Latest news of the domain name industry

Recent Posts

Security firm sues Facebook to overturn UDRP loss of “good faith” typo domains

Kevin Murphy, February 11, 2021, 19:40:17 (UTC), Domain Services

Security company Proofpoint has sued Facebook in order to keep hold of several typo domains that are deliberately intended to look like its Facebook and Instagram brands.

Proofpoint wants an Arizona court to declare that facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org are not cases of cybersquatting because they were not registered in bad faith.

Proofpoint — a $7 billion company that certainly does not phish — uses the domains in anti-phishing employee training services, as it describes in its complaint:

Proofpoint uses intentionally domain names that look like typo-squatted versions of recognizable domain names, such as , and the other Domain Names at issue in these proceedings.

By using domain names similar to those of well-known companies, Proofpoint is able to execute a more effective training program because the workforce is more likely to learn to distinguish typo-squatted domains, which are commonly abused by bad actors to trick workers, from legitimate domain names.

Employees who click the bogus links are taken to harmless web pages describing how they were duped.

The court case comes shortly after Facebook prevailed in a UDRP case filed with WIPO.

In that case, the panelist decided that Proofpoint had no legitimate interest in the domains because they led to web sites that linked to Proofpoint’s web site, where commercial services are offered.

He therefore found that the names had been registered in bad faith, because visitors could assume that Facebook or Instagram in some way endorsed these services.

Proofpoint wants the court to reverse that decision and allow it to keep the names. Here’s the complaint (pdf).

It strikes me as at the very least bad form for Facebook to go after these domains, given that Proofpoint is tackling the Facebook phishing problem at source — user idiocy — rather than the reactive, interminable UDRP whack-a-mole Facebook seems to be engaging in.

Tagged: , , , , , , ,

Comments (3)

  1. Observer says:

    Ok, so then why did they make these domains visible on the open internet if they were only supposed to be accessed by internal employees?

    They should have limited the network access to only have it viewable on their private intranet, right?

    • Kevin Murphy says:

      I don’t think it’s limited to Proofpoint employees, but is included as part of a training service offered to clients.

  2. Mike B. says:

    FB still haven’t taken control of FaceBookXXX.com and InstaGramXXX.com for some reason.

Leave a Reply to Observer