Latest news of the domain name industry

Recent Posts

.sucks mystery deepens. Who the hell is Pat Honeysalt?

Kevin Murphy, March 24, 2021, Domain Registries

Another two .sucks domain names registered by the gTLD’s most prolific registrant have been found to be cases of cybersquatting, but now the squatter’s true identity is becoming more opaque.

In two recently decided UDRP cases before WIPO, registrant Honey Salt Ltd was found to have cybersquatted by registering and offering for sale bfgoodrich.sucks, uniroyal.sucks and tetrapak.sucks.

While earlier cases filed with the Czech Arbitration Forum had identified Honey Salt as a Turks & Caicos company, the latest few WIPO cases say it is a UK-based company.

However, searches at UK Companies House do not reveal any company matching that name.

The latest WIPO cases also identify an individual allegedly behind said company as a respondent, one “Pat Honeysalt”.

That’s either a pseudonym, or we’ve found one of those people who have somehow managed to keep their name out of Google’s index despite being well-funded and tech-savvy.

Honey Salt is believed to be the registrant of thousands of .sucks domains, all matching the trademarks of big companies, which all point to Everything.sucks, a wiki-style web site comprising scraped third-party criticism targeting the brands in question.

Its defense in its UDRP cases to date has been that it is providing non-commercial free speech criticism, and that the inclusion of “.sucks” in the domain means users could not possibly believe the site is officially sanctioned by the brand.

All but one UDPR panel has so far not believed this defense, with panelists pointing out that the domains in question are usually listed for sale on the secondary market (sometimes at cost, sometimes at an inflated price).

They further point out that the criticism displayed on the Everything.sucks site was written by third parties, often prior to the registration of the domain in question, so Honey Salt cannot claim to be exercising its own free-speech rights.

Honey Salt is represented in its UDRP cases by the very large US-based law firm Orrick, Herrington & Sutcliffe, which also represents .sucks registry Vox Populi.

Everything.sucks, in losing UDRPs, puts the lie to the .sucks business model

The World Intellectual Property Organization has delivered its first UDRP decision concerning a .sucks domain name, ruling that the name sanofi.sucks is in fact cybersquatting.

The three-person panel ruled that the domain was identical or confusingly similar to a trademark owned by Sanofi, a French pharmaceuticals manufacturer involved in producing vaccines for the COVID-19 virus.

That was despite the fact that the registrant, affiliated with the Everything.sucks project, argued that nobody would think a domain name ending in “.sucks” would be affiliated with the trademark owner.

That argument flies in the face of official .sucks registry marketing from Vox Populi Registry, which positions .sucks as a place for brand owners to consolidate and manage customer criticism, feedback and support.

The sanofi.sucks case is one of two UDRP losses in the last few weeks for Honey Salt, a Turks and Caicos-based company that is believed to account for over a third of all .sucks registrations.

Honey Salt has registered thousands of brand names in .sucks, linking them to a wiki site operated by Everything.sucks Inc that contains criticism of the brands concerned copied from third-party web sites such as TrustPilot and GlassDoor.

There’s evidence that Everthing.sucks and Honey Salt are affiliated or share common ownership with Vox Pop, but the registry has denied this.

In the Sanofi case, Honey Salt mounted a free speech defense, saying it was providing a platform for legitimate criticism of the company and that Sanofi was using the UDRP to silence such criticism.

Sanofi claimed that the domain had in fact been registered for commercial purposes and to unfairly suggest an official connection to the company.

But what’s interesting is how Honey Salt argues that the domain itself, regardless of the associated web site’s content, is not confusingly similar to the Sanofi mark. The WIPO panelsts wrote, with my added emphasis:

The Respondent maintains that the disputed domain name is not identical or confusingly similar to a trademark in which the Complainant has rights. According to it, the “.sucks” gTLD is not like other generic TLDs, and its pejorative nature renders the disputed domain name as a whole nonidentical and prevents confusion, and the inclusion of “.sucks” in the disputed domain name makes clear that the associated website is not affiliated with the Complainant, but instead contains criticism of it and of its business.

In other words, if you visit a .sucks domain, you automatically will assume that the site is not associated with the brand owner.

Honey Salt seems to have made an identical argument in the UDRP case of cargotec.sucks, which it also lost at the Czech Arbitration Forum last month. The panelists in that decision summarized the company’s defense like this:

The TLD at issue here, however, .sucks, is not like other generic top level domains. Its pejorative nature renders the domain name as a whole nonidentical and prevents confusion… The inclusion of “.sucks” makes abundantly clear that the website is not affiliated with Complainant and instead contain criticism of its business.

Again, this is completely contrary to the stated goal of the .sucks registry.

Vox Pop has from the outset claimed that .sucks domains are a way for brands to aggregate customer feedback and criticism in one place, using a .sucks domain controlled by the brands themselves.

That purpose goes all the way back to its 2012 ICANN new gTLD application and continues to this day on its official web site and Twitter feed, which is primarily used to goad companies undergoing media controversies into registering and using their .sucks exact-match.

Back in 2015, Vox Pop CEO John Berard told us:

A company would be smart to register its name because of the value that consumer criticism has in improving customer loyalty, delivering good customer service, understanding new product and service possibilities… They’re spending a lot more on marketing and customer service and research. This domain can another plank in that platform

Vox Pop even owns and uses voxpopuli.sucks and dotsucks.sucks, where it hosts a little-used forum welcoming criticism from people who say the company sucks.

But Honey Salt, its largest registrant by a significant margin, is now on-record stating that .sucks domains only imply ownership by third parties and could not possibly be confused with brand-owner ownership.

If the Many Worlds interpretation of quantum mechanics is correct, there exists a corner of the multiverse in which Honey Salt and Everything.sucks are just fronts for the entities that also control Vox Pop and its top registrar, Rebel.com. In that universe, it would be trippy indeed for the registry’s own affiliates to admit its entire stated business model is bullshit.

In our universe, that particular cat, which very probably has a goatee, is still firmly in the box, however.

Speculative forays into science fiction aside, Honey Salt’s record on UDRP is now three losses versus one win. It has six more cases pending at WIPO

Security firm sues Facebook to overturn UDRP loss of “good faith” typo domains

Kevin Murphy, February 11, 2021, Domain Services

Security company Proofpoint has sued Facebook in order to keep hold of several typo domains that are deliberately intended to look like its Facebook and Instagram brands.

Proofpoint wants an Arizona court to declare that facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org are not cases of cybersquatting because they were not registered in bad faith.

Proofpoint — a $7 billion company that certainly does not phish — uses the domains in anti-phishing employee training services, as it describes in its complaint:

Proofpoint uses intentionally domain names that look like typo-squatted versions of recognizable domain names, such as , and the other Domain Names at issue in these proceedings.

By using domain names similar to those of well-known companies, Proofpoint is able to execute a more effective training program because the workforce is more likely to learn to distinguish typo-squatted domains, which are commonly abused by bad actors to trick workers, from legitimate domain names.

Employees who click the bogus links are taken to harmless web pages describing how they were duped.

The court case comes shortly after Facebook prevailed in a UDRP case filed with WIPO.

In that case, the panelist decided that Proofpoint had no legitimate interest in the domains because they led to web sites that linked to Proofpoint’s web site, where commercial services are offered.

He therefore found that the names had been registered in bad faith, because visitors could assume that Facebook or Instagram in some way endorsed these services.

Proofpoint wants the court to reverse that decision and allow it to keep the names. Here’s the complaint (pdf).

It strikes me as at the very least bad form for Facebook to go after these domains, given that Proofpoint is tackling the Facebook phishing problem at source — user idiocy — rather than the reactive, interminable UDRP whack-a-mole Facebook seems to be engaging in.

WIPO handles 50,000th UDRP case as coronavirus drives complaints

Kevin Murphy, November 30, 2020, Domain Policy

The World Intellectual Property Organization handled its 50,000th UDPR case on November 20, the organization has announced.

It’s taken WIPO, which designed the policy and was the first to administer it back in 1999, over two decades to reach this milestone.

WIPO said that the 50,000 cases cover almost 91,000 domains, with complaints and respondents from over 180 countries.

The organization believes the coronavirus pandemic this year has driven growth, with an 11% increase in cases recorded between January and October. There were 3,405 cases over this period.

Erik Wilbers, director of the WIPO Arbitration and Mediation Center, said in a press release:

With a greater number of people spending more time online during the pandemic, cybersquatters are finding an increasingly target-rich environment. Rights owners, meantime, are stepping up their brand enforcement on the Internet as they further shift to marketing and selling online.

Karklins beats LaHatte to chair ICANN’s Whois privacy team

Kevin Murphy, April 25, 2019, Domain Policy

Latvian diplomat and former senior WIPO member Janis Karklins has been appointed chair of the ICANN working group that will decide whether to start making private Whois records available to trademark owners.

Karklins’ appointment was approved by the GNSO Council last week. He beat a single rival applicant, New Zealand’s Chris LaHatte, the former ICANN Ombudsman.

He replaces Kurt Pritz, the former ICANN Org number two, who quit the chair after it finished its “phase one” work earlier this year.

Karklins has a varied resume, including a four-year stint as chair of ICANN’s Governmental Advisory Committee.

He’s currently Latvia’s ambassador to the United Nations in Geneva, as well as president of the Arms Trade Treaty.

Apparently fighting for Latvia’s interests at the UN and overseeing the international conventional weapons trade still gives him enough free time to now also chair the notoriously intense and tiring Expedited Policy Development Process on Whois, which has suffered significant burnout-related volunteer churn.

But it was Karklins’ one-year term as chair of the general assembly of WIPO, the World Intellectual Property Organization, that gave some GNSO Council members pause.

The EPDP is basically a big bloodless ruck between intellectual property lawyers and privacy advocates, so having a former WIPO bigwig in the neutral hot seat could be seen as a conflict.

This issue was raised by the pro-privacy Non-Commercial Stakeholders Group during GNSO Council discussions last week, who asked whether LaHatte could not also be brought on as a co-chair.

But it was pointed out that it would be difficult to find a qualified chair without some connection to some interested party, and that Karklins is replacing Pritz, who at the time worked for a new gTLD registry and could have had similar perception-of-conflict issues.

In the end, the vote to confirm Karklins was unanimous, NCSG and all.

The EPDP, having decided how to bring ICANN’s Whois policy into compliance with the General Data Protection Regulation, is now turning its attention to the far trickier issue of a “unified access model” for private Whois data.

It will basically decide who should be able to request access to this data and how such a system should be administered.

It will not be smooth sailing. If Karklins thinks international arms dealers are tricky customers, he ain’t seen nothing yet.

UDRP complaints hit new high at WIPO

Kevin Murphy, March 19, 2019, Domain Policy

The World Intellectual Property Organization handled 3,447 UDRP cases in 2018, a new high for the 20-year-old anti-cybersquatting policy.

The filings represent an increase of over 12% compared to the 3,074 UDRP cases filed with WIPO in 2017. There were 3,036 cases in 2016

But the number of unique domains complained about decreased over the same period, from 6,370 in 2017 to 5,655 domains in 2018, WIPO said today.

The numbers cover only cases handled by WIPO, which is one of several UDRP providers. They may represent increases or decreases in cybersquatting, or simply WIPO’s market share fluctuating.

The numbers seem to indicate that the new policy of redacting Whois information due to GDPR, which came into effect mid-year, has had little impact on trademark owners’ ability to file UDRP claims.

UPDATE: This post was updated a few hours after publication to remove references to the respective shares of the UDRP caseload of .com compared to new gTLDs. WIPO appears to have published some wonky math, as OnlineDomain noticed.

Claims UDRP has cost over $360 million so far

Kevin Murphy, February 13, 2019, Domain Policy

Trademark owners have splashed out over $360 million on UDRP cases over the 20 years the policy has been active, according to an intellectual property trade group.

Marques, a European body representing trademark owners, reckons $360 million is a “conservative” estimate.

It reached the figure by multiplying the number of UDRP complaints filed to the end of 2018 — 72,038 — by the $5,000 estimated total cost of each complaint.

The World Intellectual Property Organization, which handles well over half of all UDRP cases, charges at least $1,500 per case, but trademark owners have other fees, such as paying lawyers to draft the complaints.

WIPO, which basically designed and wrote the UDRP back in 1998, has been paid at least $63.8 million in filing fees to date, Marques calculates.

Across all UDRP providers, well over 100,000 individual domain names have been subject to UDRP. It’s likely much more, but the National Arbitration Forum does not publish data on unique domains.

The Marques claims were made in a letter (pdf) from council member (and Com Laude managing director) Nick Wood to ICANN last week, part of IP lobbying efforts in the face of UDRP reform efforts. He wrote:

This lowest-case estimate of $360m is a very significant financial burden. Registrants, on the other hand, pay only for their own defence, if any. They do not pay damages, or even contribute to the provider fees, if they lose – which across the five active panel providers appears to be majority of the time.

One proposal that has been put forward by IP owners is for registrants to pay a $500 fee when they are hit by a UDRP complaint, which would be refundable if they prevail.

I can see this idea going down like a cup of iced sick in the domainer community.

Rather than lobbying for any specific proposal, however, Marques is asking ICANN to create an “independent expert group” outside of the usual Policy Development Process, to highlight “priority issues and possible solutions” for the PDP to consider.

Marques thinks the group should comprise a small number of trademark interests, registries and registrars, and registrant rights groups. It wants WIPO to chair it.

It also wants ICANN to coordinate UDRP providers in the creation of a unified set of data on UDRP cases processed to date, to help with future reform discussions.

ICANN community volunteers have been working on the “PDP Review of All Rights Protection Mechanisms in All gTLDs” — the RPM WG — since March 2016.

The RPM WG expects to put out its “Phase One” initial report, comprising recommendations for reform of the Trademark Clearinghouse, Trademark Claims and Sunrise policies, in early June this year.

Only then will it turns its attention to UDRP, in “Phase Two”, with talks due to begin at the ICANN 65 meeting in Marrakech later that month.

The working group has been beset by all kinds of personal drama among volunteers recently, which continues to add friction to discussions.

Cybersquatting cases up because of .com

Kevin Murphy, March 23, 2018, Domain Services

The World Intellectual Property Organization handled cybersquatting cases covering almost a thousand extra domain names in 2017 over the previous year, but almost all of the growth came from complaints about .com names, according to the latest WIPO stats.

There were 3,074 UDRP cases filed with WIPO in 2017, up about 1.2% from the 3,036 cases heard in 2016, WIPO said in its annual roundup last week.

That’s slower growth than 2016, which saw a 10% increase in cases over the previous year.

But the number domains complained about in UDRP was up more sharply — 6,370 domains versus 5,374 in 2016.

WIPO graph

WIPO said that 12% of its 2017 cases covered domains registered in new gTLDs, down from 16% in 2016.

If you drill into its numbers, you see that 3,997 .com domains were complained about in 2017, up by 862 domains or 27% from the 3,135 seen in 2016.

.com accounted for 66% of UDRP’d domains in 2016 and 70% in 2017. The top four domains in WIPO’s table are all legacy gTLDs.

As usual when looking at stats for basically anything in the domain business in the last few years, the tumescent rise and meteoric fall of .xyz and .top have a lot to say about the numbers.

In 2016, they accounted for 321 and 153 of WIPO’s UDRP domains respectively, but they were down to 66 and 24 domains in 2017.

Instead, three Radix TLDs — .store, .site and .online — took the honors as the most complained-about new gTLDs, with 98, 79, and 74 domains respectively. Each of those three TLDs saw dozens more complained-about domains in 2017 than in 2016.

As usual, interpreting WIPO’s annual numbers requires caution for a number of reasons, among them: WIPO is not the only dispute resolution provider to handle UDRP cases, rises and falls in UDRP filings do not necessarily equate to rises and falls in cybersquatting, and comparisons between .com and new gTLDs do not take into account that new gTLDs also have the URS as an alternative dispute mechanism.

Panel doesn’t consider TLD in the first-ever new gTLD UDRP case

Kevin Murphy, March 17, 2014, Domain Policy

The first new gTLD domain name has been lost to a UDRP complaint.

The famous German bike maker Canyon Bicycles won canyon.bike from a registrant who said he’d bought the name — and others — in order to protect the company from cybersquatters.

The panelist in the case, WIPO’s Andrew Lothian, declined to consider the fact that the TLD was related to Canyon’s business in making his decision. Finding confusing similarity, he wrote:

The Panel finds that, given the advent of multiple new gTLD domain names, panels may determine that it is appropriate to include consideration of the top-level suffix of a domain name for the purpose of the assessment of identity or similarity in a given case, and indeed that there is nothing in the wording of the Policy that would preclude such an approach. However, the Panel considers that it is not necessary to do so in the present case.

Canyon had argued that the fact that it’s a .bike domain reinforced the similarity between the domain and the mark, but it’s longstanding WIPO policy that the TLD is irrelevant when determining confusing similarity.

The domain was registered under Whois privacy but, when it was lifted, Canyon looked the registrant up on social media and discovered he was very familiar with the world of bikes.

The registrant told WIPO that he’s registered Canyon’s mark “with the best of intentions”.

Apparently, he’s registered more than one famous brand in a new gTLD in the belief that the existence of the program was not wildly known, in order to transfer the domains to the mark holders.

He claimed “that many companies have been content with his actions” according to the decision.

But the fact that he’d asked for money from Canyon was — of course — enough for Lothan to find bad faith.

He also chose to use the fact that the registrant had made no attempt to remove the default Go Daddy parking page — which the registrar monetizes with PPC — as further evidence of bad faith.

The domain is to be transferred.

Roussos loses last .music LRO

Kevin Murphy, August 27, 2013, Domain Registries

Constantine Roussos’ DotMusic Ltd has lost its seventh and final Legal Rights Objection against rival .music applicants.

In the decision in DotMusic Ltd v DotMusic Inc, published (pdf) this hour, WIPO panelist Mark Partridge ruled:

the Panel is compelled to conclude that the Objector lacks enforceable rights. The term “.music” (or “dotMusic”) would in the Panel’s opinion be recognized as a generic designation for a top-level domain name directed at or relating to music and music-related services. As a result, the Panel is of the opinion that the Objector cannot own trademark rights in the terms “.music” (or “dotMusic”) per se as a matter of law, even if it has developed awareness of that term as being associated with it as the name of an entity.

That’s roughly in keeping with the first six DotMusic decisions and a not remotely surprising result.

The objections phase for .music is not over yet, however. There are still seven Community Objections pending, most of them filed by American Association of Independent Music, which is affiliated with Roussos’ bid.

There’s also the possibility that DotMusic and/or .music LLC (which also has industry backing) could apply for a Community Priority Evaluation, which would kill off all rivals at a stroke.

I’ve yet to hear a convincing argument why either application could win a CPE, so my guess is that .music is, eventually, heading to auction.