Latest news of the domain name industry

Recent Posts

Court rules generic dictionary domains CAN be trademarked

Kevin Murphy, February 11, 2019, Domain Policy

A US appeals court has ruled that generic, dictionary domain names can be trademarked.

The hotel-booking web site Booking.com was told last week that it is in fact eligible to have “Booking.com” registered as a trademark, over the objections of the US Patent and Trademark Office.

The ruling could have a chilling effect on domain name choices in the hotel-booking market.

USPTO had denied the company’s trademark application in 2012 because “Booking.com” was considered too generic.

Under US trademark law, you can’t register a trademark if it merely generically describes the product or service you offer rather than its source.

You couldn’t register “Beer” as a brand of beer, for example, though you might be able to register “Beer” as a brand of shoes.

Booking.com sued to have the USPTO ruling overturned in 2016, and in 2017 a district court judge ruled that “although ‘booking’ was a generic term for the services identified, BOOKING.COM as a whole was nevertheless a descriptive mark”.

USPTO appealed, saying that “Booking.com” is too generic to be trademarked, but last week it lost.

In a 2-1 majority decision, the appeals court ruled:

We hold that the district court, in weighing the evidence before it, did not err in finding that the USPTO failed to satisfy its burden of proving that the relevant public understood BOOKING.COM, taken as a whole, to refer to general online hotel reservation services rather than Booking.com the company… we reject the USPTO’s contention that adding the
top-level domain (a “TLD”) .com to a generic second-level domain (an “SLD”) like booking can never yield a non-generic mark.

Key evidence was a survey Booking.com had submitted that indicated that almost three quarters of consumers understood “Booking.com” to be a brand name, rather than a generic term to describe hotel-booking web sites.

Here are some other extracts of the appeals court majority’s thinking, as they relate to domain names:

Merely appending .com to an SLD does not render the resulting domain name non-generic because the inquiry is whether the public primarily understands the term as a whole to refer to the source or the proffered service.

We… conclude that when “.com” is combined with an SLD, even a generic SLD, the resulting composite may be non-generic where evidence demonstrates that the mark’s primary significance to the public as a whole is the source, not the product

because trademarks only protect the relevant service — here, the district court granted protection as to hotel reservation services but not travel agency services — protection over BOOKING.COM would not necessarily preclude another company from using, for example, carbooking.com or flightbooking.com

In sum, adding “.com” to an SLD can result in a non-generic, descriptive mark upon a showing of primary significance to the relevant public. This is one such case.

The ruling does not appear to protect all uses of a generic dictionary word combined with a TLD, but rather only “rare circumstances” where there’s evidence of a secondary, non-generic meaning.

One judge on the case, James Wynn, was not convinced by the majority’s thinking. He warned that the ruling goes against years of legal precedent and could enable Booking.com to subject competitors to expensive litigation.

In his dissenting opinion, he wrote:

BOOKING.COM is a run-of-the-mill combination of a generic term with a Top Level Domain that creates a composite mark concerning the subject or business encompassed by the generic term—precisely the type of mark that the courts in Hotels.com, Reed Elsevier Properties, 1800Mattress.com, and Advertise.com found did not amount to the “rare circumstance” that warranted affording the domain name trademark protection.

Presumptively allowing protection of domain names composed of a generic Secondary Level Domain and Top Level Domain conflicts with the law’s longstanding refusal to permit registration of generic terms as trademark

Wynn added that he was “not convinced” that Booking.com’s competitors that use the word “booking” in their domains will be protected by the “fair use” defense, and that the existence of such a defense will not prevent Booking.com from suing them out of business regardless.

Put simply, putative competitors may — and likely will — choose not to operate under domain names that include the word “booking” — even if that term best describes the service they offer — because they do not want to incur the expense and risk of defending an infringement action.

The full ruling can be read here (pdf).

Uniregistry working on bulk trademark blocking service

Kevin Murphy, November 21, 2018, Domain Registries

Uniregistry is planning to launch a bulk trademark block service, along the same lines as Donuts’ Domain Protected Marks List.

But it’s going to be roughly 50% more expensive than DPML, on a per-TLD basis.

The company has applied to ICANN to run what it calls “Uni EP” across its whole portfolio of 26 gTLDs.

Uni EP would be “largely identical” to DPML, according to Uniregistry’s Registry Service Evaluation Requests.

This means that anyone who has their trademark registered in the Trademark Clearinghouse will be able to block the matching string in all of Uniregistry’s TLDs.

Nobody else would be able to register that mark unless they also had a TMCH-validated trademark for the same string.

The pricing would be lower than if the brand owner individually defensively registered in each of the 26 TLDs.

With Donuts, which manages a portfolio almost 10 times as large, DPML tends to be priced around the $6,000 mark retail for a five-year block. That works to about $5 per TLD per year.

Uniregistry CEO Frank Schilling said Uni EP could be priced as low as $200 per year. That would work out to about $7.70 per TLD.

The relatively higher pricing might make sense when you consider the larger variation in regular pricing for Uniregistry TLDs, compared to Donuts.

It has several that retail for around $100 a year, and three — .cars, .car and .auto — that sell for close to $3,000 a year.

Still, the Uni EP price is obviously going to be a lot cheaper than regular defensive registrations.

Companies that have already purchased defensively would get to add their domains to the block service after the current registration expires, the RSEP states.

Like DPML, Uni EP would also have a “Plus” version, in which confusingly similar strings in eight scripts would also be blocked.

Uniregistry says it consulted with three brand protection registrars — CSC, MarkMonitor and Safenames — about the service and that their reactions were “favorable”.

Uniregistry’s current portfolio comprises .country, .audio, .car, .blackFriday, .auto, .cars, .christmas, .click, .diet, .flowers, .game, .gift, .guitars, .help, .hiphop, .hiv, .hosting, .juegos, .link, .lol, .mom, .photo, .pics, .property, .sexy, and .tattoo.

This is how AppDetex works

Kevin Murphy, October 25, 2018, Domain Services

A small brand-protection registrar with a big friend caused quite a stir at ICANN 63 here in Barcelona this week, after accusing registrars for the second time of shirking their duties to disclose private Whois data to trademark owners.

AppDetex, which has close ties to Facebook, has sent something like 9,000 Whois requests to registrars over the last several months, then complained to ICANN last week that it only got a 3% response rate.

Registrars cried foul, saying that the company’s requests are too vague to action and sometimes seem farcical, suggesting an indiscriminate, automated system almost designed to be overly burdensome to them.

In chats with DI this week, AppDetex CEO Faisal Shah, general counsel Ben Milam and consultant Susan Kawaguchi claimed that the system is nowhere near as spammy as registrars think, then showed me a demo of their Whois Requester product that certainly seemed to support that claim.

First off, Whois Requester appears to be only partially automated.

Tucows had noted in a letter to ICANN that it had received requests related to domains including lincolnstainedglass.com and grifflnstafford.com, which contain strings that look a bit like the “Insta” trademark but are clearly not cybersquatting.

“That no human reviewed these domains was obvious, as the above examples are not isolated,” Tucows CEO Elliot Noss wrote.

“It is abundantly clear to us that the requests we received were generated by an automated system,” Blacknight CEO Michele Neylon, who said he had received similarly odd requests, wrote in his own letter.

But, according to AppDetex, these assumptions are not correct.

Only part of its service is automated, they said. Humans — either customers or AppDetex in-house “brand analysts” — were involved in sending out all the Whois requests generated via its system.

AppDetex itself does not generate the lists of domains of concern for its clients, they said. That’s done separately, using unrelated tools, by the clients themselves.

It’s possible these could be generated from zone files, watch services, abuse reports or something else. The usage of the domain, not just its similarity to the trademark in question, would also play a role.

Facebook, for example, could generate its own list of domains that contain strings matching, partially matching, or homographically similar to its trademarks, then manually input those domains into the AppDetex tool.

The product features the ability to upload lists of domains in bulk in a CSV file, but Kawaguchi told me this feature has never been used.

Once a domain has been input to main Whois Requester web form, a port 43 Whois lookup is automatically carried out in the background and the form is populated with data such as registrar name, Whois server, IANA number and abuse email address.

At this point, human intervention appears to be required to visually confirm whether the Whois result has been redacted or not. This might require also going to the registrar’s web-based Whois, as some registrars return different results over port 43 compared to their web sites.

If a redacted record is returned, users can then select the trademark at issue from a drop-down (Whois Requestor stores its’ customers trademark information) and select a “purpose” from a different drop-down.

The “purposes” could include things like “trademark investigation” or “phishing investigation”. Each generates a different piece of pre-written text to be used in the template Whois request.

Users can then choose to generate, manually approve, and send off the Whois request to the relevant registrar abuse address. The request may have a “form of authorization” attached — a legal statement that AppDetex is authorized to ask for the data on behalf of its client.

Replies from registrars are sent to an AppDetex email address and fed into a workflow tool that looks a bit like an email inbox.

As the demo I saw was on the live Whois Requester site with a dummy account, I did not get a view into what happens after the initial request has been sent.

Registrars have complained that AppDetex does not reply to their responses to these initial requests, which is a key reason they believe them frivolous.

Shah and Milam told me that over the last several months, if a registrar reply has included a request for additional information, the Whois Requester system has been updated with a new template for that registrar, and the request resent.

This, they said, may account for duplicate requests registrars have been experiencing, though two registrars I put this to dispute whether it fits with what they’ve been seeing.

The fact that human review is required before requests are sent out “just makes it worse”, they also said.

Amazon offered $5 million of free Kindles for .amazon gTLD

Kevin Murphy, October 23, 2018, Domain Policy

Amazon offered South American governments $5 million worth of free Kindles, content and cloud services in exchange for their endorsement of its .amazon gTLD application, it has emerged.

The proposal, made in February, also included an offer of four years of free hosting up to a value of $1 million.

The sweeteners came during negotiations with the eight governments of the Amazon Cooperation Treaty Organization, which object to .amazon because they think it would infringe on their geographical and cultural rights.

Amazon has sought to reassure these governments that it will reserve culturally sensitive strings of their choice in .amazon, and that it will actively support any future applications for gTLDs such as .amazonas, which is the more meaningful geographic string in local languages.

I’ve reported on these offers before, but to my knowledge the offer of free Kindles and AWS credits has not been made public before. (UPDATE: Nope.)

According to a September letter from ACTO, published (pdf) this week, Amazon told it:

as an indication of goodwill and support for the people and governments of the Amazonian Region… [Amazon will] make available to the OTCA governments credits for the use of AWS services, Kindles preloaded with mutually agreed upon content, and similar Amazon.com services and products in an amount not to exceed $5,000,000.

Amazon also offered to set up a .amazon web site “to support the Amazonian people’s cultural heritage” and pay up to $1 million to host it for four years.

These kinds of financial sweeteners would not be without precedent.

The applicant for .bar wound up offering to donate $100,000 to fund a school in Montenegro, after the government noted the string match with the Bar region of the country.

The ACTO countries met in August to consider Amazon’s offer, but chose not to accept it.

However, they’re not closing off talks altogether. Instead, they’ve taken up ICANN on its offer to act as a facilitator of talks between Amazon and ACTO members.

The ICANN board of directors passed a resolution last month instructing CEO Goran Marby to “support the development of a solution” that would involve “sharing the use of those top-level domains with the ACTO member states”.

ACTO secretary general Jacqueline Mendoza has responded positively to this resolution (pdf) and invited Marby to ACTO headquarters in Brasilia to carry on these talks.

ICANN 63, Day 0 — registrars bollock DI as Whois debate kicks off

Kevin Murphy, October 21, 2018, Domain Policy

Blameless, cherubic domain industry news blogger Kevin Murphy received a bollocking from registrars over recent coverage of Whois reform yesterday, as he attended the first day of ICANN 63, here in Barcelona.

Meanwhile, the community working group tasked with designing this reform put in a 10-hour shift of face-to-face talks, attempting to craft the language that will, they hope, bring ICANN’s Whois policy into line with European privacy law.

Talks within this Expedited Policy Development Process working group have not progressed a massive amount since I last reported on the state of affairs.

They’re still talking about “purposes”. Basically, trying to write succinct statements that summarize why entities in the domain name ecosystem collect personally identifiable information from registrants.

Knowing why you’re collecting data, and explaining why to your customers, is one of the things you have to do under the General Data Protection Regulation.

Yesterday, the EPDP spent pretty much the entire day arguing over what the “purposes” of ICANN — as opposed to registries, registrars, or anyone else — are.

The group spent the first half of the day trying to agree on language explaining ICANN’s role in coordinating DNS security, and how setting policies concerning third-party access to private Whois data might play a role in that.

The main sticking point was the extent to which these third parties get a mention in the language.

Too little, and the Intellectual Property Constituency complains that their “legitimate interests” are being overlooked; too much, and the Non-Commercial Stakeholders Group cries that ICANN is overstepping its mission by turning itself into a vehicle for trademark enforcement.

The second half of the day was spent dealing with language explaining why collecting personal data helps to establish ownership of domains, which is apparently more complicated than it sounds.

Part of this debate was over whether registrants have “rights” — such as the right to use a domain name they paid for.

GoDaddy policy VP James Bladel spent a while arguing against this legally charged word, again favoring “benefits”, but appeared to eventually back down.

It was also debated whether relatively straightforward stuff such as activating a domain in the DNS by publishing name servers can be classed as the disclosure of personal data.

The group made progress reaching consensus on both sets of purposes, but damn if it wasn’t slow, painful progress.

The EPDP group will present its current state of play at a “High Interest Topic” session on Monday afternoon, but don’t expect to see its Initial Report this week as originally planned. That’s been delayed until next month.

While the EPDP slogs away, there’s a fair bit of back-channel lobbying of ICANN board and management going on.

All the players with a significant vested interest in the outcome are writing letters, conducting surveys, and so on, in order to persuade ICANN that it either does or does not need to create a “unified access model” that would allow some parties to carry on accessing private Whois data more or less the same way as they always have.

One such effort is the one I blogged about on Thursday, shortly before heading off to Barcelona, AppDetex’s claims that registrars have ignored or not sufficiently responded to some 9,000 automated requests for Whois data that its clients (notably Facebook) has spammed them with recently.

Registrars online and in-person gave me a bollocking over the post, which they said was one-sided and not in keeping with DI’s world-renowned record of fairness, impartiality and all-round awesomeness (I’m paraphrasing).

But, yeah, they may have a point.

It turns out the registrars still have serious beef with AppDetex’s bulk Whois requests, even with recent changes that attempt to scale back the volume of data demanded and provide more clarity about the nature of the request.

They suspect that AppDetex is simply trawling through zone files for strings that partially match a handful of Facebook’s trademarks, then spamming out thousands of data requests that fail to specify which trademarks are being infringed and how they are being infringed.

They further claim that AppDetex and its clients do not respond to registrars’ replies, suggesting that perhaps the aim of the game here is to gather data not about the owner of domains but about registrars’ alleged non-compliance with policy, thereby propping up the urgent case for a unified access mechanism.

AppDetex, in its defence, has been telling registrars on their private mailing list that it wants to carry on working with them to refine its notices.

The IP crowd and registrars are not the only ones fighting in the corridors, though.

The NCSG also last week shot off a strongly worded missive to ICANN, alleging that the organization has thrown in with the IP lobby, making a unified Whois access service look like a fait accompli, regardless of the outcome of the EPDP. ICANN has denied this.

Meanwhile, cybersecurity interests have also shot ICANN the results of a survey, saying they believe internet security is suffering in the wake of ICANN’s response to GDPR.

I’m going to get to both of these sets of correspondence in later posts, so please don’t give me a corridor bollocking for giving them short shrift here.

UPDATE: Minutes after posting this article, I obtained a letter Tucows has sent to ICANN, ripping into AppDetex’s “outrageous” campaign.

Tucows complains that it is being asked, in effect, to act as quality control for AppDetex’s work-in-progress software, and says the volume of spurious requests being generated would be enough for it ban AppDetex as a “vexatious reporter”.

AppDetex’s system apparently thinks “grifflnstafford.com” infringes on Facebook’s “Insta” trademark.

UPDATE 2: Fellow registrar Blacknight has also written to ICANN today to denounce AppDetex’s strategy, saying the “automated” requests it has been sending out are “not sincere”.