Latest news of the domain name industry

Recent Posts

As Trump sworn in, CADNA returns to lobby for stronger cybersquatting laws

Kevin Murphy, January 23, 2017, Domain Policy

Remember the Coalition Against Domain Name Abuse? The lobby group that campaigned for stronger cybersquatting laws and against new gTLDs?

It’s back.

CADNA on Thursday used the imminent inauguration of new US president Donald Trump to announce that it’s back in the game, hoping a Republican-dominated government will be friendlier to its agenda.

It told its supporters on “the 2016 general elections outcomes for both the U.S. Congress and the White House present a unique and timely opportunity to push through legislation”.

It wants new federal laws modeled on 2010 Utah state legislation, the E-Commerce Integrity Act, which creates liability for non-registrant third-parties including domain name registrars.

The Utah law is closely modeled on the federal Anticybersquatting Consumer Protection Act of 1999, but has some crucial differences.

CADNA noted at the time the law was up for a vote that it:

expands the liability for cybersquatting activity to include the registrant’s authorized licensee, agent, affiliate, representative, domain name registrar, domain name registry, or other domain name registration authority that knowingly and actively assists a violation

That’s something ACPA does not allow for, and CADNA wants the federal law amended to include provisions such as this. It said:

The Coalition Against Domain Name Abuse (CADNA) is now mobilizing the global business community to promote and pass legislation that will greatly enhance the available protection mechanisms for online trademark protection and limit the appeal of cybersquatting.

The last time US cybersquatting laws came close to being amended was with the Anti-Phishing Consumer Protection Act of 2008, aka the Snowe Bill, which ultimately did not pass.

The Internet Commerce Association, which lobbies on behalf of domain investors, expressed concern with CADNA’s new efforts to revive its noughties lobbying tactics, telling members:

for now this is more of a CADNA recruiting effort than an active legislative natter. As you can see, CADNA announced a similar Federal effort in 2010, which went nowhere. Nonetheless, we should proceed on the assumption that CADNA will secure a sponsor and have such legislation introduced in the new Congress and that such legislation may well gain traction in the current political environment.

The ICA also expressed concern about the amount of statutory damages the Utah law permits compared to the ACPA.

While both Utah and ACPA allow damages of $1,000 to $100,000 per domain, the Utah law assumes the highest amount if a “pattern or practice” of cybersquatting can be demonstrated.

CADNA has been pretty quiet for the last few years.

Before the US elections last November, its most recent press release dated from October 2013.

The group is managed by the same people who run Fairwinds Partners, a new gTLD consultancy specializing in managing dot-brand gTLDs for some of the world’s biggest names.

Its gTLD clients include L’Oreal, Marriott and Walmart.

Fairwinds used its links to CADNA and its staunch opposition to the new gTLD program to pitch for these clients back in 2012.

“UDRP-proof” .feedback gTLD loses first UDRP

Kevin Murphy, September 26, 2016, Domain Registries

The first cybersquatting complaint against a .feedback domain name has resulted in a transfer, despite registry claims that the gTLD was “UDRP-proof”.

De Beers, the diamond merchant, won a UDRP case against the registrant of debeers.feedback earlier this month.

The registrant, who used a privacy service, registered the name back in January, when .feedback was in its unusual “Free Speech Partner Program” phase.

That took the place of an Early Access Program, but saw domains deeply discounted instead of premium-priced.

Buyers had to agree to point their domain to a registry-hosted social media platform and there was a $5,000 fee if they later decided to change name servers.

The registrant of debeers.feedback lost the UDRP largely because there wasn’t much actual feedback on the site until De Beers sent him a nastygram.

On March 24, the site only contained a single two-word post. Five more were added with apparently false earlier dates at a later time, the panelist found.

He wrote:

If the website were genuinely operating as a feedback forum, one would ordinarily expect the reviews to have appeared at or close to their respective dates. That they were not on the website on March 24 and did not appear until after the letter of demand was sent calls for explanation.

The panelist doesn’t mention it, but the reviews all seem to have been copied directly from Yelp!.

Basically, the registrant lost his domain for filling the site with bogosity rather than genuine free-speech griping.

It’s not a terribly surprising or worrying result, perhaps, but it does run counter to what Jay Westerdal, CEO of registry Top Level Spectrum, told us back in January.

“It is a great opportunity for domainers to register domains that will be UDRP proof,” he said at the time. “As free speech sites they are going to improve the world and let anyone read reviews on any subject.”

“I think they are UDRP proof,” he added back then, offering the services of his lawyers to registrants who found themselves served with UDRP complaints.

Today, Westerdal qualified his earlier remarks, telling DI: “I don’t think having a privacy service and also having a .feedback domain will hold up in the current UDRP system.”

Privacy services are discouraged by the registry, though explicitly permitted in its terms of service.

Westerdal said that because De Beers obtained the domain via UDRP, the company will not have to pay the $5,000 unlocking fee if it wants to point debeers.feedback’s name servers elsewhere.

UK cybersquatting cases flat, transfers down

The number of cybersquatting cases involving .uk domains was basically flat in 2015, while the number of domains that were transferred was down.

That’s according to Nominet’s wrap-up of last year’s complaints passing through its Dispute Resolution Service.

There were 728 DRS complaints in 2015, the registry said, compared to 726 in the year before.

The number of cases that resulted in the transfer of the domain to the complainant was down to 53%, from 55% in 2014.

That’s quite a bit lower than complainants’ success rates in UDRP. In 2015, more than 70% of UDRP cases resulted in a transfer.

Nominet reckons that the DRS saved £7.74 million ($notasmuchasitusedtobe) in legal fees last year, based on a “conservative” estimate of £15,000 per case, had the complaint gone to court instead.

More stats can be found here.

First registrar “breached” UDRP lock rule

Kevin Murphy, February 15, 2016, Domain Registrars

ICANN has charged a registrar with failing to abide by “cyberflight” rules for the first time.

Visesh Infotecnics did not lock down e-campaigner.com within two days of it being hit by a UDRP a couple of weeks ago, ICANN said in a compliance notice (pdf) on Thursday.

Visesh is based in India and does business as Signdomains.com. It has roughly 5,000 gTLD domains under management.

The transfer lock rule became ICANN consensus policy binding on all registrars last July, following four years of policy and implementation work.

It’s designed to prevent cybersquatters switching registrars when a UDRP lands in their inbox, a practice known as cyberflight.

The registrant of e-campaigner.com did not in fact change registrars, judging by Whois records.

The UDRP appears to have been filed in late January by a currently undisclosed entity. Signdomains put the domain on client-hold status February 8, according to Whois records.

This is the first time ICANN has publicly accused a registrar of failing to abide by the policy.

ICANN also says that the registrar does not display Whois data in the correct format on its web site, and that it owes some accreditation fees.

It has until March 3 to rectify these alleged breaches.

Instagram paid Chinese cyberquatter $100,000 for instagram.com, Facebook lawsuit reveals

Kevin Murphy, January 20, 2016, Domain Sales

Facebook has sued a Chinese cybersquatter for trying to renege on a five-year-old deal that saw it buy the domain instagram.com for $100,000.

The lawsuit, filed in California last week, claims that a family of known cybersquatters, based in Guangdong, is trying to have the purchase invalidated by a Chinese court.

The company, which acquired Instagram for $1 billion in 2012, wants the court to rule that the domain deal was legal, preventing the cybersquatters retaking control of the domain.

Photo-sharing app Instagram launched in October 2010 using the domain instagr.am.

At that time, instagram.com was owned by a US-based domain investor, but it was bought by Zhou Weiming about a month later.

Zhou, Facebook says, was the now-dead father of three of the people it is suing, and the husband of the fourth.

When Zhou purchased the domain, Instagram had become wildly popular, well on the way to hitting the million-user mark in December 2010.

Instagram had applied for the US trademark on its name in September 2010, less than a month before its launch.

The company made the decision to pay $100,000 for the domain in January 2011.

The Whois information for instagram.com changed from Zhou Weiming to Zhou Murong, apparently his daughter, around about the same time, though the registrant email address did not change.

The purchase was processed by Sedo, according to a copy of the deal filed as evidence (pdf).

Now, Murong’s mother and sisters are suing her and Instagram in China, claiming she did not have the authority to sell the domain, according to Facebook’s complaint.

Facebook claims the Chinese suit is a “sham” and that the whole Zhou family is acting in concert.

The company wants the California court to declare that the sale was valid, and that registrar MarkMonitor should not be forced to transfer the domain back to the Zhous.

Facebook in 2014 won a 22-domain UDRP case against Murong Zhou, related to typos of its Instagram trademark.

Read the full California complaint as a PDF here.

OpenTLD suspension stayed in unprecedented arbitration case

“Cybersquatting” registrar OpenTLD, part of the Freenom group, has had its accreditation un-suspended by ICANN while the two parties slug it out in arbitration.

Filed three weeks ago by OpenTLD, it’s the first complaint to head to arbitration about under the 2013 Registrar Accreditation Agreement.

ICANN suspended the registrar for 90 days in late June, claiming that it “engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party”.

But OpenTLD filed its arbitration claim day before the suspension was due to come in to effect, demanding a stay.

ICANN — voluntarily, it seems — put the suspension on hold pending the outcome of the case.

The suspension came about due to OpenTLD being found guilty of cybersquatting its competitors in two UDRP cases.

In both cases, the UDRP panel found that the company had cybersquatted the trademarks of rival registrars in an attempt to entice their resellers over to its platform.

But OpenTLD claims that ICANN rushed to suspend it without giving it a chance to put forward its side of the story and without informing it of the breach.

It further claims that the suspension is “disproportionate and unprecedented” and that the public interest would not be served for the suspension to be upheld.

This is not an Independent Review Process proceeding, so things are expected to move forward relatively quickly.

The arbitration panel expects to hear arguments by phone August 14 and rule one way or the other by August 24.

Read the OpenTLD complaint here.

Posh Spice takes down porn site

Kevin Murphy, June 24, 2015, Domain Policy

Former Spice Girl Victoria Beckham has used UDRP to take down a porn site bearing her name.

victoria-beckham.biz was owned by a Ukrainian, who had set up a site “at which adult and/or pornographic images and services are offered”, according to the UDRP panelist.

It was pretty much a slam-dunk case.

While not all celebrities own trademarks on their names, Beckham does. The squatter, who registered the name in December 2014, did not even attempt a response.

Based on archived screenshots and Whois records, it looks like victoria-beckham.biz has been around as a rather harmless fan site since about 2006.

It was only after the domain expired late last year and was re-registered did it become a porn site, attracting the attention of Beckham’s lawyers.

Could you survive a .sucks UDRP?

Kevin Murphy, March 17, 2015, Domain Policy

If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.

In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.

Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.

I really like this idea. Power to the people and all that.

But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”

Statistics generally favor mark owners

To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.

Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.

Another 19 cases were withdrawn or terminated; the remainder were split decisions.

So it seems, based on historical “sucks” cases, that the odds favor trademark owners.

But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.

What does WIPO say?

The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.

Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.

There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.

According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:

Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name

Some panels have disagreed with this prevailing view, however.

It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.

The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.

The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.

Panelists disagree on this point. WIPO says:

The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.

That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.

In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.

Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.

In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.

But other UDRP panelists have disagreed. WIPO says that some panelists have found:

Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.

The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.

Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.

WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:

While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.

So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.

How to beat a .sucks UDRP

Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.

Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.

1. Respond

To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.

If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.

That’s strike two.

2. Don’t allow your domain to be parked

If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.

Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.

This holds true even if the domain was automatically parked by your registrar.

Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.

Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.

Parking will usually lead to strikes two and three.

In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).

But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.

3. Develop a site as soon as possible

In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.

If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.

In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.

4. Don’t offer to sell the domain

It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.

Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.

5. Don’t make any money whatsoever

The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.

6. Be American

Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.

Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.

Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.

Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.

“Cyberflight” rules coming to UDRP next July

Kevin Murphy, November 18, 2014, Domain Policy

It will soon be much harder for cybersquatters to take flight to another registrar when they’re hit with a UDRP complaint.

From July 31 next year, all ICANN-accredited registrars will be contractually obliged to lock domain names that are subject to a UDRP and trademark owners will no longer have to tip off the registrant they’re targeting.

Many major registrars lock domain names under UDRP review already, but there’s no uniformity across the industry, either in terms of what a lock entails or when it is implemented. Under the amended UDRP policy, a “lock” is now defined as:

a set of measures that a registrar applies to a domain name, which prevents at a minimum any modification to the registrant and registrar information by the Respondent, but does not affect the resolution of the domain name or the renewal of the domain name.

Registrars will have two business days from the time they’re notified about the UDRP to put the lock in place.

Before the lock is active, the registrants themselves will not be aware they’ve been targeted by a complaint — registrars are banned from telling them and complainants no longer have to send them a copy of the complaint.

If the complaint is dismissed or withdrawn, registrars have one business day to remove the lock.

Because these change reduce the 20-day response window, registrants will be able to request an additional four calendar days (to account for weekends, I assume) to file their responses and the request will be automatically granted by the UDRP provider.

The new policy was brought in to stop “cyberflight”, a relatively rare tactic whereby cybersquatters transfer their domains to a new registrar to avoid losing their domains.

The policy was approved by the Generic Names Supporting Organization in August last year and approved by the ICANN board a month later. Since then, ICANN staff has been working on implementation.

The time from the first GNSO preliminary issue report (May 27, 2011) to full implementation of the policy (July 31, 2015) will be 1,526 days.

You can read a redlined version of the UDRP rules here (pdf).

How NetSol opts you in to cybersquatted .xyz names

Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.

Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include my-twitter.xyz, facebook-liker.xyz and googledia.xyz.

Domains including other brands, such as Rolex, Disney, iPhone, Amazon and Pepsi can also be found registered to third parties, via NetSol, in .xyz’s zone today.

They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.

I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.

As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.

The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.

The effect of this has been to propel .xyz into the leading spot in the new gTLD league table. It had 82,236 names in today’s zone file. a clear 15,000 names ahead of second-place .club.

But it’s not clear how much, if any, support NetSol has received from the registry, XYZ.com. CEO Daniel Negari told Rick Schwartz, in a coy interview last week:

The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.

The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.

Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.

That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.

But that doesn’t seem to be happening with the opt-out names,

Barry Shein, president of The World, had shein.xyz registered on his behalf by NetSol on Saturday. He already owns shein.com, also registered with NetSol.

NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:

Dear Valued Network Solutions Customer,

Congratulations, your complimentary SHEIN.XYZ domain has arrived!

Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.

If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

We appreciate your business and look forward to serving you again.

Sincerely,

Network Solutions Customer Support
www.networksolutions.com
http://www.networksolutions.com/help/index.jsp

Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.

I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.

Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.

This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.

But there are differences between .com and .xyz.

Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.

URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.

So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.

Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?

But it does raise some interesting questions.

Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.

Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over my-twitter.xyz? Who would it sue, if it decided to opt for the courts instead?