gTLD Application Analysis by simMachines
Back

29 Rights Protection Mechanisms

gTLDFull Legal NameE-mail suffixDetail
.hboHBO Registry Services, Inc.markmonitor.comView
Use of domain names that infringe upon the legal rights of others in the TLD will not be tolerated and preventing abusive registrations is a core objective of HBO Registry Services, Inc. (“Applicant”). The nature of such uses creates security and stability issues for the registry, registrars, and registrants, as well as for users of the Internet in general. Primarily, Applicant will prevent abusive registrations by allowing only Applicant to register and Applicant and⁄or its Affiliates (as defined in Applicant’s Registration Policy) to use domain names in the registry under strict internal registration, anti-abuse and rights protection guidelines as defined in its Abuse Policy. In order to identify and address the abusive use of registered names on an ongoing basis, Applicant plans to additionally incorporate and abide by the following Rights Protection Mechanisms and all other rights protection mechanisms as specified in Specification 7 of the Registry Agreement and as adopted by the ICANN Board of Directors as ICANN Consensus Policies.

For a detailed description of the Anti-Abuse Policy Applicant intends to implement in its TLD, please see Applicant’s response to Question 28.

Trademark Clearinghouse

The first mandatory rights protection mechanism (“RPM”) required to be implemented by each new gTLD Registry is support for, and interaction with, the Trademark Clearinghouse. The Trademark Clearinghouse is intended to serve as a central repository for information to be authenticated, stored, and disseminated pertaining to the rights of trademark holders. The data maintained in the clearinghouse will support and facilitate other RPMs, including the mandatory Sunrise Period and Trademark Claims service. Although many of the details of how the Trademark Clearinghouse will interact with each registry operator and registrars are still being developed by ICANN, Applicant is actively monitoring the developments of the Implementation Assistance Group (“IAG”) designed to assist ICANN staff in refining and finalizing the rules and procedures associated with the policies and technical requirements for the Trademark Clearinghouse. In addition, Applicant’s back-end registry services provider is actively participating in the IAG to ensure that the protections afforded by the Clearinghouse and associated RPMs are feasible and implementable.

Utilizing the Trademark Clearinghouse, all operators of new gTLDs must offer: (i) a Sunrise registration service for at least thirty (30) days during the pre-launch phase giving eligible trademark owners an early opportunity to register second-level domains in new gTLDs; and (ii) a Trademark Claims service for at least the first sixty (60) days that second-level registrations are open. The Trademark Claims service is intended to provide clear notice to a potential registrant of the rights of a trademark owner whose trademark is registered in the clearinghouse.

Applicant’s registry service provider, Neustar, has already implemented Sunrise and⁄or Trademark Claims programs for numerous TLDs including .biz, .us, .travel, .tel and .co and will implement both of these services on Applicant’s behalf.

Sunrise Period

All domain names registered during the Sunrise Period will be subject to Applicant’s domain name registration policy, namely, that all registrants be Applicant. Applicant will offer a Sunrise Period of sixty (60) days for owners of trademarks listed in the Trademark Clearinghouse that also meet Applicant’s domain name registration requirements to register domain names that consist of an identical match of their listed trademarks. Applicant’s Registry Services Liaison(s) will receive and authenticate all Sunrise Registrations.

Applicant’s registrar will ensure that all Sunrise Registrants meet sunrise eligibility requirements (SERs), which will be verified by Clearinghouse data. The proposed SERs include: (i) ownership of a mark that is (a) nationally or regionally registered and for which proof of use, such as a declaration and a single specimen of current use – was submitted to, and validated by, the Trademark Clearinghouse; or (b) that have been court-validated; or (c) that are specifically protected by a statute or treaty currently in effect and that was in effect on or before 26 June 2008, (ii) optional registry elected requirements re: international class of goods or services covered by registration; (iii) representation that all provided information is true and correct; and (iv) provision of data sufficient to document rights in the trademark.

Upon submission of all of the required information and documentation, registrar will forward the information to Applicant’s Registry Services Liaison(s) for authentication. The Registry Services Liaison(s) will review the information and documentation and verify the trademark information and registration eligibility, and notify the potential registrant of any deficiencies. If a registrant does not cure any deficiencies and⁄or respond by the means listed within a timely matter, Applicant’s Registry Services Liaison(s) will notify its registrar and the domain name will be released for registration.

Applicant will incorporate a Sunrise Dispute Resolution Policy (SDRP). The SRDP will allow challenges to Sunrise Registrations by third parties for a ten-day period after acceptance of the registration based on the following four grounds: (i) at time the challenged domain name was registered, the registrant did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; (ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration; (iii) the trademark registration on which the registrant based its Sunrise registration is not of national or regional effect or the trademark had not been court-validated or protected by statute or treaty; or (iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received.

After receiving a Sunrise Complaint, the Registry Services Liaison(s) will review the Complaint to see if the Complaint reasonably asserts a legitimate challenge as defined by the SDRP. If not, the Registry Services Liaison(s) will timely send an email to the Complainant that the subject of the complaint clearly does not fall within one of the delineated grounds as defined by the SDRP and that Applicant considers the matter closed.

If the domain name is not found to have adequately met the SERs, the Registry Services Liaison(s) will alert the registrar and registry services provider to immediately suspend the resolution of the domain name. Thereafter, the Registry Services Liaison(s) will immediately notify the Sunrise Registrant of the suspension of the domain name, the nature of the complaint, and provide the registrant with the option to timely cure the SER deficiencies or the domain name will be canceled.

If the registrant timely responds, its response will be further reviewed by Registry Services Liaison(s) to determine if the SERs are met. If the Registry Services Liaison(s) is satisfied by the registrant’s response, the Registry Services Liaison(s) will timely submit a request to the registrar and the registry services provider to revoke suspension of the domain name. If registrant does not timely respond, the Registry Services Liaison(s) will then timely notify the Complainant that its complaint was ultimately denied and provide the reasons for the denial.

Trademark Claims Service

Applicant will offer a Trademark Claims Service during the first one hundred and twenty (120) days of general registration. The Trademark Claims Service will be monitored by the Registry Services Liaison(s). Applicant’s registrar will be required to review all domain names requested to be registered during the Trademark Claims period to determine if they are an identical match of a trademark that has been filed with the Trademark Clearinghouse and they meet Applicant’s domain name registration requirements. A domain name will be considered an identical match when the domain name consists of the complete and identical textual elements of the mark, and includes domain names where (a) spaces contained within a mark that are either replaced by hyphens (and vice versa) or omitted; (b) certain special characters contained within a trademark are spelled out with appropriate words describing it (e.g., @ and &); and (c) punctuation or special characters contained within a mark that are unable to be used in a second-level domain name are either (i) omitted or (ii) replaced by spaces, hyphens or underscores. Domain names that are plural forms of a mark or that merely contain a mark will not qualify as an identical match.

If the registrar determines that a prospective domain name registration is identical to a mark registered in the Trademark Clearinghouse, the registrar will be required to ensure that a “Trademark Claims Notice” (“Notice”) in English is sent to the protective registrant of the domain name and blind copy Applicantʹs Registry Services Liason on all such correspondence. The Notice will provide the prospective registrant information regarding the trademark referenced in the Trademark Claims Notice to enhance understanding of the Trademark rights being claimed by the trademark holder. The Notice will be provided in real time without cost to the prospective registrant.

After sending the Notice, the registrar will be required to mandate that the prospective registrant specifically warrant within five (5) days that: (i) the prospective registrant has received notification that the mark(s) is included in the Clearinghouse; (ii) the prospective registrant has received and understood the notice; and (iii) to the best of the prospective registrant’s knowledge that the registration and use of the requested domain name will not infringe on the rights that are the subject of the notice. If the warranty satisfies these requirements, the registrar will be required to effectuate the registration and notify the Registry Services Liaison(s).

After the effectuation of a registration that is identical to a mark listed in the Trademark Clearinghouse, the registrar will be required to then ensure that a clear notice to the trademark owner of the trademark consisting of the domain name that has been registered and will blind copy the Registry Services Liaison(s) confirming that it has done so. The trademark owner then has the option of filing a Complaint under the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) against the domain name, as the Applicant will require in its domain name registration agreements that the registry, registrar, and registrant all submit to the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension (URS) system. Applicant will require its registrar and registry service operators to abide by decisions rendered under the UDRP and URS in a timely and ongoing basis.

Uniform Rapid Suspension System (URS)

Applicant will specify in its Registry-Registrar and Registration Agreements used in connection with the TLD that all parties will timely abide by all decisions made by panels in accordance with the Uniform Rapid Suspension System (URS). On Applicant’s website, Applicant will designate a Rights Protection Contact (“Rights Contact”) that will receive all URS Complaints verified by the URS Provider and provide its contact information. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of rights protection complaints, and a telephone number and mailing address for the Rights Contact. Applicant will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made.

Within 24 hours of receipt of the Notice of Complaint from the URS Provider, the Rights Contact shall notify its registry operator to “lock” the domain, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will continue to resolve. The Rights Contact will notify the URS Provider immediately upon locking the domain name (”Notice of Lock”).

Immediately upon receipt of a Determination in the Complainant’s favor, Rights Contact will notify the registry operator to suspend the domain name, which shall remain suspended for the balance of the registration period and will not resolve to the original web site. The nameservers shall be redirected to an informational web page provided by the URS Provider about the URS. The Whois for the domain name shall continue to display all of the information of the original Registrant except for the redirection of the nameservers. In addition, the Whois shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration. Finally, Applicant will be sure to abide by any timely requests by Complainant to extend the registration period for one additional year at commercial rates.

Immediately upon receipt of a Determination in registrant’s favor, Rights Contact will notify the registry operator to unlock the domain name.

Uniform Domain Name Dispute Resolution Policy (UDRP)

Applicant will specify in its Registry-Registrar and Registration Agreements used in connection with the TLD that all parties will timely abide by all decisions made by panels in accordance with the Uniform Domain Name Dispute Resolution Policy (UDRP). Applicant’s Rights Contact will receive all UDRP Complaints and decisions, temporarily lock any domain names as required, and will notify its registrar to timely cancel or transfer all registrations determined to by a UDRP panel to be infringing.

Trademark Post-Delegation Dispute Resolution Procedure (Trademark PDDRP)

Applicant will participate in all post-delegation procedures, including the Trademark Post-Delegation Dispute Resolution Procedure (Trademark PDDRP), and will timely abide by any Determinations of any PDDRP Provider after exhaustion of all appeals and⁄or times to appeal or other determination challenges.

Registry Restrictions Dispute Resolution Procedure (RRDRP)

Because the application is not community-based, Applicant is not required to participate in the RRDRP and will not be bound by any Determinations of a RRDRP Provider.

Proven Registrars

Applicant intends that only Applicant will be permitted to register domain names in the TLD for use solely by Applicant and its Affiliates. Hence, Applicant is exempt from the Registry Operator Code of Conduct (“ROCC”) as detailed in Specification 9 of the Registry Agreement with ICANN. Thus, as Applicant is not required to grant access to the TLD to all registrars, and in order to reduce abusive registrations and other activities that affect the legal rights of others, Applicant plans to only contract with one ICANN-accredited registrar that has proven capable of providing adequate defenses against abusive registrations and superior response capabilities. The registrar, according to the Registry-Registrar agreement, will not be able to register any domain names, thus eliminating the possibility of front-running. The Registrar will also agree not to submit fake renewal notices. Any evidence of abusive behavior on the part of the Registrar will be promptly reported to ICANN Compliance.

Pre-Authorization and Authentication

Prior to the release of any domain names, Applicant will specify that only designated employees will be authorized to register domain names within the TLD under strict domain name registration guidelines. Also, Applicant’s registrar will verify the authenticity of the registrant. Additionally, prior to registration, Applicantʹs registrar will validate contact information before the prospective registrant is allowed to proceed.

A variety of automated and manual procedures may be utilized for verification by the registrar as specified below:

• Applicant’s registrar’s automated authentication process will authenticate the prospective registrant to verify authenticity;
• Applicant’s registrar’s will authenticate that the registrant’s email is from Applicant based on a list of pre-approved email extensions from authorized related companies;
• If authenticated, the registrant will be allowed to submit and complete registrations;
• If the registrant cannot be verified by the registrar, the registrar will contact the registry to determine eligibility; and
• Registrant must represent and warrant that neither the registration of the desired domain name, nor the manner in which the registration will be used, infringes the legal rights of third parties.

In addition, Applicant’s Registry Services Liaison(s) will approximately twice per year perform a manual review of a random sampling of domain names within the applied-for TLD to test the accuracy and authenticity of the WHOIS information. Through this review, Applicantʹs Registry Services Liaison(s) will examine the WHOIS data for evidence of inaccurate or incomplete WHOIS information. In the event that such errors or missing information exists, it shall be forwarded to the registrar, who shall be required to address such deficiencies with their registrants. Within a reasonable time period, the Registry Services Liaison(s) will examine the current WHOIS data for names that were alleged to be inaccurate or incomplete to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the registrar has failed to take any action, or it is clear that the registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.

Thick Whois

Applicant will include a thick WHOIS database as required in Specification 4 of the Registry agreement. A thick WHOIS provides numerous advantages including a centralized location of registrant information, the ability to more easily manage and control the accuracy of data, and a consistent user experience.

Takedown Procedure

Applicant will provide a Rights Protection Takedown Procedure (“Takedown Procedure”) modeled after the Digital Millennium Copyright Act’s notice-and-takedown procedure.

At all times, Applicant will publish on its home website contact information for receiving rights protection complaints (Complaints) from rightsholders. At all times, Applicant will publish on its website the Takedown Procedure and the contact information for the Rights Contact.

Inquiries addressed to the Rights Contact will be forwarded to Applicant’s Registry Services Liaison(s) who will remedy or deny any Complaint regarding an alleged violation of the rights of the Complainant. During the review of any Complaint, Registry Services Liaison(s) will first give the Complaint a “quick look” to see if the Complaint reasonably alleges the infringement of any legal right. If not, the Rights Contact will write a timely correspondence to Complainant stating that the subject of the complaint clearly does not violate its rights.

If the quick look does not resolve the matter, the Registry Services Liaison(s) will timely give the Complaint a full review. If a rights infringement is determined, the Rights Contact will alert the registry services provider to immediately suspend the resolution of the domain name. The Registry Services Liaison(s) will then immediately notify the registrant of the suspension of the domain name, the nature of the complaint, and provide the registrant with the option to respond or take down the infringing content within a timely fashion or the domain name will be canceled.

If the registrant responds within a timely period, its response will be further reviewed by the Registry Services Liaison(s). If the Registry Services Liaison(s) is satisfied by the registrant’s response that no rights have been infringed, the Registry Services Liaison(s) will submit a timely request to the registry services provider to revokd suspension of the domain name. The Rights Contact will then timely notify the Complainant that its complaint was ultimately denied and provide the reasons for the denial. If the registrant does not respond within a timely fashion, the Rights Contact will notify the registry services provider to cancel the abusive domain name.

This Takedown Procedure will not prejudice either party’s election to pursue another dispute mechanism, such as URS or UDRP.

With the assistance of its back-end registry services provider, Applicant will meet its obligations under Section 2.8 of the Registry Agreement to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. Applicant will accordingly timely respond to legitimate law enforcement inquiries. Any such response shall include, at a minimum, an acknowledgement of receipt of the request, questions, or comments concerning the request, and an outline of the next steps to be taken by Applicant for a timely resolution of the request.

In the event such request involves any infringing activity which can be validated by Applicant’s Registry Services Liaison(s), the Rights Contact will timely notify the registry services provider to either suspend the domain name until the infringing activity is cured or cancel the domain name. If the Registry Services Liaison(s) determines that it is not an infringing activity, the Rights Contact will timely provide the relevant law enforcement, governmental and⁄or quasi-governmental agency a compelling argument to keep the name in the zone.
gTLDFull Legal NameE-mail suffixDetail
.ONYOURSIDENationwide Mutual Insurance Companynationwide.comView
Use of domain names that infringe upon the legal rights of others in the TLD will not be tolerated and preventing abusive registrations is a core objective of Nationwide Mutual Insurance Co. (“Applicant”). The nature of such uses creates security and stability issues for the registry, registrars, and registrants, as well as for users of the Internet in general. Primarily, Applicant will prevent abusive registrations by allowing only Applicant to register and Applicant and⁄or its Affiliates (as defined in Applicant’s Registration Policy) to use domain names in the registry under strict internal registration, anti-abuse and rights protection guidelines as defined in its Abuse Policy. In order to identify and address the abusive use of registered names on an ongoing basis, Applicant promises to additionally incorporate and abide by the following Rights Protection Mechanisms and all other rights protection mechanisms as specified in Specification 7 of the Registry Agreement and as adopted by the ICANN Board of Directors as ICANN Consensus Policies.

Anti-Abuse Policy

Applicant will implement in its internal policies and its Registrar and Registration agreements that all registered domain names in the TLD will be subject to a Domain Name Anti-Abuse Policy (“Abuse Policy”).

The Abuse Policy will provide Applicant with broad power to suspend, cancel, or transfer domain names that violate the Abuse Policy. Applicant will publish the Abuse Policy on its home website and clearly provide Applicant’s Abuse Point of Contact (“Abuse Contact”) and its contact information. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of abuse complaints, and a telephone number and mailing address for the Abuse Contact. Applicant will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made. In addition, with respect to inquiries from ICANN-Accredited registrars, Applicant’s registry services provider, Verisign, shall have an additional point of contact to handle requests by registrars related to abusive domain name practices.

Inquiries addressed to the Abuse Contact will be forwarded to Applicant’s Intellectual Property Legal Team, which consists of two (2) lawyers and two (2) paralegals, who will review with possible consultation with outside counsel (together, Applicant’s “Legal Team”) and if applicable remedy any Complaint regarding an alleged violation of the Abuse Policy as described in more detail below.

The Abuse Policy will state, at a minimum, that Applicant reserves the right to deny, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Applicant, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or any agreement Applicant has with any party; (5) to correct mistakes made by the Applicant, registry services provider, or any registrar in connection with a domain name registration; (6) during resolution of any dispute regarding the domain; and (7) if a registrant’s pre-authorization or payment fails.

The Abuse Policy will define the abusive use of domain names to include, but not be limited to, the following activities:

• Illegal or fraudulent actions: use of the Applicant’s or Registrarʹs services to violate the laws or regulations of any country, state, or other applicable jurisdiction, or in a manner that adversely affects the legal rights of any other person;
• Spam: use of electronic messaging systems from email addresses from domains in the TLD to send unsolicited bulk messages in violation of applicable laws. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums;
• Phishing: use of counterfeit Web pages within the TLD that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;
• Pharming: redirecting of unknowing users to fraudulent Web sites or services, typically through DNS hijacking or poisoning;
• Willful distribution of malware: dissemination of software designed to infiltrate or damage a third-party computer system without the ownerʹs consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses.
• Fast flux hosting: use of fast-flux techniques to disguise the location of Web sites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of PIR;
• Botnet command and control: services run on a domain name that are used to control a collection of compromised computers or ʺzombies,ʺ or to direct denial-of-service attacks (DDoS attacks);
• Illegal Access to Other Computers or Networks: illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individualʹs system (often known as ʺhackingʺ). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity);
• Non-intended Use: use of the domain name other than that which was stated during the registration, without a change of intended use accepted by Applicant;
• Cybersquatting: registration of a domain name confusingly similar to a third party’s name or trademark without any legitimate interest in the name and in bad faith;
• Domain Kiting⁄Tasting: registration of domain names to test their commercial viability before returning them during a Grace Period.

Trademark Clearinghouse

The first mandatory rights protection mechanism (“RPM”) required to be implemented by each new gTLD Registry is support for, and interaction with, the Trademark Clearinghouse. The Trademark Clearinghouse is intended to serve as a central repository for information to be authenticated, stored, and disseminated pertaining to the rights of trademark holders. The data maintained in the clearinghouse will support and facilitate other RPMs, including the mandatory Sunrise Period and Trademark Claims service. Although many of the details of how the Trademark Clearinghouse will interact with each registry operator and registrars are still being developed by ICANN, Applicant is actively monitoring the developments of the Implementation Assistance Group (“IAG”) designed to assist ICANN staff in refining and finalizing the rules and procedures associated with the policies and technical requirements for the Trademark Clearinghouse. In addition, Applicant’s back-end registry services provider is actively participating in the IAG to ensure that the protections afforded by the Clearinghouse and associated RPMs are feasible and implementable.

Utilizing the Trademark Clearinghouse, all operators of new gTLDs must offer: (i) a Sunrise registration service for at least thirty (30) days during the pre-launch phase giving eligible trademark owners an early opportunity to register second-level domains in new gTLDs; and (ii) a Trademark Claims service for at least the first sixty (60) days that second-level registrations are open. The Trademark Claims service is intended to provide clear notice to a potential registrant of the rights of a trademark owner whose trademark is registered in the clearinghouse.

Sunrise Period

All domain names registered during the Sunrise Period will be subject to Applicant’s domain name registration policy, namely, that all registrants be Applicant. Applicant will offer a Sunrise Period of sixty (60) days for owners of trademarks listed in the Trademark Clearinghouse that also meet applicant’s domain name registration requirements to register domain names that consist of an identical match of their listed trademarks. Applicant’s Intellectual Property Legal Team, which consists of two (2) lawyers and two (2) paralegals, will receive and authenticate with possible consultation with outside counsel (together, Applicant’s “Legal Team”) all Sunrise Registrations.

Applicant’s registrar will ensure that all Sunrise Registrants meet sunrise eligibility requirements (SERs), which will be verified by Clearinghouse data. The proposed SERs include: (i) ownership of a mark that is (a) nationally or regionally registered and for which proof of use, such as a declaration and a single specimen of current use – was submitted to, and validated by, the Trademark Clearinghouse; or (b) that have been court-validated; or (c) that are specifically protected by a statute or treaty currently in effect and that was in effect on or before 26 June 2008, (ii) optional registry elected requirements re: international class of goods or services covered by registration; (iii) representation that all provided information is true and correct; and (iv) provision of data sufficient to document rights in the trademark.

Upon submission of all of the required information and documentation, registrar will forward the information to Applicant’s Legal Team for authentication. Legal Team will review the information and documentation and verify the trademark information and registration eligibility, and notify the potential registrant of any deficiencies. If a registrant does not cure any deficiencies and⁄or respond by the means listed within a timely matter, Applicant’s Registry Services Liaison will notify its registrar and the domain name will be released for registration.

Applicant will incorporate a Sunrise Dispute Resolution Policy (SDRP). The SRDP will allow challenges to Sunrise Registrations by third parties for a ten-day period after acceptance of the registration based on the following four grounds: (i) at time the challenged domain name was registered, the registrant did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-validated or protected by statute or treaty; (ii) the domain name is not identical to the mark on which the registrant based its Sunrise registration; (iii) the trademark registration on which the registrant based its Sunrise registration is not of national or regional effect or the trademark had not been court-validated or protected by statute or treaty; or (iv) the trademark registration on which the domain name registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announced the applications received.

After receiving a Sunrise Complaint, Legal Team will review the Complaint to see if the Complaint reasonably asserts a legitimate challenge as defined by the SDRP. If not, Legal Team will timely send an email to the Complainant that the subject of the complaint clearly does not fall within one of the delineated grounds as defined by the SDRP and that Applicant considers the matter closed.

If the domain name is not found to have adequately met the SERs, Legal Team will alert the registrar and registry services provider to immediately suspend the resolution of the domain name. Thereafter, Legal Team will immediately notify the Sunrise Registrant of the suspension of the domain name, the nature of the complaint, and provide the registrant with the option to timely cure the SER deficiencies or the domain name will be canceled.

If the registrant timely responds, its response will be reviewed by Legal Team to determine if the SERs are met. If Legal Team is satisfied by the registrant’s response, Legal Team will timely submit a request to the registrar and the registry services provider to unsuspend the domain name. If registrant does not timely respond, Legal Team will then timely notify the Complainant that its complaint was ultimately denied and provide the reasons for the denial.

Trademark Claims Service

Applicant will offer a Trademark Claims Service during the first one hundred and twenty (120) days of general registration. The Trademark Claims Service will be monitored by Legal Team. Applicant’s registrar will be required to review all domain names requested to be registered during the Trademark Claims period to determine if they are an identical match of a trademark that has been filed with the Trademark Clearinghouse and they meet Applicant’s domain name registration requirements. A domain name will be considered an identical match when the domain name consists of the complete and identical textual elements of the mark, and includes domain names where (a) spaces contained within a mark that are either replaced by hyphens (and vice versa) or omitted; (b) certain special characters contained within a trademark are spelled out with appropriate words describing it (e.g., @ and &); and (c) punctuation or special characters contained within a mark that are unable to be used in a second-level domain name are either (i) omitted or (ii) replaced by spaces, hyphens or underscores. Domain names that are plural forms of a mark or that merely contain a mark will not qualify as an identical match.

If the registrar determines that a prospective domain name registration is identical to a mark registered in the Trademark Clearinghouse, the registrar will be required to ensure that a “Trademark Claims Notice” (“Notice”) in English is sent to the protective registrant of the domain name and blind copy Legal Team on all such correspondence. The Notice will provide the prospective registrant information regarding the trademark referenced in the Trademark Claims Notice to enhance understanding of the Trademark rights being claimed by the trademark holder. The Notice will be provided in real time without cost to the prospective registrant.

After sending the Notice, the registrar will be required to require that the prospective registrant specifically warrant within five (5) days that: (i) the prospective registrant has received notification that the mark(s) is included in the Clearinghouse; (ii) the prospective registrant has received and understood the notice; and (iii) to the best of the prospective registrant’s knowledge that the registration and use of the requested domain name will not infringe on the rights that are the subject of the notice. If the warranty satisfies these requirements, the registrar will be required to effectuate the registration and notify Legal Team.

After the effectuation of a registration that is identical to a mark listed in the Trademark Clearinghouse, the registrar will be required to then ensure that a clear notice to the trademark owner of the trademark consisting of the domain name that has been registered and will blind copy Legal Team confirming that it has done so. The trademark owner then has the option of filing a Complaint under the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) against the domain name, as the Applicant will require in its domain name registration agreements that the registry, registrar, and registrant all submit to the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension (URS) system. Applicant will require its registrar and registry service operators to abide by decisions rendered under the UDRP and URS in a timely and ongoing basis.

Uniform Rapid Suspension System (URS)

Applicant will specify in its Registry-Registrar and Registration Agreements used in connection with the TLD that all parties will timely abide by all decisions made by panels in accordance with the Uniform Rapid Suspension System (URS). On Applicant’s NIC.TLD website, Applicant will designate a Rights Protection Contact (“Rights Contact”) that will receive all URS Complaints verified by the URS Provider and provide its contact information. This information shall consist of, at a minimum, a valid e-mail address dedicated solely to the handling of rights protection complaints, and a telephone number and mailing address for the Rights Contact. Applicant will ensure that this information will be kept accurate and up to date and will be provided to ICANN if and when changes are made.

Within 24 hours of receipt of the Notice of Complaint from the URS Provider, the Rights Contact shall notify its registry operator to “lock” the domain, meaning the registry shall restrict all changes to the registration data, including transfer and deletion of the domain names, but the name will continue to resolve. The Rights Contact will notify the URS Provider immediately upon locking the domain name (”Notice of Lock”).

Immediately upon receipt of a Determination in the Complainant’s favor, Rights Contact will notify the registry operator to suspend the domain name, which shall remain suspended for the balance of the registration period and will not resolve to the original web site. The nameservers shall be redirected to an informational web page provided by the URS Provider about the URS. The Whois for the domain name shall continue to display all of the information of the original Registrant except for the redirection of the nameservers. In addition, the Whois shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration. Finally, Applicant will be sure to abide by any timely requests by Complainant to extend the registration period for one additional year at commercial rates.

Immediately upon receipt of a Determination in registrant’s favor, Rights Contact will notify the registry operator to unlock the domain name.

Uniform Domain Name Dispute Resolution Policy (UDRP)

Applicant will specify in its Registry-Registrar and Registration Agreements used in connection with the TLD that all parties will timely abide by all decisions made by panels in accordance with the Uniform Domain Name Dispute Resolution Policy (UDRP). Applicant’s Rights Contact will receive all UDRP Complaints and decisions, temporarily lock any domain names as required, and will notify its registrar to timely cancel or transfer all registrations determined to by a UDRP panel to be infringing.

Trademark Post-Delegation Dispute Resolution Procedure (Trademark PDDRP)

Applicant will participate in all post-delegation procedures, including the Trademark Post-Delegation Dispute Resolution Procedure (Trademark PDDRP), and will timely abide by any Determinations of any PDDRP Provider after exhaustion of all appeals and⁄or times to appeal or other determination challenges.

Registry Restrictions Dispute Resolution Procedure (RRDRP)

Because the application is not community-based, Applicant is not required to participate in the RRDRP and will not be bound by any Determinations of a RRDRP Provider.

Proven Registrars

Applicant intends that only Applicant will be permitted to register domain names in the TLD for its own exclusive use. Hence, Applicant is exempt from the Registry Operator Code of Conduct (“ROCC”) as detailed in Specification 9 of the Registry Agreement with ICANN. Thus, as Applicant is not required to grant access to the TLD to all registrars, and in order to reduce abusive registrations and other activities that affect the legal rights of others, Applicant will only contract with one ICANN-accredited registrar that has proven capable of providing adequate defenses against abusive registrations and superior response capabilities. The registrar, according to the Registry-Registrar agreement, will not be able to register any domain names, thus eliminating the possibility of front-running. The Registrar will also agree not to submit fake renewal notices. Any evidence of abusive behavior on the part of the Registrar will be promptly reported to ICANN Compliance.

Pre-Authorization and Authentication

Prior to the release of any domain names, Applicant will designate that only designated employees will be authorized to register domain names within the TLD under strict domain name registration guidelines. Also, Applicant’s registrar will provide Applicant with authorization measures to provide when registering domain names, and Applicant’s authorized employees will provide registrar with authorized registrant contact information and any authorization codes to verify upon the attempted registration of any domain names. Upon registration, registrar will verify any authorization codes and contact information before the prospective registrant is allowed to proceed.

A variety of automated and manual procedures will be utilized for verification by the registrar as specified below:

• Applicant’s registrar’s automated authentication process will authenticate that the prospective registrant has provided an authorization code as created by registrar;
• Applicant’s registrar’s automated authentication process will authenticate that the registrant’s email is from Applicant based on a list of pre-approved email extensions from authorized related companies;
• If authenticated, the authentication process will send a unique HTML link to the registrant’s email of record;
• If the automatic verification process does not provide verification, the request will be referred to Applicant’s Registry Services Liaison, which will attempt to verify the registrant manually based on the pre-approved list of Applicant or Related Companies;
• After pre-approval, Registrant must represent and warrant - in both the registration agreement and again as part of the WHOIS verification process - that neither the registration of the desired domain name, nor the manner in which the registration will be used, infringes the legal rights of third parties;
• Registrant must sign and provide a statement declaring that they will use the domain name for the promotion of, providing public awareness of, and⁄or offering Applicant’s goods and services.

In addition, Applicant’s Legal Team will at least twice per year perform a manual review of a random sampling of domain names within the applied-for .ONYOURSIDE gTLD (the ʺTLDʺ) to test the accuracy and authenticity of the WHOIS information. Through this review, Legal Team will examine the WHOIS data for evidence of inaccurate or incomplete Whois information. In the event that such errors or missing information exists, it shall be forwarded to the registrar, who shall be required to address such deficiencies with their registrants. Within a reasonable time period, Legal Team will examine the current WHOIS data for names that were alleged to be inaccurate or incomplete to determine if the information was corrected, the domain name was deleted, or there was some other disposition. If the registrar has failed to take any action, or it is clear that the registrant was either unwilling or unable to correct the inaccuracies, Applicant reserves the right to suspend the applicable domain name(s) until such time as the Registrant is able to cure the deficiencies.

Thick Whois

Applicant will include a thick WHOIS database as required in Specification 4 of the Registry agreement. A thick WHOIS provides numerous advantages including a centralized location of registrant information, the ability to more easily manage and control the accuracy of data, and a consistent user experience.

Takedown Procedure

Applicant will provide a Rights Protection Takedown Procedure (“Takedown Procedure”) modeled after the Digital Millennium Copyright Act’s notice-and-takedown procedure.

At all times, Applicant will publish on its home website contact information for receiving rights protection complaints (Complaints) from rightsholders. At all times, Applicant will publish on its home website the Takedown Procedure and the contact information for the Rights Contact.

Inquiries addressed to the Rights Contact will be forwarded to Applicant’s Legal Team who will remedy or deny any Complaint regarding an alleged violation of the rights of the Complainant. During the review of any Complaint, Legal Team will first give the Complaint a “quick look” to see if the Complaint reasonably alleges the infringement of any legal right. If not, the Rights Contact will write a timely correspondence to Complainant stating that the subject of the complaint clearly does not violate its rights.

If the quick look does not resolve the matter, Legal Team will timely give the Complaint a full review. If a rights infringement is determined, the Rights Contact will alert the registry services provider to immediately suspend the resolution of the domain name. Legal Team will then immediately notify the registrant of the suspension of the domain name, the nature of the complaint, and provide the registrant with the option to respond or take down the infringing content within a timely fashion or the domain name will be canceled.

If the registrant responds within a timely period, its response will be reviewed by Legal Team for further review. If Legal Team is satisfied by the registrant’s response that no rights have been infringed, Legal Team will submit a timely request to the registry services provider to unsuspend the domain name. The Rights Contact will then timely notify the Complainant that its complaint was ultimately denied and provide the reasons for the denial. If the registrant does not respond within a timely fashion, the Rights Contact will notify the registry services provider to cancel the abusive domain name.

This Takedown Procedure will not prejudice either party’s election to pursue another dispute mechanism, such as URS or UDRP.

With the assistance of its back-end registry services provider, Applicant will meet its obligations under Section 2.8 of the Registry Agreement to take reasonable steps to investigate and respond to reports from law enforcement and governmental and quasi-governmental agencies of illegal conduct in connection with the use of its TLD. Applicant will accordingly timely respond to legitimate law enforcement inquiries. Any such response shall include, at a minimum, an acknowledgement of receipt of the request, questions, or comments concerning the request, and an outline of the next steps to be taken by Applicant for a timely resolution of the request.

In the event such request involves any infringing activity which can be validated by Applicant’s Legal Team, Rights Contact will timely notify the registry services provider to either suspend the domain name until the infringing activity is cured or cancel the domain name. If Legal Team determines that it is not an infringing activity, Rights Contact will timely provide the relevant law enforcement, governmental and⁄or quasi-governmental agency a compelling argument to keep the name in the zone.

Additional Measures Specific to Rights Protection. Applicant provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

• Rapid Takedown or Suspension Based on Court Orders: Applicant complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.
• Anti-Abuse Process: Applicant implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
• Authentication Procedures: Verisign, Applicant’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.
• Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As Applicant’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
• DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The TLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

RESOURCING PLANS

Applicant’s dedicated staffing as indicated above is sufficient to implement and administer the above-referenced policies, procedures, and mechanisms for a minimally-used closed registry.

Resource Planning Specific to Backend Registry Activities
Verisign, Applicant’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to Applicant fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:

• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the TLD as described in this application, Verisign, Applicant’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.