Latest news of the domain name industry

Recent Posts

URS coming to .travel under big contract changes

The .travel gTLD, which was approved 10 years ago, will have to support the Uniform Rapid Suspension service, one of several significant changes proposed for its ICANN contract.

I believe it’s the first legacy gTLD to agree to use URS, which gives trademark owners a way to remove domain names that infringe their marks that is quicker and cheaper than UDRP.

Tralliance, the registry, saw its .travel Registry Agreement expire earlier this month. It’s been extended and the proposed new version, based on the New gTLD Registry Agreement, is now open for public comment.

While the adoption of URS may not have much of a direct impact — .travel is a restricted TLD with fewer than 20,000 names under management — it sets an interesting precedent.

IP interests have a keen interest in having URS cover more than just 2012-round gTLDs. They want it to cover .com, .org, .net and the rest too.

Domain investors, meanwhile, are usually cautious about any changes that tilt the balance of power in favor of big brands.

When .biz, .org and .info came up for renewal in 2013, the Intellectual Property Constituency filed comments asking for URS to be implemented in the new contracts, but the request was not heard.

I’m aware of two ccTLDs — .pw and .us — that voluntarily adopted URS in their zones.

Other changes include a requirement for all .travel registrars, with the exception of those already selling .travel domains, to be signatories of the stricter 2013 Registrar Accreditation Agreement.

That’s something Afilias and Neustar only agreed to put in their .info and .biz contracts if Verisign agrees to the same provisions for .com and .net.

The fees Tralliance pays ICANN have also changed.

It currently pays $10,000 in fixed fees every year and $2 per billable transaction. I estimate this works out at something like $40,000 to $50,000 a year.

The proposed new contract has the same fees as 2012-round new gTLDs — a $25,000 fixed fee and $0.25 per transaction. The transaction fee only kicks in after 50,000 names, however, and that’s volume .travel hasn’t seen in over five years.

Tralliance will probably save itself thousands under the new deal.

The contract public comment forum can be found here.

Could you survive a .sucks UDRP?

Kevin Murphy, March 17, 2015, Domain Policy

If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.

In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.

Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.

I really like this idea. Power to the people and all that.

But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”

Statistics generally favor mark owners

To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.

Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.

Another 19 cases were withdrawn or terminated; the remainder were split decisions.

So it seems, based on historical “sucks” cases, that the odds favor trademark owners.

But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.

What does WIPO say?

The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.

Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.

There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.

According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:

Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name

Some panels have disagreed with this prevailing view, however.

It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.

The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.

The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.

Panelists disagree on this point. WIPO says:

The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.

That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.

In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.

Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.

In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.

But other UDRP panelists have disagreed. WIPO says that some panelists have found:

Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.

The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.

Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.

WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:

While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.

So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.

How to beat a .sucks UDRP

Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.

Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.

1. Respond

To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.

If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.

That’s strike two.

2. Don’t allow your domain to be parked

If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.

Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.

This holds true even if the domain was automatically parked by your registrar.

Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.

Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.

Parking will usually lead to strikes two and three.

In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).

But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.

3. Develop a site as soon as possible

In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.

If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.

In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.

4. Don’t offer to sell the domain

It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.

Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.

5. Don’t make any money whatsoever

The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.

6. Be American

Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.

Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.

Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.

Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.

Uniform Rapid Suspension comes to .us

Neustar is to impose the Uniform Rapid Suspension policy on the .us ccTLD.

This means trademark owners are going to get a faster, cheaper way to get infringing .us domains taken down.

From July 1, all existing and new .us names will be subject to the policy.

Neustar’s calling it the usRS or .us Rapid Suspension service, but a blog post from the company confirms that it’s basically URS with a different name.

It will be administered by the National Arbitration Forum and cost mark owners from $375 per complaint, just like URS.

Neustar becomes the second ccTLD operator to support URS after PW Registry’s .pw, which implemented it from launch.

URS and usRS only permit domains to be suspended, not transferred to the mark owner, so there’s less chance of it being abused to reverse-hijack domains.

The burden of proof is also higher than UDRP — “clear and convincing evidence”.

How NetSol opts you in to cybersquatted .xyz names

Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.

Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include my-twitter.xyz, facebook-liker.xyz and googledia.xyz.

Domains including other brands, such as Rolex, Disney, iPhone, Amazon and Pepsi can also be found registered to third parties, via NetSol, in .xyz’s zone today.

They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.

I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.

As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.

The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.

The effect of this has been to propel .xyz into the leading spot in the new gTLD league table. It had 82,236 names in today’s zone file. a clear 15,000 names ahead of second-place .club.

But it’s not clear how much, if any, support NetSol has received from the registry, XYZ.com. CEO Daniel Negari told Rick Schwartz, in a coy interview last week:

The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.

The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.

Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.

That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.

But that doesn’t seem to be happening with the opt-out names,

Barry Shein, president of The World, had shein.xyz registered on his behalf by NetSol on Saturday. He already owns shein.com, also registered with NetSol.

NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:

Dear Valued Network Solutions Customer,

Congratulations, your complimentary SHEIN.XYZ domain has arrived!

Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.

If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

We appreciate your business and look forward to serving you again.

Sincerely,

Network Solutions Customer Support
www.networksolutions.com
http://www.networksolutions.com/help/index.jsp

Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.

I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.

Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.

This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.

But there are differences between .com and .xyz.

Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.

URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.

So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.

Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?

But it does raise some interesting questions.

Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.

Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over my-twitter.xyz? Who would it sue, if it decided to opt for the courts instead?

Dodgy domainer owns 40% of .ceo’s new names

Kevin Murphy, March 30, 2014, Domain Registries

What do Mark Zuckerberg, Oprah Winfrey, Donald Trump, Jeff Bezos and the Saudi royal family have in common?

Their .ceo domain names all belong to the same guy, a registrant from Trinidad and Tobago who as of last night was responsible for 40% of hand-registered .ceo domains.

Andrew Davis has registered roughly 100 of the roughly 250 .ceo names sold since the new gTLD went into general availability on March 28, spending at least $10,000 to do so.

I hesitate to call him a cyberquatter, but I have a feeling that multiple UDRP panels will soon be rather less hesitant.

Oh, what the hell: the dude’s a cyberquatter.

Here’s why I think so.

According to Whois records, Davis has registered dozens of common given and family names in .ceo — stuff like smith.ceo, patel.ceo, john.ceo, wang.ceo and wolfgang.ceo.

So far, that seems like fair game to me. There are enough CEOs with those names out there that to register matching domains in .ceo, or in any TLD, could easily be seen as honest speculation.

Then there are domains that start setting off alarm bells.

zuckerberg.ceo? zuck.ceo? oprah.ceo? trump.ceo? bezos.ceo?

Sure, those are names presumably shared by many people, but in the context of .ceo could they really refer to anyone other than Mark Zuckerberg, Oprah Winfrey, Donald Trump and Jeff Bezos?

I doubt it.

Then there are a class of names that seem to have been registered by Davis purely because they show up on lists of the world’s wealthiest families and individuals.

The domains slim.ceo, walton.ceo, and adelson.ceo match the last names of three of the top ten wealthiest people on the planet; arnault.ceo matches the name of France’s second-richest businessman.

getty.ceo, rockefeller.ceo, hearst.ceo, rothschild.ceo… all family names of American business royalty.

Then there’s the names of members of actual royalty, the magnificently wealthy Saudi royal family: alsaud.ceo, saud.ceo and alwaleed.ceo.

Still, if Davis had registered any single one of these names he could make a case that it was a good faith registration (if his name was Walton or Al Saud).

Collectively, the registration strategy looks very dodgy.

But where any chance of a good-faith defense falls apart is where Davis has registered the names of famous family-owned businesses where the name is also a well-defended trademark.

bacardi.ceo… prada.ceo… beretta.ceo… mars.ceo… sennheiser.ceo… shimano.ceo… swarovski.ceo… versace.ceo… ferrero.ceo… mahindra.ceo… olayan.ceo…

There’s very little chance of these surviving a UDRP if you ask me.

Overall, I estimate that at least half of Davis’ 100 registrations seem to deliberately target specific high net worth individuals or famous brands that are named after their company’s founder.

The remainder are generic enough that it’s difficult to guess what was going through his mind.

On his under construction web site at andrewdavis.ceo, Davis says:

I am the owner of Hundreds of the Best .CEO Domains available on the web.

My collection comprises of the Top Premium .CEO Domains (in my opinion).

My list of domains contains the First or Last names of well over 1 Billion people around the world.

I offer Email and Web Link Services on each of these sites, so that these Domains can be shared with many people around the world, particularly CEOs, Business Owners and Leaders, or those aspiring to become one.

On each of Davis’ .ceo sites, he offers to sell email addresses (eg contact@bacardi.ceo) for $10 a month and third-level domain names (eg blog.walton.ceo) for $5 a month.

A UDRP panelist is going to take this as evidence of bad faith, despite Davis’ disclaimer, which appears on each of his web sites. Here’s an example from bacardi.ceo:

This Website (Bacardi.CEO) is NOT Affiliated with, nor refers to, any Trademark or Company named “Bacardi”, that may or may not exist.

This Website does NOT refer to any Specific Individual Person(s) named “Bacardi”.

This Website aims to provide Services for ANY Person named “Bacardi”, particularly: CEOs, Business Owners and Leaders.

Bacardi.CEO is an Independent and Personal Project/Service of Andrew Davis.

I must admit I admire his entrepreneurship, but I fear he has stepped over the line into cybersquatting that a UDRP panelist will have no difficulty at all recognizing.

Davis has already been hit with a Uniform Rapid Suspension complaint on mittal.ceo, presumably filed on behalf of billionaire Indian steel magnate Lakshmi Mittal and/or his company ArcelorMittal.

It’s not clear from the name alone whether mittal.ceo is a losing domain under URS’ higher standard of evidence, but I reckon the pattern of registrations described in this blog post would help make for a pretty convincing case that would put it over the line.

I should add, in fairness to .ceo registry PeopleBrowsr, that the other 60% of its zone, judging by Whois records, looks pretty clean. Small, but clean.