Latest news of the domain name industry

Recent Posts

Cybersquatter jailed for seven years after prison break

Kevin Murphy, April 20, 2015, Domain Policy

Fraudster Neil Moore, who escaped from prison by cybersquatting, has reportedly been handed a seven-year sentence by a British court.

As we reported last month, Moore escaped from Wandsworth prison merely by sending an email ordering his release from an hmcts-gsi-gov.org.uk email address.

He’d registered the name, a typo of the genuine hmcts.gsi.gov.uk used by the UK court service, on a smuggled smartphone.

He was being held on remand for an unrelated fraud at the time.

Today’s sentencing follows Moore pleading guilty to eight counts of fraud (it doesn’t seem those were related to cybersquatting) and one count of wrongful escape from custody.

Australia considers dumping the .com.

Kevin Murphy, April 20, 2015, Domain Policy

Australian domain overseer auDA is thinking about allowing people to register .au domains directly at the second level for the first time.

The organization has opened up a consultation that would allow registrations such as example.au, rather than just the current system of example.com.au, example.org.au and so on.

The move follows the successful recent releases of 2LDs in the UK (.uk) and New Zealand (.nz) ccTLDs and can be seen as a bid to remain competitive in the face of the new gTLD program’s huge expansion of TLD choice.

A consultation paper (pdf) published today reads:

It is suggested that unprecedented competition from new gTLDs requires .au to be more responsive to global market forces. For .au to remain a strong and highly-regarded TLD we need not only to rely on its distinctive Australian identity and good reputation, but continue to innovate in order to counter the likely impact of hundreds of new gTLDs flooding the market. Whilst .au is currently very popular with Australian users, there is potential for new gTLDs to erode the brand equity in .au.

Currently, .au has over a dozen different second-level options, but about 85% of registrations are in .com.au. The TLD has just shy of three million names today.

Complicating matters slightly, the different 2LDs have different registration policies, so auDA would need to figure out a way to harmonize them for direct registrations.

auDA speculates that direct registrations may increase the adoption of .au domain names by individuals not currently able to obtain .com.au names but unaware of the individual-focused .id.au (it exists, apparently), thereby growing the .au name space.

It also worries that many second-level direct registrations may turn out to be defensives, registered by the registrants of the matching .com.au names.

The consultation is open for comments until June 1.

Does Chehade agree with Donuts on .doctor?

Kevin Murphy, March 24, 2015, Domain Policy

Should governments have the right to force business-limiting restrictions on new gTLD operators, even though they don’t have the same rules in their own ccTLDs?

ICANN CEO Fadi Chehade evidently believes the answer to that question is “No”, but it’s what ICANN is controversially imposing on Donuts and two other .doctor applicants anyway.

Donuts recently filed a Request for Reconsideration appeal with ICANN over its decision to make the .doctor gTLD restricted to medical professionals only.

It was an unprecedented “Public Interest Commitment” demanded by ICANN staff in order to keep the Governmental Advisory Committee happy.

The GAC has been asking for almost two years for so-called “Category 1″ gTLD strings — which could be seen to represent highly regulated sectors such as law or medicine — to see a commensurate amount of regulation from ICANN.

Governments wanted, for example, registrants to show professional credentials before being able to register a name.

In the vast majority of instances, ICANN creatively reinterpreted this advice to require registrants to merely assert that they possess such credentials.

These rules were put in registries’ contracts via PICs.

But for some reason in February the organization told Donuts that .doctor domains must be “ascribed exclusively to legitimate medical practitioners.”

According to Donuts, this came out of the blue, is completely unnecessary, an example of ICANN staff making up policy on the spot.

Donuts wants to be able to to sell .doctor names to doctors of any discipline, not just medical doctors. It also wants people to be able to use the names creatively, such as “computer.doctor” or “skateboard.doctor”.

What makes ICANN’s decision especially confusing is that CEO Fadi Chehade had the previous day passionately leaped to the defense of new gTLD registries in their fight against unnecessary GAC-imposed red tape.

The following video, in which Chehade uses .dentist as an example of a string that should not be subject to even more oversight, was taken February 11 at a Q&A with the Domain Name Assocation.

The New gTLD Program Committee meeting that authorized ICANN staff to add the new PIC took place February 12, the very next day. Chehade did not attend.

It’s quite remarkable how in line with registries Chehade seems to be.

It cuts to the heart of what many believe is wrong with the GAC — that governments demand of ICANN policies that they haven’t even bothered to implement in their own countries, just because it’s much easier to lean on ICANN than to pass regulations at home.

Here’s the entire text of his answer. He’s describing conversations he’d had with GAC members earlier in the week.

They’re saying stop all the Category 1 TLDs. Stop them. Freeze them!

And we said: Why do we need to freeze them? What’s the issue?

They said: It’s going to harm consumers.

How will it harm consumers? We started having a debate.

It turns out that they’re worried that if somebody got fadi.casino or fadi.dentist, to pick one of Statton’s [Statton Hammock, VP at Rightside, who was present], that this person is not a dentist and will pluck your ear instead of your teeth. How do you make sure they’re a dentist?

So I asked the European Commission: How do you make sure dentist.eu is a dentist?

They said: We don’t. They just get it.

I said: Okay, so why do these guys [new gTLD registries] have to do anything different?

And they said: The new gTLD program should be better or a model…

I said: Come on guys, do not apply rules that you’re not using today to these new folks simply because it’s easy, because you can come and raise flags here at ICANN. Let’s be fair. How do you do it at EU?

“Well, if somebody reports that fadi.dentist.eu is not a dentist, we remove them.”

Statton said: We do the same thing. It’s in our PICs. If fadi.dentist is not, and somebody reports them…

They said: But we can’t call compliance.

You can call compliance. Anyone can call compliance. Call us and we’ll follow up. With Statton, with the registrar.

What we have here is Chehade making a passionate case for the domain name industry’s right to sell medical-themed domain names without undue regulation — using many of the same arguments that Donuts is using in its Reconsideration appeal — then failing to show up for a board meeting the next day when that specific issue was addressed.

It’s impossible to know whether the NGPC would have reached a different decision had Chehade been at the February 12 meeting, because no formal vote was taken.

Rather, the committee merely passed along its “sense” that ICANN staff should carrying on what it was doing with regards implementing GAC advice on Category 1 strings.

While Chehade is but one voice on the NGPC, as CEO he is in charge of the ICANN staff, so one would imagine the decision to add the unprecedented new PIC to the .doctor contract falls into his area of responsibility.

That makes it all the more baffling that Donuts, and the other .doctor new gTLD applicants, are faced with this unique demand to restrict their registrant base to one subset of potential customers.

Could you survive a .sucks UDRP?

Kevin Murphy, March 17, 2015, Domain Policy

If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.

In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.

Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.

I really like this idea. Power to the people and all that.

But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”

Statistics generally favor mark owners

To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.

Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.

Another 19 cases were withdrawn or terminated; the remainder were split decisions.

So it seems, based on historical “sucks” cases, that the odds favor trademark owners.

But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.

What does WIPO say?

The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.

Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.

There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.

According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:

Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name

Some panels have disagreed with this prevailing view, however.

It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.

The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.

The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.

Panelists disagree on this point. WIPO says:

The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.

That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.

In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.

Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.

In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.

But other UDRP panelists have disagreed. WIPO says that some panelists have found:

Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.

The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.

Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.

WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:

While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.

So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.

How to beat a .sucks UDRP

Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.

Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.

1. Respond

To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.

If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.

That’s strike two.

2. Don’t allow your domain to be parked

If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.

Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.

This holds true even if the domain was automatically parked by your registrar.

Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.

Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.

Parking will usually lead to strikes two and three.

In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).

But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.

3. Develop a site as soon as possible

In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.

If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.

In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.

4. Don’t offer to sell the domain

It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.

Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.

5. Don’t make any money whatsoever

The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.

6. Be American

Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.

Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.

Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.

Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.

ICANN wins .hotels/.hoteis confusion appeal but has to pay up anyway

Kevin Murphy, March 5, 2015, Domain Policy

The proposed new gTLDs .hotels and .hoteis are too confusingly similar to coexist on the internet.

That’s the result of an Independent Review Process decision this week, which denied .hotels applicant Booking.com’s demand to have ICANN’s string confusion decision overturned.

But the IRP panel, while handing ICANN a decisive victory, characterized the string confusion and IRP processes as flawed and said ICANN should have to pay half of the panel’s $163,000 costs.

Booking.com filed the IRP a year ago, after the new gTLD program’s String Similarity Panel said in February 2013 that .hotels was too similar to rival Despegar Online’s proposed .hoteis.

.hoteis is the Portuguese translation of .hotels. Neither string was contested, so both would have been delegated to the DNS root had it not been for the confusion decision.

In my view, the String Similarity Panel’s decision was pretty sound.

With an upper-case i, .hoteIs is virtually indistinguishable from .hotels in browsers’ default sans-serif fonts, potentially increasing the ease of phishing attacks.

But Booking.com, eager to avoid a potentially costly auction, disagrees with me and, after spending a year exhausting its other avenues of appeal, filed an IRP in March 2013.

The IRP decision was handed down on Tuesday, denying Booking.com’s appeal.

The company had appealed based not on the merits of the SSP decision, but on whether the ICANN board of directors had acted outside of its bylaws in establishing an “arbitrary” and opaque SSP process.

That’s because the IRP process as established in the ICANN bylaws does not allow appellants to changed a decision on the merits. IRP panels are limited to:

comparing contested actions of the Board to the Articles of Incorporation and Bylaws, and with declaring whether the Board has acted consistently with the provisions of those Articles of Incorporation and Bylaws.

The IRP panel agreed that the SSP process could have been fairer and more transparent, by perhaps allowing applicants to submit evidence to the panel and appeal its decisions, saying:

There is no question but that that process lacks certain elements of transparency and certain practices that are widely associated with requirements of fairness.

But the IRP panel said Booking.com was unable to show that the ICANN board acted outside of its bylaws, highlighting the limits of the IRP as an appeals process:

In launching this IRP, Booking.com no doubt realized that it faced an uphill battle. The very limited nature of the IRP proceedings is such that any IRP applicant will face significant obstacles in establishing that the ICANN Board acted inconsistently with ICANN’s Articles of Incorporation or Bylaws. In fact, Booking.com acknowledges those obstacles, albeit inconsistently and at times indirectly.

Booking.com has failed to overcome the very obstacles it recognizes exist.

The IRP panel quoted members of ICANN’s New gTLD Program Committee extensively, highlighting comments which questioned the fairness of the SSP process.

In contrast to usual practice, where the losing party in an IRP bears the costs of the case, this panel said the $163,000 costs and $4,600 filing fee should be split equally between ICANN and Booking.com:

we can — and we do — acknowledge certain legitimate concerns regarding the string similarity review process raised by Booking.com, discussed above, which are evidently shared by a number of prominent and experienced ICANN NGPC members.

In view of the circumstances, each party shall bear one-half of the costs of the IRP provider

Booking.com and Despegar will now have to fight it out for their chosen strings at auction.

The full decision can be read in PDF format here. Other documents in the case can be found here.

The TL;DR version: ICANN wins because it has stacked the appeals deck in its favor and the IRP process is pretty much useless, so we’re going to make them pay up for being dicks.