29 Rights Protection Mechanisms

Prototypical answer:

1 MECHANISMS DESIGNED TO PREVENT ABUSIVE REGISTRATIONS

Web.com Group, Inc (“Web.com”) has been in the business of helping our nearly 3 million customers establish their online presence for over 15 years. Through our recent acquisition of Network Solutions, the oldest ICANN accredited registrar, with over 25 years of experience, we have a long history of understanding the importance of rights protection. This is a core objective not only from our own personal perspective as the holder of various trademarks including web.com®, but also on behalf of our customers who have their own trademarks.

Web.com will implement and adhere to any rights protection mechanisms (RPMs) that may be mandated by ICANN, including each mandatory RPM set forth in the Registry Agreement, specifically Specification 7. Web.com acknowledges that, at a minimum, ICANN requires a Sunrise period, a Trademark Claims period, and interaction with the Trademark Clearinghouse with respect to the registration of domain names for the .web gTLD. It should be noted that because ICANN, as of the time of this application submission, has not issued final guidance with respect to the Trademark Clearinghouse, Web.com cannot fully detail the specific implementation of the Trademark Clearinghouse within this application. Web.com will adhere to all processes and procedures to comply with ICANN guidance once this guidance is finalized.

We understand the importance of Trademark holders to manage and protect their brands. In order to demonstrate our commitment to ensure the .web gTLD will accommodate the Intellectual Property community, Web.com has analyzed various additional mechanisms to help prevent abusive registrations. We were particularly impressed with the set of 31 Proposed Security, Stability and Resiliency Requirements for Financial gTLDs that were developed by the Security Standards Working Group (SSWG) under the guidance of the financial services industry. Following their recommendation that all potential applicants look at these standards for their own gTLDs, Web.com completed a thorough review to determine which standards may enhance the .web gTLD experience. While not all of the proposed standards are applicable to the .web gTLD, we will strive to implement several of these standards to ensure trademark owners will be able to take advantage of the additional protection beyond the minimums set forth by ICANN.

Web.com has developed and will deploy a customized approach that seeks to minimize the potential for abusive registrations and incorporate a proactive mitigation process if a situation were to arise. Registrants, Registrars and the Registry will be contributing participants in this endeavor. Having all three participating entities of the .web gTLD ecosystem take part in these measures will ensure a comprehensive approach to these critical objectives.
Web.com has designed the following procedures to help protect the rights of trademark owners:

• Extended Sunrise Services
• Extended Trademark Claims Service
• Name Selection Policy
• Acceptable Use Policy
• Name Allocation Policy
• URS and UDRP
• PDDRP and RRDRP
• Rapid Takedown or Suspension
• Anti-Abuse Process
• Malware Code Identification
• DNSSEC Signing Service
• Biannual WHOIS Verification
• Participation in Anti-abuse Community Activities

As described in this response, Web.com will implement a Sunrise period and Trademark Claims service with respect to the registration of domain names within the .web gTLD. Certain aspects of the Sunrise period and⁄or Trademark Claims service may be administered on behalf of Web.com by Web.com approved registrars or by authorized subcontractors of Web.com, such as its selected backend registry services provider, Verisign.

Sunrise Periods. As it pertains to the launch of the .web gTLD, Web.com is currently planning on holding two different sunrise periods. Sunrise A will enable those participants that wish to register trademarks in the .web gTLD. A second sunrise period, Sunrise B, will be held for those who wish to reserve a domain name already registered in another gTLD. A more detailed explanation of each Sunrise Period follows.

Sunrise A

As set forth in the ICANN Applicant Guidebook, the Sunrise service pre-registration procedure for domain names must last for at least 30 days prior to the launch of the general registration of domain names in the gTLD.

To ensure that trademark owners have ample time to participate in the midst of the possible launch of several other gTLDs, Web.com is planning on extending the sunrise to 60 days, 30 days longer than the ICANN mandated minimum.

During the Sunrise period, holders of marks that have been previously validated by the Trademark Clearinghouse receive notice of domain names that are an identical match (as defined in the ICANN Applicant Guidebook) to their mark(s). Such notice is in accordance with ICANN’s requirements and is provided by Web.com either directly or through Web.com-approved registrars.

Web.com requires all registrants, either directly or through Web.com-approved registrars, who are in good-standing with ICANN, to i) affirm that said registrants meet the Sunrise Eligibility Requirements (SER) and ii) submit to the Sunrise Dispute Resolution Policy (SDRP) consistent with Section 6 of the Trademark Clearinghouse model. At a minimum Web.com recognizes and honors all word marks for which a proof of use was submitted and validated by the Trademark Clearinghouse.

During the Sunrise period, Web.com and⁄or Web.com-approved registrars, as applicable, are responsible for determining whether each domain name is eligible to be registered (including in accordance with the SERs).

Sunrise B

During a potential Sunrise B, registrants of domain names in other gTLDs may be able to file an application through a .web gTLD accredited registrar to register their existing domain name in the .web gTLD. Proof of registration of the domain name will be verified at the time of application. This sunrise period will last 30 days and at the end of the registration period, if there are no identical matches to any other applied for strings, the domain name will be registered to the appropriate applicant. If there are competing applications for the same domain name, qualified applicants will proceed to a closed auction to resolve the conflict.

Trademark Claims Service. As provided by the Trademark Clearinghouse model set forth in the January 11, 2012 version of the ICANN Applicant Guidebook, all new gTLDs will be required to provide a Trademark Claims service for a minimum of 60 days after the launch of the general registration of domain names in the gTLD (Trademark Claims period).

Similar to our voluntarily extending the sunrise period to accommodate the needs of trademark owners, Web.com is planning on extending the trademark claims services to 120 days, double the ICANN mandated minimum. As the processes for how the trademark clearinghouse, including technical and financial specifics of how the program will work, are not finalized as of the filing of this application, Web.com reserves the right to revisit the length of the Trademark Claims Service.

During the Trademark Claims period, in accordance with ICANN’s requirements, Web.com or the Web.com-approved registrar will send a Trademark Claims Notice to any prospective registrant of a domain name that is an identical match (as defined in the ICANN Applicant Guidebook) to any mark that is validated in the Trademark Clearinghouse. The Trademark Claims Notice will include links to the Trademark Claims as listed in the Trademark Clearinghouse and will be provided at no cost.

Prior to registration of said domain name, Web.com or the Web.com-approved registrar will require each prospective registrant to provide the warranties dictated in the Trademark Clearinghouse model set forth in the ICANN Applicant Guidebook. Those warranties will include receipt and understanding of the Trademark Claims Notice and confirmation that registration and use of said domain name will not infringe on the trademark rights of the mark holders listed. Without receipt of said warranties, Web.com or the Web.com-approved registrar will not have the ability to process the domain name registration.

Following the registration of a domain name, the Web.com-approved registrar will provide a notice of domain name registration to the holders of marks that have been previously validated by the Trademark Clearinghouse and are an identical match. This notice will be as dictated by ICANN. At a minimum Web.com will recognize, honor and adhere to all word marks validated by the Trademark Clearinghouse.

Adoption of Certain SSWG Elevated Security Standards

As referenced earlier in this question, Web.com will work to implement the following elevated security standards in the .web gTLD:

Name Selection Policy

The .web gTLD will enforce a name selection policy that ensures that all names registered in the gTLD will be in compliance with ICANN mandated technical standards. These include restrictions on 2 character names, tagged names, and reserved names for Registry Operations. All names must also be in compliance with all applicable RFCs governing the composition of domain names. In addition, registrations of Country, Geographical and Territory Names will only be allowed in compliance with the restrictions as outlined in the answer to Question 22.

Name Allocation Policy

As described above, Web.com plans on implementing an extended Sunrise A period for Trademark Holders and a Sunrise B Period for domain name holders. In addition, our current plans call for incorporating a Landrush Period during which applicants can secure preferred .web domains, followed by a General Availability. With the exception of the Sunrise B Period, all registrations will occur on a first come first served basis. Web.com reserves the right to adjust this allocation Policy as it works through implementation details.

Acceptable Use Policy

Web.com has developed a draft the Registry Operator Acceptable Use Policy (AUP) which is further described in our response to Question 28. This AUP clearly defines what type of behavior is expressly prohibited in conjunction with the use of a .web domain name. Web.com will require, through the Registry Registrar Agreement (RRA), that this AUP be included in the registration agreement used by all .web gTLD accredited registrars. This registration agreement must be agreed upon by a registrant prior to them being able to register a name in the .web gTLD.

2 MECHANISMS DESIGNED TO IDENTIFY AND ADDRESS THE ABUSIVE USE OF REGISTERED NAMES ON AN ONGOING BASIS

In addition to the Sunrise and Trademark Claims services described in Section 1 of this response, Web.com will implement and adhere to RPMs post-launch as mandated by ICANN, and confirm that registrars accredited for the .web gTLD are in compliance with these mechanisms. Certain aspects of these post-launch RPMs may be administered on behalf of Web.com by Web.com-approved registrars or by approved subcontractors of Web.com, such as its selected backend registry services provider, Verisign.

These post-launch RPMs include the established Uniform Domain Name Dispute Resolution Policy (UDRP), as well as the newer Uniform Rapid Suspension System (URS) and Trademark Post-Delegation Dispute Resolution Procedure (PDDRP). Where applicable, Web.com will implement all determinations and decisions issued under the corresponding RPM.

After a domain name is registered, trademark holders may object to the registration through the UDRP or URS. Objections to the operation of the gTLD can be made through the PDDRP.

The following descriptions provide implementation details of each post-launch RPM for the .web gTLD:

• UDRP: The UDRP provides a mechanism for complainants to object to domain name registrations. The complainant files its objection with a UDRP provider and the domain name registrant has an opportunity to respond. The UDRP provider makes a decision based on the papers filed. If the complainant is successful, ownership of the domain name registration is transferred to the complainant. If the complainant is not successful, ownership of the domain name remains with the domain name registrant. Web.com and entities operating on its behalf adhere to all decisions rendered by UDRP providers.

• URS: As provided in the Applicant Guidebook, all registries are required to implement the URS. Similar to the UDRP, a complainant files its objection with a URS provider. The URS provider conducts an administrative review for compliance with filing requirements. If the complaint passes review, the URS provider notifies the registry operator and locks the domain. A domain lock means that the registry restricts all changes to the registration data, but the name will continue to resolve. After the domain is locked, the complaint is served to the domain name registrant, who has an opportunity to respond accordingly. If the complainant is successful, the registry operator is informed and the domain name is suspended for the balance of the registration period; the domain name will not resolve to the original source, but to an informational approved web page provided by the URS provider. If the complainant is not successful, the URS is terminated and full control of the domain name registration is returned to the domain name registrant. Similar to the existing UDRP, Web.com and entities operating on its behalf adhere to decisions rendered by the URS providers.

• PDDRP: As provided in the Applicant Guidebook, all registries are required to implement the PDDRP. The PDDRP provides a mechanism for a complainant to object to the registry operator’s manner of operation or use of the gTLD. The complainant files its objection with a PDDRP provider, who performs a threshold review. The registry operator has the opportunity to respond and the provider issues its determination based on the papers filed, although there may be opportunity for further discovery and a hearing. Web.com participates in the PDDRP process as specified in the Applicant Guidebook.

Additional Measures Specific to Rights Protection. Web.com provides additional measures against abusive registrations. These measures will assist with mitigation of, but are not limited to, the following activities: phishing, pharming, and other Internet security threats. The measures exceed the minimum requirements for RPMs defined by Specification 7 of the Registry Agreement and are available at the time of registration.

These measures include:

• Rapid Takedown or Suspension Based on Court Orders: Web.com complies promptly with any order from a court of competent jurisdiction that directs it to take any action on a domain name that is within its technical capabilities as a gTLD registry. These orders may be issued when abusive content, such as but not limited to child pornography, counterfeit goods or illegal pharmaceuticals, is associated with the domain name.
• Anti-Abuse Process: Web.com implements an anti-abuse process that is executed based on the type of domain name takedown requested. The anti-abuse process is for malicious exploitation of the DNS infrastructure, such as phishing, botnets, and malware.
• Authentication Procedures: Verisign, Web.com’s selected backend registry services provider, uses two-factor authentication to enhance security protocols for telephone, email, and chat communications.
• Registry Lock: Verisign’s Registry Lock service allows registrants to lock a domain name at the authoritative registry level to protect against both unintended and malicious changes, deletions, and transfers. Only Verisign, as Web.com’s backend registry services provider, can release the lock; thus all other entities that normally are permitted to update Shared Registration System (SRS) records are prevented from doing so. This lock is released only after the authorized registrar makes the request to unlock.
• Malware Code Identification: This safeguard reduces opportunities for abusive behaviors that use registered domain names in the gTLD. Registrants are often unknowing victims of malware exploits. As Web.com’s backend registry services provider, Verisign has developed proprietary code to help identify malware in the zones it manages, which in turn helps registrars by identifying malicious code hidden in their domain names.
• DNSSEC Signing Service: Domain Name System Security Extensions (DNSSEC) helps mitigate pharming and phishing attacks that use cache poisoning to redirect unsuspecting users to fraudulent websites or addresses. It uses public key cryptography to digitally sign DNS data when it comes into the system and then validate it at its destination. The .web gTLD is DNSSEC-enabled as part of Verisign’s core backend registry services.
• Biannual Whois Verification As detailed in our response to Question 28, all .web gTLD accredited registrars will be required as part of their RRA with Web.com to perform a Whois confirmation process twice a year. By asking registrants to confirm this information every 6 months, the .web gTLD should have a higher level of accurate Whois information for registered names in the event there is a case of trademark infringement by a non authorized registrant. Having accurate Whois information is critical to solving these issues in a timely manner.
• Participation in Anti-abuse Community Activities. Since our founding in 1997, Web.com has been an active participant and leader in multiple organizations, symposia, forums and other efforts that focus on the prevention of domain name abuse, including trademark infringement. Specifically, we are an active member of the Certificate Authentication Board, ICANN, the Internet standards development community, and we participate in SSAC. We find this participation extremely helpful in staying abreast of the latest changes and challenges in this field. Participation in these efforts also allows us to not only share our best practices with the rest of the anti-abuse community, but to learn from what others have been doing and incorporate it into how we operate our business. As mentioned earlier in this question, Web.com will be incorporating some of the SSWG enhanced security standards which is proof that community led efforts can produce significant results.

3. RESOURCING PLANS

Resource Planning

Web.com is a leading provider of Internet services for small to medium-sized businesses (SMBs). Web.com is the parent company of two global domain name registrars and further meets the Internet needs of consumers and businesses throughout their lifecycle with affordable value added services that including domain name registration, website design, search engine optimization, search engine marketing, social media and mobile products, local sales leads, eCommerce solutions and call center services. Headquartered in Jacksonville, FL, USA, Web.com is NASDAQ traded company serving nearly three million customers with more than 1,700 global employees in fourteen locations in North America, South America and the United Kingdom.

Our business is helping people establish, maintain, promote, and optimize their web presence. Web.com intentionally chose Verisign as our registry services provider because of their unsurpassed track record in operating some of the worldʹs most complex and critical top level domains. Verisignʹs support for the .web gTLD will help ensure its success

The .web gTLD will be fully supported by a cross function team of Web.com professionals. Numbers and types of employees will vary for each function but Web.com projects it will use the following personnel to support the resource planning requirements;

• Quality Assurance Engineer: 0.5 FTE
• System Administrator: 1 FTE
• Database Administrator: 0.5 FTE
• Technical Project Manager: 0.5 FTE
• Marketing Director: 1 FTE
• Sales Manager: 1 FTE
• Legal Counsel: 1 FTE
• Finance⁄Accounting: 1 FTE
• Customer Service: 2 FTEs

Resource Planning Specific to Backend Registry Activities

Verisign, Web.com’s selected backend registry services provider, is the most experienced backend registry provider that has developed a set of proprietary resourcing models to project the number and type of personnel resources necessary to operate a TLD. Verisign routinely modifies these staffing models to account for new tools, standards and policy implementations and process innovations. These models enable Verisign to continually allocate the appropriate staff to accommodate projected demand and meet service level agreements as well as Internet security and stability requirements. Using the projected usage volume for the most likely scenario (defined in Question 46, Template 1 – Financial Projections: Most Likely) as an input to its staffing models, Verisign derived the necessary personnel levels required for this gTLD’s initial implementation and ongoing maintenance. Verisign’s pricing for the backend registry services it will extend to Web.com fully accounts for cost related to this infrastructure, which is provided as Line IIb.G, Total Critical Registry Function Cash Outflows, within the Question 46 financial projections response.

Verisign employs more than 1,040 individuals of which more than 775 comprise its technical work force. (Current statistics are publicly available in Verisign’s quarterly filings.) Drawing from this pool of on-hand and fully committed technical resources, Verisign has maintained DNS operational accuracy and stability at 100 percent of the time for more than 13 years for .com, which exceeds the current several level agreements, proving Verisign’s ability to align personnel resource growth to the scale increases of Verisign’s gTLD service offerings.

Verisign projects it will use the following personnel roles, which are described in Section 5 of the response to Question 31, Technical Overview of Proposed Registry, to support the implementation of RPMs:

• Customer Affairs Organization: 9
• Customer Support Personnel: 36
• Information Security Engineers: 11

To implement and manage the .web gTLD as described in this application, Verisign, Web.com’s selected backend registry services provider, scales, as needed, the size of each technical area now supporting its portfolio of gTLDs. Consistent with its resource modeling, Verisign frequently reviews the level of work to be performed and adjusts staff levels for each technical area.

When usage projections indicate a need for additional staff, Verisign’s internal staffing group uses an in-place staffing process to identify qualified and skilled candidates. These candidates are then interviewed by the lead of the relevant technical area. By scaling one common team across all its gTLDs instead of creating a new entity to manage only this proposed gTLD, Verisign realizes significant economies of scale and ensures its gTLD best practices are followed consistently. This consistent demonstration of best practices helps ensure the security and stability of both the Internet and this proposed gTLD, as Verisign holds all contributing staff members accountable to the same procedures that guide its execution of the Internet’s largest gTLDs (i.e., .com). Moreover, by augmenting existing teams, Verisign ensures new employees are provided the opportunity to be trained and mentored by existing senior staff. This coaching and mentoring minimizes start-up learning curves and helps ensure that new staff members properly execute their duties.

Similar gTLD applications: (0)