademark owners to efficiently and effectively safeguard and enforce their rights on the Internet, and in particular in the domain name space. CoCCA and IP Clearinghouse, the company that operates CHIP, have collaborated in the past to allow trademark owners to retroactively (or proactively) associate trademark information with specific domain names. This technology is available but may or may not be used depending on the outcome of developments with ICANNʹs gTLD Trademark Clearinghouse.

As a result of the project with the CHIP, CoCCA has already gained valuable experience integrating with an external database to validate and confirm rights to a domain.

29.2.5 Thick WHOIS

CoCCA will provide Thick WHOIS to enhance accessibility and stability and reduce malicious behavior thereby promoting increased rights protection mechanisms and investigations, where applicable. All WHOIS services meet Specification 4 of the Registry Agreement in support of Thick WHOIS. The agreement between UMMAH DIGITAL and its Registrants specifies that Registrant information should be true, complete and accurate. Given the current state of WHOIS, CoCCA will adapt to new formats and protocols as ICANN or its agents enact them.

CoCCAʹs validation⁄activation technology helps ensure the accuracy of contact information prior to activation, renewal and transfer of a domain.

29.2.6 Registrar Relationship

UMMAH DIGITAL views the protection of legal rights of a user’s domain name and that of trademark owners as a strategic imperative to operating a successful TLD. Therefore, only ICANN accredited Registrars will be used and be bound to the registry-registrar agreement. Certain components of the RPM framework will be administered on behalf of UMMAH DIGITAL. To ensure compliance with designated RPMs, CoCCA will conduct annual reviews and enforce non-compliance where necessary. In cases where Registrars fail to meet UMMAH DIGITAL standards, the Registrar will lose its certification to register domains in the .UMMAH TLD until all issues are resolved.

29.2.7 Uniform Dispute Resolution Policy (UDRP)

The UDRP is a proven rights protection mechanism whereby complainants can object to a domain registration via a UDRP provider. The Registrant in question has the opportunity to respond to the complaint and defend its registration and good-faith use. The UDRP provider and assigned panel provide a decision based on the information submitted by both the complainant and the respondent. Where the complainant is successful in proving a bad faith registration, ownership of the domain will be transferred accordingly and in line with ICANN policy. Conversely, where the complainant is unable to prove bad faith, the domain registration will remain with the assigned Registrant. Registrars of UMMAH DIGITAL must implement and respond to UDRP policy where applicable. Penalties will apply where Registrars are found to be in breach.

29.2.8 Uniform Rapid Suspension (URS)

CoCCA will implement the Uniform Rapid Suspension System (URS) per the Applicant Guidebook. If an infringement is discovered, the complainant may file an objection with a URS provider. The URS provider will investigate compliance via an administrative review. Upon a successful review, the URS provider will notify UMMAH DIGITAL to place the domain in question in lock status within twenty-four (24) hours of receipt of notice, meaning that no changes to registration data will occur, but the domain continues to resolve. Upon lock of the domain, UMMAH DIGITAL will notify the URS Provider and the URS Provider will notify the Registrant who will have an opportunity to respond. If the complainant proves the domain is used in an abusive manner, the domain name will be suspended for the remainder of the registration period and will resolve to an informational site provided by the URS provider. The WHOIS shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration and will continue to display the original Registrant information except for the redirection of the nameservers. The complainant will have the opportunity to extend the registration for one additional year. Conversely, if the evidence does not result in a successful determination of abuse, the URS Provider will contact CoCCA and controls of the registered domain will be returned to the Registrant.

29.2.9 Post-Delegation Dispute Resolution Procedure (PDDRP)

Per the Applicant Guidebook, UMMAH DIGITAL is required to implement the Post-Delegation Dispute Resolution Procedure (PDDRP) that allows a complainant the right to object to UMMAH DIGITAL’s manner of operation or use of the gTLD. A PDDRP provider will accept objections and perform a threshold review. CoCCA, as UMMAH DIGITAL’s agent, will respond to complaints as necessary to defend the operation and use of UMMAH DIGITAL’s .UMMAH gTLD.

29.2.10 Registration Restriction Dispute Resolution Procedure (RRDRP)

The Registration Restrictions Dispute Resolution Procedure (RRDRP) outlines the resolution proceedings whereby the Complainant determines that UMMAH DIGITAL has failed to comply with its defined registration restrictions. The parties to the dispute will be the gTLD registry operator and the harmed established institution where proper standing has been reviewed and confirmed. A successful complaint proves that the complainant is a defined community and that a strong association exists between it and the gTLD string. Further proof must be submitted that UMMAH DIGITAL violated its community-based restrictions and that measurable harm occurred. Upon administrative review of the complaint, UMMAH DIGITAL will file a response within 10 days of the filing.

If the complainant is determined to be the prevailing party, UMMAH DIGITAL will pay all Panel and Provider fees incurred, including filing fees. If UMMAH DIGITAL is found to have violated its registration restrictions, UMMAH DIGITAL will implement all remedial measures outlined by the Expert Panel, including cases where registration suspension may occur. UMMAH DIGITAL recognizes that this procedure does not preclude entities seeking remedies in courts of laws.

29.2.11 Limited License
The .UMMAH Registrant Agreement grant registrantʹs a right to a limited license to use (but not to sub-license the use of any portion of) the .UMMAH domain, subject to continuing compliance with all policies in place during that time.

29.2.12 Rapid Takedown & Suspension

CoCCA, at UMMAH DIGITAL’s request, will comply with any properly lodged takedown or suspension request. Historically, these types of requests are either based on court orders from a competent jurisdiction, or derived from a request from law enforcement. Under the .UMMAH policy, suspensions are not limited to URS or such requests. The CoCCA CRS has provisions that allow CoCCA Complaints Officers to trigger Critical Issue Suspensions (CIS) based on an AUP complaint lodged by a member of the public, or that arise based on malware scanning or evidence of malicious activity.

Before any suspension, CoCCA CRS officers will follow the auditable, formal CRS procedures. In cases where a registered domain is to be suspended or removed from the zone, CoCCA will follow its audit-able procedure documenting the incident number, date, time, domain name, threat level, description and reason for the take down or suspension.

The Ombudsman, Registrar, and Registrant will be notified at the time of a CIS or execution of an URS order. See attached CoCCA CRS.

29.2.13 Phishing Mitigation
CoCCA will establish and act upon the results of a regular poll against one or more trusted databases for phishing sites operating the domain (in second level or subordinate domains) within the TLD. Phishing activity most often occurs through a subordinate domain, rather than a directly registered second level domain. For this reason the registry should query for any wild-card occurrence of a domain that has been flagged as a phishing site or one that contains malware. CoCCA is currently investigating this technology for use in ccTLDs and will deploy it for the .UMMAH gTLD if it proves effective.

29.2.14 Malware Mitigation
Where commercially sensible, or a risk factor has been identified, CoCCA will perform automated and regular scanning for malware for all domains (or a subset of domains) in the registry. Often, Registrants are unaware and compromised by malware deployments. Scanning for malware may reduce occurrences of this type of abusive behavior for registered domain names in the .UMMAH TLD.

29.2.15 DNSSEC Deployment
As part of UMMAH DIGITALʹs mission to maintain a highly secure and stable TLD, CoCCA will implement DNSSEC as part of its backend registry services. DNSSEC helps mitigate, for example, pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. DNSSEC protects the DNS system from abuse threats in the following aspects:

29.2.16 Security of Domain Resolution
DNSKEY⁄RRSIG provide authentication and integrity verification to ensure data will not be compromised during transmission. The CoCCA name server trust anchor is signed by the public key and then delivered to the Interim Trust Anchor Repository (ITAR) for TLD verification. NSEC resource records will also be used to verify negative response messages of queried resource records to ensure deletion does not occur during transmission.

29.2.17 Security of Zone File Distribution
TSIG allows communication among authentication servers to ensure that it is the correct server and that data is not compromised during transmission.

29.2.18 Law Enforcement and Anti-Abuse Community Collaboration

CoCCA does and will continue to cooperate closely with anti-abuse communities, experts, and law enforcement in the mitigation and prevention of abuse behavior. Not only will best practice be shared, but also collaboration on the latest issues will remain a priority. In addition to collaboration, instances may take the form of early notification by a security agency of malicious content. Another form of cooperation may be the provision of user information (including historical and non-publicly available information, where available) to the security agency, to assist in identification of wrongdoers. Ongoing cooperation between security agencies and the registry operator facilitates the ability for both the registry and law enforcement to react promptly to threats, potentially minimizing harm. With respect to suspensions, the registrant will be given an opportunity to provide a remedy for the issue via automated processes but given the time sensitive nature of criminal activity, automated suspension based on triggers⁄flags, or at the request of law enforcement may be enabled.

29.2.19 Super-Locks
Critical or High Value domains can be manually ʺSuper Lockedʺ in the registry to ensure they are not removed from the zone, become a victim of social engineering or are suspended inadvertently by automated suspension technology. CoCCA’s super-lock technology requires domains to be locked and unlocked by designated staff at a Registrar using OTP tokens.

29.3 Resource Plans
UMMAH DIGITAL will dedicate 2 full time professionals to coordinate the operation of the .UMMAH gTLD. At the same time, the technical professionals at CoCCA will be supporting the vast majority of the technical aspects of operating the .UMMAH gTLD, including operation of the CRS and URS response on a 24⁄7⁄365 basis.

As the .UMMAH gTLD will also heavily rely on community support, it is also expected that members of the community will help UMMAH DIGITAL modify the policies and procedures that govern the operation of the gTLD. The following CoCCA team members will be used to support the rights protection plan: CoCCA CRS Officers, the CoCCA Ombudsman and CoCCA Expert Panelists.

CoCCA acting as registry services provider maintains a resource model to meet the demands of RPM implementation and on-going operation of the protection mechanisms.

The CoCCA workforce-staffing model is sized to provide the appropriate services for each managed TLD. Given the dynamic nature of technologies and innovation, the CoCCA staffing model is constantly reviewed and adjusted to achieve optimization without sacrifice to customer satisfaction and service level requirements. In cases where growth dictates an increase in staff, CoCCA maintains a proven staffing process for acquiring qualified candidates. Details of staffing resource plans for UMMAH DIGITAL can be found in response to questions of the Financial Projections section of the application.

There are eight CoCCA CRS Officers⁄COCCA NOC Support Officers whose role is to monitor Registry Services, review Complaints and liaise with Law Enforcement CERTʹs as required.

The complaints are dealt with in accordance with the CRS and AUP⁄Registrant Agreement, which allows the CRS officers discretion to suspend a domain instantly or send the complaint to the Ombudsman for amicable complaint resolution. CRS officers are available twenty-four hours a day, seven days a week, and three hundred and sixty five days a year.

Given the estimated registration volumes of 9,000 in Year 1, 10,800 in Year 2 and 12,960 in Year 3, respectively, in UMMAH DIGITAL’s Template 1: Most Likely Financial Projections attached to Question 46, CoCCA estimates it will require the following personnel to support the RPM implementation and operations for UMMAH DIGITAL:

* Complaint Resolution Service Officers: 8
* Complaint Resolution Expert - Minimum of Eight
* Ombudsman - One

Similar gTLD applications: (1)

gTLDFull Legal NameE-mail suffixzDetail
.wedAtgron, Inc.atgron.com-3.4Compare