29 Rights Protection Mechanisms

Prototypical answer:

1. MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

The mission of the .ooo gTLD is to provide retailers their own, customized, online retail space. With the use of the .ooo gTLD, Infibeam will be able to offer personalized domain names, thus allowing strong brand association, and differentiation. By providing new outlets for brick-and-mortar retailers to sell their goods and services online, those retailers will gain new business and more readily remain in operation, but the real winners are Internet users. The adoption of the gTLD by global retailers will dramatically increase consumer choice across a limitless range of goods and services, in a safe and trusted environment. In order to create this safe and trusted environment, it is in Infibeam’s interest to prevent abusive registrations – beyond simply adhering to regulations.

Infibeam acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .ooo gTLD. Infibeam understands the importance of Trademark holders to manage and protect their brands. In order to demonstrate our commitment to ensure the .ooo gTLD will accommodate the Intellectual Property community, Infibeam has explored various additional mechanisms to help prevent abusive registrations.

Since the launch of the new gTLD program, some organizations have stepped forward offering proposals with enhanced security standards from various types of TLDs. Infibeam completed a thorough review to determine which standards may enhance the .ooo gTLD experience. While not all of the proposed standards are applicable to the .ooo gTLD, we will strive to implement several of them to ensure trademark owners will be able to take advantage of additional protection beyond the minimums outlined by ICANN.

Infibeam has also developed and will deploy a customized approach that seeks to minimize the potential for abusive registrations and incorporate a proactive mitigation process if such a situation were to arise. Measures will be deployed at the registry, registrar, and registrant levels to ensure a comprehensive approach to these critical objectives. Policies and processes designed to prevent and mitigate abusive registrations include:

•Sunrise Period
•Trademark Claims Service
•Extended Trademark Claims Service
•UDRP, URS, PDDRP
•Rapid Takedown or Suspension
•Anti-Abuse Process
•Malware Code Identification
•DNSSEC Signing Service
•Biannual WHOIS Verification
•Name Selection Policy
•Registrant Eligibility Criteria
•Acceptable Use Policy


1.2 Startup Rights Protection Mechanisms
Further to these policies, rights protection is one of Infibeam’s core objectives. Infibeam will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated from time to time by ICANN, including each mandatory RPM set forth in the Trademark Clearinghouse model contained in the Registry Agreement, specifically Specification 7. As mentioned above, Infibeam acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .ooo gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, Infibeam cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. Infibeam will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

As described in this response, Infibeam will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .ooo gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of Infibeam by Infibeam-approved registrars or by subcontractors of Infibeam, such as its selected backend registry services provider, Verisign.

Sunrise Period
As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names continues for at least 30 days prior to the launch of the general registration of domain names in the gTLD (unless Infibeam decides to offer a longer Sunrise period).
During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by Infibeam either directly or through Infibeam-approved registrars.

Infibeam requires all registrants, either directly or through Infibeam-approved registrars, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum Infibeam recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse as well as any additional eligibility requirements as specified in Question 18.
During the Sunrise period, Infibeam and⁄or Infibeam-approved registrars, as applicable, are responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).
While Infibeam is exploring engaging outside expertise to assist with the implementation of a sunrise service, we drafted our current business plan based on the staffing of two member of our legal team full time for the duration of the Sunrise period.

Trademark Claims Service
As provided by the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook, all new gTLDs will have to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).
During the Trademark Claims period, in accordance with ICANN’s requirements, Infibeam or the Infibeam-approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, Infibeam or the Infibeam-approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, Infibeam or the Infibeam-approved registrar will not process the domain name registration.
Following the registration of a domain name, the Infibeam-approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum Infibeam will recognize and honor all word marks validated by the Trademark Clearinghouse.

Extended Trademark Claims Service
To further enhance the rights protections for trademark holders, Infibeam will be offering an extended 30 day period of the Trademark Claims service for a total of 90 days. In exceptional cases, Infibeam may acknowledge legitimate trademark claims after this period, if obvious abuse of the brand name can be proved.

2. MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS
In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, Infibeam will implement and adhere to RPMs post-launch as mandated by ICANN, and confirms that registrars accredited for the .ooo gTLD will be in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of Infibeam by Infibeam-approved registrars or by subcontractors of Infibeam, such as its selected backend registry services provider, Verisign.

2.1 Ongoing Rights Protection Mechanisms
These post-launch RPMs include the established Uniform Domain-Name Dispute-Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, Infibeam will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders can object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .ooo gTLD:

Uniform Dispute Resolution Policy
The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, ownership of the domain name registration is transferred to the complainant. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. Infibeam and entities operating on its behalf adhere to all decisions rendered by UDRP providers.

Uniform Rapid Suspension
As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original website, but to an informational web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, Infibeam and entities operating on its behalf adhere to decisions rendered by the URS providers.

Post Delegation Dispute Resolution Procedure
As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. Infibeam participates in the PDDRP process as specified in the Applicant Guidebook.

2.2 Additional Measures Specific to Rights Protection
Infibeam provides additional measures against potentially abusive registrations. These measures help mitigate phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration. These measures include:

Rapid Takedown or Suspension Based on Court Orders
Infibeam complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a gTLD registry. These orders may be issued when abusive content, such as child pornography, counterfeit goods, or illegal pharmaceuticals, is associated with the domain name.

Anti-Abuse Process
Infibeam implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.

Authentication Procedures
Verisign, Infibeam’s selected backend registry services provider, uses two-factor authentication to augment security protocols for telephone, email, and chat communications.

Malware Code Identification
This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As Infibeam’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.

DNSSEC Signing Service
Domain Name System Security Extensions (DNSSEC) helps mitigate pharming attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .ooo gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.
Where applicable, these measures will be incorporated into the RRA which governs the legal relationship between Infibeam and its accredited registrars.

2.3 Whois Verification
As part of their RRA, all Infibeam registrars will be required to revalidate Whois data for each record they have registered in the gTLD. The registry will leave the ultimate determination of how to implement this procedure to each registrar but it must include one of the following approved methods.
1)Email with a verification link that must be acted upon within a set time frame.
2)If the email verification is not acted upon in the proscribed timeframe, an outbound telemarketing effort to the individual listed as the administrative contact for the domain must be initiated to manually confirm the information contained in the Whois record.

Each method will require the use of two factor authentication to ensure the respondent is the original registrant.

Verification process for each registered domain name must take place twice a year within the following schedule:

1)Mid registration Verification: No sooner than 150 days after initial registration or subsequent renewal and no later than 210 days after initial registration or subsequent renewal
2)Renewal Verification: No later than 7 days prior to expiration and no sooner than 45 days prior to expiration.

Infibeam, as operator of the registry, will perform audits of verified Whois information to ensure compliance and accuracy. In addition, the registry will allow interested parties to report cases of inaccurate Whois information via an inbound reporting mechanism on the .ooo gTLD webpage.

2.4 Adoption of Certain Elevated Security Standards
As referenced earlier in this question, Infibeam will work to implement the following elevated security standards in the .ooo gTLD:

Name Selection Policy
The .ooo gTLD will enforce a name selection policy that ensures that all names registered in the gTLD will be in compliance with ICANN mandated technical standards. These include restrictions on 2 character names, tagged names, reserved names for Registry Operations. All names must also be in compliance with all applicable RFCs governing the composition of domain names. In addition, registrations of Country, Geographical and Territory Names will only be allowed in compliance with the restrictions as outlined in the answer to Question 22.

Registrant Eligibility Criteria
The Registrant Eligibility Criteria evaluation process serves several purposes which will reduce the incidents of abusive registrations that impact the rights of others as well as impact the security of the gTLD. This will include ensuring that all registrant information is complete, true and accurate, thereby contributing to accurate Whois information for all domains in the gTLD.

Applicants who pass these eligibility tests will then be permitted to register their domain name. Applicants who do not pass the eligibility test will have the opportunity to appeal to the registry, but determination of eligibility rests solely with Infibeam. In the case of a dispute, an adjunct ombudsman will be used.

Acceptable Use Policy
Infibeam has developed a draft of the Registry Operator Acceptable Use Policy (AUP) which is further detailed in the response to Question 28. This AUP clearly defines what type of behavior is expressly prohibited in conjunction with the use of a .ooo domain name. Infibeam will require, through the Registry Registrar Agreement (RRA), that this AUP be included in the registration agreement used by all .ooo gTLD accredited registrars. This registration agreement must be agreed upon by a registrant prior to them being able to register a name in the .ooo gTLD.

3. RESOURCING PLANS
3.1 Resource Planning
Infibeam is a leader in e-commerce, a rapidly growing company based in Ahmedabad, India, serving one of the most populous nations on the globe. Since 2007, Infibeam.com has been a one-stop online outlet for apparel; beauty supplies; books; health goods; jewelry; technology; toys; and many other goods. In 2011 it empowered brick-and-mortar retailers by offering them access to Internet users via the BuildaBazaar.com platform. Retailers operating BuildaBazaar.com retailers include apparel stores, bookstores, electronics outlets, jewelry retailers, and other consumer and business needs. The company is well-loved by its customers, with more than 900,000 fans on Facebook. Infibeam was named a Top 5 Digital Brand in September 2010 in a survey conducted by the Economic Times.

The .ooo gTLD will be fully supported by a cross function team of Infibeam professionals. Numbers and types of employees will vary for each function but Infibeam projects it will use the following personnel to support the resource planning requirements:

•Marketing manager 1
•Marketing director 1
•Customer support 4
•Technical support 1
•Legal 1
•Legal (for Sunrise Period) 1
•Accounting 1

Please note that during the Sunrise period one more legal will be working on trademark claims to cope with the volume. This extra budget could also be used to engage outside expertise.

3.2 Resource Planning Specific to Backend Registry Activities
Verisign, Infibeam’s selected backend registry services provider, is an experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a gTLD. Verisign routinely adjusts these staffing models to account for new tools and process innovations. These models enable Verisign to continually right-size its staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it provides to Infibeam fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability 100 percent of the time for more than 13 years for .com, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s TLD service offerings.
Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:
•Customer Affairs Organization: 9
•Customer Support Personnel: 36
•Information Security Engineers: 11

To implement and manage the .ooo gTLD as described in this application, Verisign, Infibeam’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of TLDs. Consistent with its resource modeling, Verisign periodically reviews the level of work to be performed and adjusts staff levels for each technical area.
When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its TLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its TLD best practices are followed consistently. This consistent application of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest TLDs (i.e., .com and .net). Moreover, by augmenting existing teams, Verisign affords new employees the opportunity to be mentored by existing senior staff. This mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

Similar gTLD applications: (0)