Latest news of the domain name industry

Recent Posts

Panel doesn’t consider TLD in the first-ever new gTLD UDRP case

Kevin Murphy, March 17, 2014, Domain Policy

The first new gTLD domain name has been lost to a UDRP complaint.

The famous German bike maker Canyon Bicycles won canyon.bike from a registrant who said he’d bought the name — and others — in order to protect the company from cybersquatters.

The panelist in the case, WIPO’s Andrew Lothian, declined to consider the fact that the TLD was related to Canyon’s business in making his decision. Finding confusing similarity, he wrote:

The Panel finds that, given the advent of multiple new gTLD domain names, panels may determine that it is appropriate to include consideration of the top-level suffix of a domain name for the purpose of the assessment of identity or similarity in a given case, and indeed that there is nothing in the wording of the Policy that would preclude such an approach. However, the Panel considers that it is not necessary to do so in the present case.

Canyon had argued that the fact that it’s a .bike domain reinforced the similarity between the domain and the mark, but it’s longstanding WIPO policy that the TLD is irrelevant when determining confusing similarity.

The domain was registered under Whois privacy but, when it was lifted, Canyon looked the registrant up on social media and discovered he was very familiar with the world of bikes.

The registrant told WIPO that he’s registered Canyon’s mark “with the best of intentions”.

Apparently, he’s registered more than one famous brand in a new gTLD in the belief that the existence of the program was not wildly known, in order to transfer the domains to the mark holders.

He claimed “that many companies have been content with his actions” according to the decision.

But the fact that he’d asked for money from Canyon was — of course — enough for Lothan to find bad faith.

He also chose to use the fact that the registrant had made no attempt to remove the default Go Daddy parking page — which the registrar monetizes with PPC — as further evidence of bad faith.

The domain is to be transferred.

ICANN to crack down on UDRP “cyberflight”

Kevin Murphy, August 2, 2013, Domain Registrars

ICANN has moved closer to cracking down on cybersquatters who try to flip their domains when they discover they’ve been hit with a UDRP complaint.

Under recommendations approved by the GNSO Council yesterday, registrars would be bound by a much stricter set of UDRP-related domain locking rules in future.

So-called “cyberflight” — where squatters transfer their domains to a new registrar or registrants — appears to be a relatively infrequent problem, but when it does happen it causes big headaches for UDRP providers and trademark owners.

A survey of UDRP providers carried out as part of the GNSO’s policy development process discovered that the vast majority of registrars already lock domains hit by UDRP.

The problem is, they said, that locking practices are not uniform. Some registrars take well over a week to lock domains, and what the “lock” entails differs by registrar.

The recommendations of the GNSO’s Final Report on the Locking of a Domain Name Subject to UDRP Proceedings Policy Development Process, adopted by the Council yesterday, seek to standardize the process.

After being told about a complaint against one of its domains, the registrar in future would have a maximum of two business days to put a lock — preventing any changes in registrant or registrar — in place.

The lock would remain until the UDRP was resolved, but there would be various safeguards in place to enable complainants and respondents to settle their differences outside of the UDRP.

The lock would not prevent registrars or proxy/privacy services revealing the true identity of the registrant — that wouldn’t count as a change of registrant.

To prevent registrants abusing the two-day window to sell their domains or switch registrars, they would not be told about the existence of the UDRP until the domain had been locked.

The UDRP rules currently require the complainant to send a copy of their complaint to the domain owner at the same time it is filed with the UDRP provider.

But the GNSO has now recommended getting rid of this rule, stating: “as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight.”

The registrant would be informed later by the UDRP provider instead.

Registrars would be prohibited from tipping off the registrant until the lock was in place.

The July 2013 recommendations (pdf) came out of a working group that was formed in April 2012, in response to policy ideas floated in 2011.

The GNSO’s resolution calls for ICANN staff to work with members of the working group on an implementation plan, which would eventually be put to the ICANN board for approval.

Once through the board, the new policy would become binding on all ICANN-accredited registrars.

ICANN backtracks on URS contracts

Kevin Murphy, July 22, 2013, Domain Policy

ICANN seems to have changed its mind about requiring Uniform Rapid Suspension providers to sign enforceable contracts, angering the Internet Commerce Association.

As we reported in May, the ICA claimed a victory when ICANN said in a written answer to its persistent inquiries that URS providers would be bound by contract.

An ICANN Q&A, referring to a question the ICA’s Phil Corwin asked at the ICANN meeting in Beijing, said:

[Q] As regards Uniform Rapid Suspension (URS) providers, will there be a contract developed that goes beyond the non-enforceable memorandum of understanding? Will there be other URS providers?

[A] Yes, a contract is being developed and additional URS providers will be added.

It’s difficult to interpret that as anything other than “Yes, a contract is being developed.” The fact that the question draws the distinction between a contract and an MoU seems to remove any ambiguity.

But at the ICANN 47 meeting in Durban last week, ICANN appeared to backtrack on this position.

During a URS demo session, gTLD registry services director Krista Papac said that URS providers will only have to agree to an MoU.

“This breach of a written commitment is unacceptable,” Corwin later said at the Public Forum on Thursday.

In response, ICANN deputy general counsel Amy Stathos said:

An MoU is a contract. I recognize that you don’t necessarily recognize that as the full contract that you were contemplating or that had been contemplated. But that is a contract. And it calls and requires the URS providers to comply with all the rules and procedures that are in the Guidebook.

On Friday, ICANN then published a (hastily written?) document that sought to spell out its position on contracts for URS and UDRP providers. It says:

ICANN has carefully considered whether the introduction of contracts is feasible or useful in the scope of UDRP proceedings, and has determined that contracts would be a cumbersome tool to assert to reach the same outcome that exists today.

It goes on to address some of the concerns that the ICA and others have put forward in the past. The organization, which represents big-volume domainers, is worried that some UDRP providers find more often in favor of complainants in order to secure their business. Enforceable contracts, it says, would help prevent that.

ICANN said in its new position statement (pdf) that it has never seen behavior from UDRP providers that would require it to take action, but added:

Of course, there is always the future possibility that an issue of non-compliance will arise that will require corrective action. In recognition of that potential, ICANN commits that substantiated reports of UDRP provider non‐compliance with the UDRP or the Rules will be investigated.

Contracts, it said, would not stop forum shopping.

ICANN won’t say how Demand Media passed its new gTLD background check

After badgering ICANN for a few weeks, I’ve finally got a firm “no comment” on the question of how new gTLD applicant Demand Media managed to pass its background checks.

The question of whether it’s possible for serial cybersquatters to bypass ICANN screening and be awarded new gTLDs just by setting up shell companies is still open, it seems.

As DI and other blogs have been reporting for the past few years, there was a question mark over Demand Media’s eligibility for the new gTLD program due to its history of cybersquatting.

Under ICANN rules, any company that lost three or more UDRP decisions with at least one loss in the last three years would not pass its background screening. The Applicant Guidebook states:

In the absence of exceptional circumstances, applications from any entity with or including any individual with convictions or decisions of the types listed in (a) – (m) below will be automatically disqualified from the program.

m. has been involved in a pattern of adverse, final decisions indicating that the applicant or individual named in the application was engaged in cybersquatting as defined in the Uniform Domain Name Dispute Resolution Policy (UDRP), the Anti-Cybersquatting Consumer Protection Act (ACPA), or other equivalent legislation, or was engaged in reverse domain name hijacking under the UDRP or bad faith or reckless disregard under the ACPA or other equivalent legislation. Three or more such decisions with one occurring in the last four years will generally be considered to constitute a pattern.

Demand Media subsidiary Demand Domains has lost over 30 UDRP cases, most recently in 2011, but its United TLD Holdco subsidiary has sailed through its Initial Evaluations.

Technically, shouldn’t it have failed screening and therefore IE?

Domain Name Wire speculated in November 2010 that ICANN had deliberately introduced loopholes in order to let Demand — and, at the time, Go Daddy — into the new gTLD program.

At that time, ICANN had just removed references to “any person or entity owning (or beneficially owning) fifteen percent or more of the applicant” in the background screening section of the Guidebook.

That might have introduced a loophole allowing subsidiaries of cybersquatters to apply.

But Demand Media seemed to think it was still at risk, asking ICANN in December 2010 to change the background check rules.

ICANN did. In the next version of the Guidebook, published in April 2011, it added the “In the absence of exceptional circumstances” qualifying language.

It’s also possible that this was the loophole that allowed Demand to pass screening.

Judging by the UDRP complaints it was involved in in the past, the company usually argued against the “bad faith” element of the policy. It often said it didn’t know about the complainant’s trademark and/or said it had offered to transfer the domain at no charge.

But more than 30 UDRP panelists didn’t buy that argument and still found against Demand. The company lost far more complaints than it won.

The fact that the company apparently managed to clean its act up a few years ago — not being hit with any complaints since 2011 — suggests that its act wasn’t all that clean to begin with.

Either way, neither ICANN nor Demand wants to talk about how the company passed screening, so I guess we’re still left wondering whether this section of the Guidebook is worth the PDF it’s written on.

Blow to domainers as Arab center approved to settle cybersquatting disputes

Kevin Murphy, May 22, 2013, Domain Services

ICANN has approved a new UDRP resolution provider, the first to be based in the Arab region, despite the objections of domainers.

The Arab Center for Dispute Resolution will now be able to service UDRP complaints. But it won’t be bound to an ICANN contract, as had been demanded by the Internet Commerce Association and others.

The ACDR was approved by the ICANN board last week, almost three years after it originally applied for the privilege.

The board said in its rationale that the move would be good for geographic diversity and that its rigorous community review process highlighted community accountability.

On the issue of UDRP provider contracts, it merely noted:

commenters suggested that ICANN develop contracts with each of its UDRP providers as a means to require uniformity among providers. Contracts have never been required of UDRP providers.

the proposal now includes an affirmative recognition that if ICANN imposes further requirements on providers, the ACDR will follow those requirements

The ACDR will come as a knock to the ICA, which recently celebrated the fact that ICANN intends to have formal contracts with providers of Uniform Rapid Suspension services.

Asian outfit named second URS provider

Kevin Murphy, April 22, 2013, Domain Policy

The Asian Domain Name Dispute Resolution Centre has been approved by ICANN as a provider of Uniform Rapid Suspension services.

The two organizations signed a memorandum of understanding last week, ICANN said.

ADNDRC is the second URS resolution provider to be named, after the US-based National Arbitration Forum. It’s got offices in Beijing, HongKong, Seoul and Kuala Lumpur and tends to hand local cases.

While it’s been a UDRP provider since 2001, it’s only handled about 1,000 cases in that time, according to DI’s records. That’s about 16 times fewer than NAF and 17 times fewer than WIPO.

ICANN said that more providers will be appointed in future.

URS is a faster, cheaper version of UDRP that allows obviously trademark-infringing domains to be suspended — not transferred — for about $500 a pop. It will only apply to new gTLDs at first.

Twitter files UDRP over twitter.org

Kevin Murphy, January 14, 2013, Domain Policy

Twitter has filed a cybersquatting complaint over the domain name twitter.org, which is currently being used for one of those bogus survey scam sites.

The domain has been registered since October 2005 — six months before Twitter was created — but appears to have changed hands a number of times since then.

It’s been under Whois privacy since mid-2011, but the last available unprotected record shows the domain registered to what appears to be Panama-based law firm.

Hiding ownership via offshore shell companies is a common tactic for people cybersquatting high-profile brands.

The UDRP complaint, which looks like a slam-dunk to me, has been filed with WIPO.

ICANN publishes RFI for URS provider

Kevin Murphy, September 25, 2012, Domain Policy

ICANN has issued an open call for dispute resolution providers interested in running its Uniform Rapid Suspension system.

In a request for information published last night, ICANN says it expects to pick a provider or providers by February 28, 2013.

If you’re not already running a dispute resolution service at scale there seems to be little point in applying. The RFI states that respondents must, at a minimum:

Have a track record in competently handling clerical aspects of Alternative Dispute Resolution or UDRP proceedings

Have a team of globally diverse and highly qualified neutrals, with experience handling UDRP or similar complaints, to serve as panelists.

With that in mind, will the RFI help sort out the problems with the URS?

What ICANN needs right now is a provider happy to administer proceedings for $300 to $500 per case.

ICANN has already asked WIPO and the National Arbitration Forum for their pricing expectations and neither apparently thinks they can do it much cheaper than UDRP. Hence the RFI.

Could the Czech Arbitration Court be in with a shot?

CAC already has UDRP experience and a stable of trademark experts on hand, and some say its level of automation is superior to — and presumably more cost-efficient than — both WIPO and NAF.

Is .city confusingly similar to .citi? UDRP says yes

Kevin Murphy, August 14, 2012, Domain Registries

In one of the more surprising twists to hit the new gTLD program, Citigroup has claimed that its proposed dot-brand gTLD, .citi, is not “confusingly similar” to the proposed generic gTLD .city.

The company appears to be trying to avoid getting into a contention set with the three commercial applicants for .city, which would likely put it into an expensive four-way auction.

It’s a surprising move because you’d expect a financial services company to want to at least try to mitigate the risk of future .city/.citi typo-based phishing attacks as much as possible.

Indeed, its .citi application states that the mission of the gTLD “is to further assist Applicant in accomplishing its mission of providing secure online banking and financial services”.

Nevertheless, the company is now arguing, in a few comments filed with ICANN today, this:

CITI and CITY are not so similar in an Internet context as to create a probability of user confusion if they are both delegated into the root zone. Thus, the .CITI application should not be placed into a contention set with the .CITY application.

The new Citigroup position is especially bewildering given that it has argued the exact opposite — and won — in at least two UDRP cases.

In the 2009 UDRP decision Citigroup Inc. v. Domain Deluxe c/o Domain Administrator, Citigroup contended that:

Respondent’s citywarrants.com domain name is confusingly similar to Complainant’s CITIWARRANTS mark.

The panelist in the case concluded that the Y variant of the name was merely a “mistyped variation” of and “substantively identical” to the Citigroup trademark.

A similar finding appears to have been handed down in Citigroup v Yongki, over the arguably generic citycard.com, but the decision is written in Korean so I can’t be certain.

The company’s current view, which I’m going to go out on a limb on and characterize as expedient, is that ICANN has delegated multiple ccTLDs that have only one character of variation in the past (it hasn’t — the ccTLDs it cites all pre-date ICANN) without causing confusion.

It also states in its comments that the meaning and proposed usage of the two strings is “very different” (which one commenter has already suggested is historically dubious).

So what’s going on here?

Is Citigroup really willing to risk potential phishing problems down the line to save a few measly bucks today? On the face of it, it looks that way.

If it is put in a contention set with the three .city applicants, it could wind up at auction against Donuts ($100m funding), TLD Registry Ltd (apparently backed by the Vision+ fund) and Directi.

Will Citigroup’s gambit pay off?

That’s down to a) the String Similarity Panel and b) whether any of the .city applicants tries to force the company into the contention set via a String Confusion Objection, which seems unlikely.

(Former) Donuts director hit with cybersquatting claim over Disney and Olympic domains

Kevin Murphy, August 7, 2012, Domain Policy

Donuts, the massive new gTLD applicant, has been hit by another set of cybersquatting claims, this time aimed at one of the company’s original directors.

Graham Stirling, who is listed as a Donuts Inc director in the company’s only Securities and Exchange Commission filing, seems to own several domain names containing Disney and Olympics trademarks.

(UPDATE: Donuts has confirmed that Stirling is no longer with the company, and hasn’t been since November 2011. Read the company’s full statement at the bottom of this post.)

The information emerged in a comment filed with ICANN on several Donuts applications by somebody called James Oliver Warner.

These are some of the domains Gibraltar-based Stirling allegedly owns:

2016juegosolimpicos.com
2016olimpicos.com
2020juegosolimpicos.com
2020olimpicos.com
2024olimpicos.com
andaluciadisney.com
costadelsoldisney.com
disneyandalucia.com
disneylandmalaga.com
disneymalaga.com
disneyworldmalaga.com
juegosolimpicos2008.com
juegosolimpicos2016.com
juegosolimpicos2020.com
juegosolimpicos2024.com
juegosolimpicoslondres.com
londresjuegosolimpicos.com
malagadisney.com
malagadisneyland.com
malagadisneyworld.com
olimpicos2016.com
olimpicos2020.com
olimpicos2024.com
soldisney.com
spaindisneyland.com
spaindisneyworld.com
teleubbies.com

You don’t need to be a trademark lawyer to know that these domains would not pass a UDRP challenge.

The domains all seem to have been registered to a Graham Stirling of Gibraltar for some years. Gibraltar’s a pretty small place, suggesting that it’s very probably the same guy.

It’s the second serious cybersquatting claim to hit Donuts in the last couple of weeks.

As we reported last week, a lawyer who apparently doesn’t want his client’s identity to be known has written to ICANN’s Governmental Advisory Committee to warn that Demand Media, Donuts’ back-end partner and its founders’ former employer, has a history of adverse UDRP findings.

That letter fingered Stirling as an employee of Gibraltar-based investment company Veddis Ventures, whose other executives allegedly have ties to online gambling scandals in the US.

Veddis Ventures recently removed Stirling’s full name from its web site. He’s now just listed as “Graham S”, adding to the intrigue.

The latest set of cybersquatting allegations are directed to ICANN’s background screening panel, which is tasked with weeding likely ne’er-do-wells out of the new gTLD program.

The panel looks at not only the corporate history of the applicant, but also at its directors and officers.

Stirling is not named on any of Donuts applications. For that matter, Donuts itself is not named as an official applicant on any of its 307 applications either.

Each of its applications has been filed by a different shell company, most of which are owned by another company, Dozen Donuts LLC, which we assume (but do not know) is in turn owned by Donuts.

The only individual named in the background check part of the applications (at least the portions published by ICANN) is Donuts CEO Paul Stahura.

Stirling is not currently listed as a director on Donuts’ web site.

If Stirling is still involved with Donuts, it might not impact the results of Donuts background screening, if the panel only looks at UDRP or court cases for evidence of cybersquatting.

Stirling does not appear to have ever been named in, never mind lost, a UDRP complaint.

That said, I don’t think ICANN’s background screening process will be over for a while yet…

August 7 Update:

Donuts has provided the following statement:

Graham Stirling is not a member of the Donuts Board of Directors and has not been since November 2011. Our list of board members as documented on our web site at www.donuts.co is current.

It’s disappointing to see Donuts’ contributions to new gTLD expansion attacked by those (including some unwilling to disclose their identities) who attempt to portray the company or those associated with it as bad actors. The company is and will continue to be committed to the legitimate interests of rights holders. As described in our applications, Donuts will implement rights protection mechanisms in its new gTLDs that substantially exceed those mandated by ICANN.

We have engaged the intellectual property community, law enforcement and others in the community about IP protection and believe our intentions and actions are clear and well understood. Infringement of legitimate rights is not tolerated by Donuts, in any capacity. Our collaboration with the community on IP protections will be an ongoing priority as the new gTLD program continues.