Latest news of the domain name industry

Recent Posts

Could you survive a .sucks UDRP?

Kevin Murphy, March 17, 2015, Domain Policy

If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.

In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.

Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.

I really like this idea. Power to the people and all that.

But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”

Statistics generally favor mark owners

To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.

Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.

Another 19 cases were withdrawn or terminated; the remainder were split decisions.

So it seems, based on historical “sucks” cases, that the odds favor trademark owners.

But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.

What does WIPO say?

The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.

Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.

There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.

According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:

Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name

Some panels have disagreed with this prevailing view, however.

It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.

The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.

The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.

Panelists disagree on this point. WIPO says:

The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.

That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.

In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.

Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.

In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.

But other UDRP panelists have disagreed. WIPO says that some panelists have found:

Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.

The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.

Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.

WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:

While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.

So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.

How to beat a .sucks UDRP

Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.

Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.

1. Respond

To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.

If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.

That’s strike two.

2. Don’t allow your domain to be parked

If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.

Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.

This holds true even if the domain was automatically parked by your registrar.

Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.

Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.

Parking will usually lead to strikes two and three.

In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).

But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.

3. Develop a site as soon as possible

In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.

If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.

In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.

4. Don’t offer to sell the domain

It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.

Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.

5. Don’t make any money whatsoever

The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.

6. Be American

Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.

Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.

Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.

Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.

Uniform Rapid Suspension comes to .us

Neustar is to impose the Uniform Rapid Suspension policy on the .us ccTLD.

This means trademark owners are going to get a faster, cheaper way to get infringing .us domains taken down.

From July 1, all existing and new .us names will be subject to the policy.

Neustar’s calling it the usRS or .us Rapid Suspension service, but a blog post from the company confirms that it’s basically URS with a different name.

It will be administered by the National Arbitration Forum and cost mark owners from $375 per complaint, just like URS.

Neustar becomes the second ccTLD operator to support URS after PW Registry’s .pw, which implemented it from launch.

URS and usRS only permit domains to be suspended, not transferred to the mark owner, so there’s less chance of it being abused to reverse-hijack domains.

The burden of proof is also higher than UDRP — “clear and convincing evidence”.

How NetSol opts you in to cybersquatted .xyz names

Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.

Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include my-twitter.xyz, facebook-liker.xyz and googledia.xyz.

Domains including other brands, such as Rolex, Disney, iPhone, Amazon and Pepsi can also be found registered to third parties, via NetSol, in .xyz’s zone today.

They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.

I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.

As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.

The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.

The effect of this has been to propel .xyz into the leading spot in the new gTLD league table. It had 82,236 names in today’s zone file. a clear 15,000 names ahead of second-place .club.

But it’s not clear how much, if any, support NetSol has received from the registry, XYZ.com. CEO Daniel Negari told Rick Schwartz, in a coy interview last week:

The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.

The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.

Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.

That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.

But that doesn’t seem to be happening with the opt-out names,

Barry Shein, president of The World, had shein.xyz registered on his behalf by NetSol on Saturday. He already owns shein.com, also registered with NetSol.

NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:

Dear Valued Network Solutions Customer,

Congratulations, your complimentary SHEIN.XYZ domain has arrived!

Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.

If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

We appreciate your business and look forward to serving you again.

Sincerely,

Network Solutions Customer Support
www.networksolutions.com
http://www.networksolutions.com/help/index.jsp

Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.

I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.

Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.

This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.

But there are differences between .com and .xyz.

Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.

URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.

So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.

Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?

But it does raise some interesting questions.

Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.

Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over my-twitter.xyz? Who would it sue, if it decided to opt for the courts instead?

Dodgy domainer owns 40% of .ceo’s new names

Kevin Murphy, March 30, 2014, Domain Registries

What do Mark Zuckerberg, Oprah Winfrey, Donald Trump, Jeff Bezos and the Saudi royal family have in common?

Their .ceo domain names all belong to the same guy, a registrant from Trinidad and Tobago who as of last night was responsible for 40% of hand-registered .ceo domains.

Andrew Davis has registered roughly 100 of the roughly 250 .ceo names sold since the new gTLD went into general availability on March 28, spending at least $10,000 to do so.

I hesitate to call him a cyberquatter, but I have a feeling that multiple UDRP panels will soon be rather less hesitant.

Oh, what the hell: the dude’s a cyberquatter.

Here’s why I think so.

According to Whois records, Davis has registered dozens of common given and family names in .ceo — stuff like smith.ceo, patel.ceo, john.ceo, wang.ceo and wolfgang.ceo.

So far, that seems like fair game to me. There are enough CEOs with those names out there that to register matching domains in .ceo, or in any TLD, could easily be seen as honest speculation.

Then there are domains that start setting off alarm bells.

zuckerberg.ceo? zuck.ceo? oprah.ceo? trump.ceo? bezos.ceo?

Sure, those are names presumably shared by many people, but in the context of .ceo could they really refer to anyone other than Mark Zuckerberg, Oprah Winfrey, Donald Trump and Jeff Bezos?

I doubt it.

Then there are a class of names that seem to have been registered by Davis purely because they show up on lists of the world’s wealthiest families and individuals.

The domains slim.ceo, walton.ceo, and adelson.ceo match the last names of three of the top ten wealthiest people on the planet; arnault.ceo matches the name of France’s second-richest businessman.

getty.ceo, rockefeller.ceo, hearst.ceo, rothschild.ceo… all family names of American business royalty.

Then there’s the names of members of actual royalty, the magnificently wealthy Saudi royal family: alsaud.ceo, saud.ceo and alwaleed.ceo.

Still, if Davis had registered any single one of these names he could make a case that it was a good faith registration (if his name was Walton or Al Saud).

Collectively, the registration strategy looks very dodgy.

But where any chance of a good-faith defense falls apart is where Davis has registered the names of famous family-owned businesses where the name is also a well-defended trademark.

bacardi.ceo… prada.ceo… beretta.ceo… mars.ceo… sennheiser.ceo… shimano.ceo… swarovski.ceo… versace.ceo… ferrero.ceo… mahindra.ceo… olayan.ceo…

There’s very little chance of these surviving a UDRP if you ask me.

Overall, I estimate that at least half of Davis’ 100 registrations seem to deliberately target specific high net worth individuals or famous brands that are named after their company’s founder.

The remainder are generic enough that it’s difficult to guess what was going through his mind.

On his under construction web site at andrewdavis.ceo, Davis says:

I am the owner of Hundreds of the Best .CEO Domains available on the web.

My collection comprises of the Top Premium .CEO Domains (in my opinion).

My list of domains contains the First or Last names of well over 1 Billion people around the world.

I offer Email and Web Link Services on each of these sites, so that these Domains can be shared with many people around the world, particularly CEOs, Business Owners and Leaders, or those aspiring to become one.

On each of Davis’ .ceo sites, he offers to sell email addresses (eg contact@bacardi.ceo) for $10 a month and third-level domain names (eg blog.walton.ceo) for $5 a month.

A UDRP panelist is going to take this as evidence of bad faith, despite Davis’ disclaimer, which appears on each of his web sites. Here’s an example from bacardi.ceo:

This Website (Bacardi.CEO) is NOT Affiliated with, nor refers to, any Trademark or Company named “Bacardi”, that may or may not exist.

This Website does NOT refer to any Specific Individual Person(s) named “Bacardi”.

This Website aims to provide Services for ANY Person named “Bacardi”, particularly: CEOs, Business Owners and Leaders.

Bacardi.CEO is an Independent and Personal Project/Service of Andrew Davis.

I must admit I admire his entrepreneurship, but I fear he has stepped over the line into cybersquatting that a UDRP panelist will have no difficulty at all recognizing.

Davis has already been hit with a Uniform Rapid Suspension complaint on mittal.ceo, presumably filed on behalf of billionaire Indian steel magnate Lakshmi Mittal and/or his company ArcelorMittal.

It’s not clear from the name alone whether mittal.ceo is a losing domain under URS’ higher standard of evidence, but I reckon the pattern of registrations described in this blog post would help make for a pretty convincing case that would put it over the line.

I should add, in fairness to .ceo registry PeopleBrowsr, that the other 60% of its zone, judging by Whois records, looks pretty clean. Small, but clean.

Under global spotlight, ICANN forced to choose between GAC and the GNSO

Kevin Murphy, March 27, 2014, Domain Policy

ICANN has angered the Generic Names Supporting Organization and risks angering the Governmental Advisory Committee as it prevaricates over a controversial rights protection mechanism.

It looks like the ICANN board of directors is going to have decide whether to reject either a hard-won unanimous consensus GNSO policy recommendation or a piece of conflicting GAC advice.

ICANN is “stuck in a bind”, according to chairman Steve Crocker, and it’s a bind that comes at a time when the bottom-up multi-stakeholder process is under the global microscope.

The issue putting pressure on the board this week at the ICANN 49 public meeting here in Singapore is the protection of the names and acronyms of intergovernmental organizations.

IGOs pressured the GAC a few years ago into demanding protection in new gTLDs. They want every IGO name and acronym — hundreds of strings — blocked from registration by default.

For example, the Economic Cooperation Organization would have “economiccooperationorganization” and “eco” blocked at the second level in all new gTLDs, in much the same way as country names are reserved.

Other IGO acronyms include potentially useful dictionary-word strings like “who” and “idea”. As I’ve said before, protecting the useful acronyms of obscure IGOs that never get cybersquatted anyway is just silly.

But when ICANN approved the new gTLD program in 2011, for expediency it placed a temporary block on some of these strings and asked the GNSO to run a formal Policy Development Process to figure out a permanent fix.

In November 2012 it added hundreds more IGO names and acronyms to the list, while the GNSO continued its work.

The GNSO concluded its PDP last year with a set of strong consensus recommendations. The GNSO Council then approved them in a unanimous vote at the Buenos Aires meeting last November.

Those recommendations would remove the IGO acronyms from the temporary reserved names list, but would enable IGOs to enter those strings into the Trademark Clearinghouse instead.

Once in the TMCH, the acronyms would be eligible for the standard 90-day Trademark Claims mechanism, which alerts brand owners when somebody registers a name matching their mark.

The IGOs would not, however, be eligible for sunrise periods, so they wouldn’t have the special right to register their names before new gTLDs go into general availability.

The PDP did not make a recommendation that would allow IGOs to use the Uniform Rapid Suspension service or UDRP.

Unfortunately for ICANN, the GNSO recommendations conflict with the GAC’s current advice.

The GAC wants (pdf) the IGOs to be eligible for Trademark Claims on a “permanent” basis, as opposed to the 90-day minimum that trademark owners get. It also wants IGOs — which don’t generally enjoy trademark protection — to be made eligible for the URS, UDRP or some similar dispute resolution process.

Since Buenos Aires, the ICANN board’s New gTLD Program Committee has been talking to the GAC and IGOs about a compromise. That compromise has not yet been formally approved, but some initial thinking has been circulated by Crocker to the GAC and GNSO Council.

ICANN proposes to give IGOs the permanent Trademark Claims service that the GAC has asked for, as well as access to the URS. Both policies would have to be modified to allow this.

It would also create an entirely new arbitration process to act as a substitute for UDRP for IGOs, which are apparently legally unable to submit to the jurisdiction of national courts.

The compromise, while certainly overkill for a bunch of organizations that could hardly be seen as ripe cybersquatting targets, may seem like a pragmatic way for the board to reconcile the GNSO recommendations with the GAC advice without pissing anyone off too much.

But members of the GNSO are angry that the board appears to be on the verge of fabricating new policy out of whole cloth, ignoring its hard-won PDP consensus recommendations.

That’s top-down policy-making, something which is frowned upon within ICANN circles.

Under the ICANN bylaws, the board is allowed to reject a GNSO consensus recommendation, if it is found to be “not in the best interests of the ICANN community or ICANN”. A two-thirds majority is needed.

“That’s not what happened here,” Neustar’s vice president of registry services Jeff Neuman told the board during a meeting here in Singapore on Tuesday.

“Instead, the board on its own developed policy,” he said. “It did not accept, it did not reject, it developed policy. But there is no room in the ICANN bylaws for the board to do this with respect to a PDP.”

He said that the GNSO working group had already considered elements of ICANN’s compromise proposal and specifically rejected them during the PDP. Apparently speaking for the Registries Stakeholder Group, Neuman said the compromise should be taken out of consideration.

Bret Fausett of Uniregistry added: “The process here is as important to us as the substance. We think procedure wasn’t followed here and we detect a lack of understanding at the board level that process wasn’t followed.”

The GNSO Council seems to agree that the ICANN board can either accept or reject its recommendations, but what it can’t do is just write its own policies for the sake of a quiet life with the GAC.

To fully accept the GNSO’s recommendations would, however, necessitate rejecting the GAC’s advice. That’s also possible under the bylaws, but it’s a lengthy process.

Director Chris Disspain told the GNSO Council on Sunday that the board estimates it would take at least six months to reject the GAC’s advice, during which time the temporary reservations of IGO acronyms would remain active.

He further denied that the board is trying to develop policy from the top.

“It is not top-down, it’s not intended to be top-down, I can’t really emphasis that enough,” he told the Council.

He described the bylaws ability to reject the GNSO recommendations as a “sledgehammer”.

“It would be nice to be able to not have to use the sledgehammer,” he said. “But if we did have to use the sledgehammer we should only be using it because we’ve all agreed that’s what we have to do.”

Chair Steve Crocker summed up the board’s predicament during the Sunday meeting.

“We always do not want to be in the position of trying to craft our own policy decision,” he said. “So we’re stuck in this bind where we’re getting contrary advice from sources that feel very strongly that they’ve gone through their processes and have spoken and so that’s the end of it from that perspective.”

The bind is especially tricky because it’s coming at a time when ICANN is suddenly becoming the focus of a renewed global interest in internet governance issues.

The US government has said that it’s willing to walk away from its direct oversight of ICANN, but only if what replaces it is a “multi-stakeholder” rather than “intergovernmental” mechanism

If ICANN were to reject the proceeds of a two-year, multi-stakeholder, bottom-up, consensus policy, what message would that send to the world about multistakeholderism?

On the other hand, if ICANN rejects the advice of the GAC, what message would it send about governments’ ability to effectively participate as a stakeholder in the process?

Clearly, something is broken when the procedures outlined in ICANN’s bylaws make compromise impossible.

Until that is fixed — perhaps by getting the GAC involved in GNSO policy-making, something that has been talked about to no end for years — ICANN will have to continue to make these kinds of hard choices.

Fielding a softball question during a meeting with the GNSO Council on Saturday, ICANN CEO Fadi Chehade said that “to value the process as much as I value the result” is the best piece of advice he’s received.

“Policies get made here,” Chehade told the Council, “they should not be made at the board level, especially when a consensus policy was made by the GNSO. Akram [Atallah, Generic Domains Division president] today was arguing very hard at the board meeting that even if we don’t think it’s the right thing, but it is the consensus policy of the GNSO, we should stick with it.”

Will the board stick with it? Director Bruce Tonkin told the registries on Monday that the board would try to address their concerns by today, so we may not have to wait long for an answer.