gTDL Applications (Comparison)

Back

29 Rights Protection Mechanisms

gTLD	Full Legal Name	E-mail suffix	Detail
.SCA	SVENSKA CELLULOSA AKTIEBOLAGET SCA (publ)	valideus.com	View

1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Rights protection is a core objective of Svenska Cellulosa Aktiebolaget SCA (“SCA”). SCA will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. SCA acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .SCA gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, SCA cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. SCA will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, SCA will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .SCA gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA , such as its selected backend registry services provider, Verisign.

As this will be a private brand registry with domains registered solely to SCA, it is not anticipated that any third parties will be eligible for .SCA domains but, nonetheless, SCA will offer the full range of ICANN mandated RPM, as set out below.

Sunrise Period. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD (unless SCA decides to offer a longer Sunrise period).

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by SCA either directly or through SCA approved registrars.

SCA requires all registrants, through SCA -approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum SCA recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18, provided they meet the eligibility requirements and rules of registration.

During the Sunrise period, SCA’s approved registrar is responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).

All domains in .SCA will be registered to SCA for its own exclusive use and possibly that of its affiliates and SCA will appear as the owner in all WHOIS records. SCA may grant affiliates a non-exclusive, non-transferable, worldwide limited license to registrants to use the domain names for a period of no less than one (1) year and no more than ten (10) years, commencing on the date on which the registration request submitted by the approved registrar. SCA will reserve the right to reject a registration request, or delete, revoke, suspend, cancel or transfer the licence to use.SCA domain name at any time without notice at its sole discretion.

According to the registration policy of .SCA, the domain names will have to be used in an acceptable manner and .SCA will undertake checks to ensure that the intended use of each domain conforms to the registration policy. According to the registration policy:
• Domains must be used solely for purposes that enhance the strategic or commercial interests of SCA.
• Domain names must not be used in a way that knowingly infringes any third party intellectual property rights.
• A domain name registration must be an acceptable term that will not give rise to any moral or public order questions or in any way damage the strategic interests or reputation of SCA.
• Domains may not be delegated or assigned to external organisations, institutions, or individuals.
• If the registrant ceases to be a member of SCA or its affiliates to which their domain name is associated, then the registrant must cancel registration of that domain name within 14 days of ceasing to be a member.

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).
During the Trademark Claims period, in accordance with ICANN’s requirements, SCA or the SCA -approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, SCA or the SCA -approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, the SCA or the SCA -approved registrar will not process the domain name registration.
Following the registration of a domain name, the SCA -approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum SCA will recognize and honor all word marks validated by the Trademark Clearinghouse.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, SCA implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .SCA gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of SCA by SCA -approved registrars or by subcontractors of SCA, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, SCA will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .SCA gTLD:

• UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, the only remedy is cancellation as the only permitted registrant will be SCA or its affiliates. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. SCA, and entities operating on its behalf, adhere to all decisions rendered by UDRP providers.

In order to achieve this SCA will closely monitor UDRP complaints involving .SCA and ensure that its registrar appropriately implements the decisions.

• URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, SCA,and entities operating on its behalf, adhere to decisions rendered by the URS providers.

.SCA will deal with and handle URS complaints. Its designated team will receive official Notice of Complaint through an internal system and upon receiving a Notice of Complaint, the team will implement a lock within 24 hours and an automatic Notice of Lock will be generated and sent to the URS provider via email. The team will also enforce URS decisions, which may include unlocking the domain name or suspension of domain name and ensuring that the domain: i) remains suspended for the duration of registration period; ii) is non-resolving; iii) is redirected to an informational page provided by the URS provider; and iv) that the WHOIS maintains all original registrant details except for the redirection of name servers, and contains a message to the effect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.

• PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. SCA participates in the PDDRP process as specified in the Applicant Guidebook.

• .SCA will deal with and handle PDDRP complaints. Its designated team will file responses to complaints, negotiate and seek to settle the dispute without incurring in unnecessary costs for both parties, and enforce the decisions made by the PDDRP provider.

Additional Measures Specific to Rights Protection. .SCA will be a closed registry which will solely be owned and controlled by SCA for its own commercial and strategic interests. Therefore, it is highly unlikely that third parties will find the opportunity to engage in abusive activities such as phishing, pharming or other types of behaviour, which violate the rights of others. However, in the unlikely event that the .SCA domains are attacked by third parties, SCA provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

• Abuse Point of Contact: SCA will establish and publish a unique abuse point of contact. This contact will be a role e-mail address such as contact@abuseprevention.sca. This role address will allow the designated staff to regularly monitor abuse and⁄or malicious activities in .SCA. The registry’s designated staff will then evaluate complaints and produce abuse reports when necessary. Following the evaluation, they must decide whether the abuse report is a serious matter of concern and take a decision whether to dismiss the report or proceed to the next step. Since any decision regarding abuse reports implies serious consequences, abuse prevention staff and experts will accurately and responsibly deal with the abuse report. After the adequate evaluation procedure by the registry operator, SCA can determine whether or not to take any action against such alleged abusive or malicious activity. In particular circumstances, SCA can allow Verisign to suspend or cancel a domain name on its behalf. SCA will also take steps to investigate and respond to any reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD.

• Rapid Takedown or Suspension Based on Court Orders: SCA complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.
• Anti-Abuse Process: SCA implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
• Authentication Procedures: Verisign, SCA’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.
• Registry Lock: Verisign allows registrants to lock a domain name at the registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as SCA’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the registrar makes the request to unlock. SCA may implement Registry Lock.
• Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As SCA’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
• DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .SCA gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

3. RESOURCING PLANS

Resource Planning
o Implementation and administration of SCA’s program to provide RPMs will be executed by SCA’s outsourced registrar which has an extensive in-house experience in domain name management. The technical operation of the registry is also fully outsourced. Therefore, no integration is required between SCA’s own systems and those of the Registry Service Provider, Verisign. Nevertheless, minimal technical labour expense has been designated for the creation and maintenance of a registry website at which SCA’s policies, contact details, whois abuse point of contact and other technical support for domain management such as directing customers will be made available. Additionally, SCA currently has an experienced workforce of IT employees, who can be called upon at any time to manage and ensure the success of the registry website.

Resource Planning Specific to Backend Registry Activities
Verisign, SCA’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to SCA fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:
• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the .SCA gTLD as described in this application, Verisign, SCA’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

gTLD	Full Legal Name	E-mail suffix	Detail
.REALESTATE	dotRealEstate LLC	secondgen.com	View

1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Rights protection is a core objective of DotRealEstate LLC (“DRE”). DRE will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. DRE acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .REALESTATE gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, DRE cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. DRE will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, DRE will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .REALESTATE gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of DRE by DRE-approved registrars or by subcontractors of DRE, such as its selected backend registry services provider, Verisign. DRE will also use, as detailed in the answer to Question 18, eligibility requirements which will also provide rights protection and which will be performed by DRE and⁄or NAR, with enactment (for example, suspension or transfer) by DRE.

Sunrise Period. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD (unless DRE decides to offer a longer Sunrise period).

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by DRE either directly or through DRE-approved registrars.

DRE requires all registrants, either directly or through DRE-approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum DRE recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18.

During the Sunrise period, DRE and⁄or DRE-approved registrars, as applicable, are responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).

During the Trademark Claims period, in accordance with ICANN’s requirements, DRE or the DRE-approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, DRE or the DRE-approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, DRE or the DRE-approved registrar will not process the domain name registration.

Following the registration of a domain name, the DRE-approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum DRE will recognize and honor all word marks validated by the Trademark Clearinghouse.

Eligibility Restrictions. As set forth in the answer to Question 18, only NAR, REALTORS®, NAR members, NAR affiliates (including societies and counsels), NAR licensees and parties otherwise in a contractual relationship with NAR will be permitted registration in .REALESTATE. As set forth in the answer to Question 28, each of these entities may be identified by a unique identifier, such as is the case with all REALTORS®. This unique identifier is created and supplied by NAR, maintained in NAR databases, and updated accordingly (such as, for example, when a REALTOR®’s membership ceases, the identifier is updated accordingly).

During the domain application process, the applicant will input their unique identifier which will be checked against NAR’s database to ensure that the applicant is in good status. In this regard the registrant information of all applications are pre-authenticated by NAR, as NAR will only issue an identifier, and maintain that identifier’s status, if the individual⁄entity to which the identifier is assigned is in good standing with NAR (such as, for example, retains their position as a REALTOR®).

NAR regularly monitors its member database to ensure that accurate membership status is maintained. For example, a real estate professional may become a REALTOR® if the professional otherwise qualifies under NAR’s standards and maintains payment of dues. In the event the REALTOR® fails to maintain payment of their dues, the database reflects that the individual is no longer a REALTOR® in good standing.

In this regard the NAR database maintains an accurate database of registration information relating to REALTOR® and NAR members which is updated in real time with membership status and contact information supplied by REALTORS® and members. NAR will inform DRE in the event that a REALTOR® or a member ceases to be a REALTOR® or a member, and DRE will modify any implicated domains accordingly.

DRE will work with accredited registrars to ensure that required back-end functionality for pinging NAR’s database to check identifiers is readily available.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, DRE implements and adheres to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .REALESTATE gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of DRE by DRE-approved registrars or by subcontractors of DRE, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, DRE will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .REALESTATE gTLD:

* UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, ownership of the domain name registration is transferred to the complainant. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. DRE and entities operating on its behalf adhere to all decisions rendered by UDRP providers.

* URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, DRE and entities operating on its behalf adhere to decisions rendered by the URS providers.

* PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. DRE participates in the PDDRP process as specified in the Applicant Guidebook.

Additional Measures Specific to Rights Protection. DRE provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

* Rapid Takedown or Suspension Based on Court Orders: DRE complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a TLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.

* Anti-Abuse Process: DRE implements an anti-abuse process that is executed on domain name takedown requests. The scope of the anti-abuse process includes malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.

* Authentication Procedures: Verisign, DRE’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.

* Registry Lock: This Verisign service allows registrants to lock a domain name at the registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as DRE’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the registrar makes the request to unlock.

* Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As DRE’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.

* DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .REALESTATE gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.

3. RESOURCING PLANS

Resource Planning

Resourcing plans for the initial implementation of, and ongoing maintenance for, the rights protection mechanisms in Part 1 of the answer to this Question 29, except for those relating to eligibility requirements, are set forth in the answer to Question 49(a) – contingency planning (detailed further below). As ICANN has not issued final guidance with regard to the Trademark Clearinghouse, and particularly the costs associated with the Clearinghouse, subcontractors and backend providers, such as Verisign, have not been able to quote costs and resource allocations for implementation of the Clearinghouse and other RPMs which incorporate the Clearinghouse. DRE will determine which entity(ies) will provide which services, and allocate costs and resources accordingly, once ICANN has determined a Clearinghouse cost and DRE can determine subcontractor⁄Verisign pricing and availability. In any event, DRE has a firm commitment from Verisign that, at minimum, Verisign will work with DRE to provide all the necessary resources and services to implement and maintain the RPMs contemplated in this answer, and as set forth in Question 49(a), DRE has allocated sufficient committed resources to ensure sufficient resources to cover Verisign’s (or other subcontractor’s) costs.

With regard to the other RPMs identified herein, DRE’s management team is an experienced team which has managed an sTLD (.JOBS) for over six years and is well-acquainted with domain abuse prevention and mitigation.

DRE internal operations for all RPMs will scale as needed to accommodate the volume and nature of all matters not handled by Verisign or subcontractors, including shifting allocations of time from the management team, General Counsel, Customer Support personnel and Technical Labor personnel. In the event registration volume and related income allow, and RPM matter volume dictates, additional personnel may be added to accommodate the matters, up to and including addition of a dedicated RPM Manager with a staff commensurate to need.

Costs for DRE’s operations as detailed above are addressed in the response to Question 47. Specifically, $20,000 has been attributed to legal as part of general administrative expenses per year (see table 3 provided in response to Question 47). In addition, per the Financial Projections Template submitted in response to Question 46, $50,000 per year is budgeted under Other Operating Costs in case of unexpected contingencies, such as the use of outside legal counsel.

With regard to operation of RPMs relating to eligibility requirements, NAR is the largest trade association in North America. NAR has an experienced management team, compliance team and legal team for overseeing use of their REALTOR® mark. With regard to eligibility requirement complaints or other complaints which relate to rights protection which may violate any NAR policy, NAR will establish, implement and maintain internal procedures for addressing such claims. Such procedures may involve input from management, compliance and legal, and legal may consult with outside legal counsel. NAR has sufficient resources and personnel to provide the compliance services attributed to NAR herein.

NAR’s internal costs for abuse complaint procedures will be borne by NAR, and are thus not included in the response to Question 47.

Resource Planning Specific to Backend Registry Activities

Verisign, DRE’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to DRE fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:

* Customer Affairs Organization: 9
* Customer Support Personnel: 36
* Information Security Engineers: 11

To implement and manage the .REALESTATE gTLD as described in this application, Verisign, DRE’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.