Latest news of the domain name industry

Recent Posts

TMCH turning off some brand-blocking services

Kevin Murphy, April 13, 2022, Domain Services

The Trademark Clearinghouse is closing down two of its brand protection services after apparently failing to attract and retain registry partners.

The company announced recently that TREx, its Trademark Registry Exchange, will shut down after its customers’ existing subscriptions expire, saying:

The communication that we receive from our agents, resellers, clients and other registries that we have reached out to around improving the product shows that there is currently little appetite for such a service.

TMCH said it may revive the service after the new round of new gTLDs happens.

TREx was a service similar to Donuts’ Domain Protected Marks List and others, whereby trademark owners can block their brands across a multitude of TLDs for a substantial discount on the cost of defensive registrations.

But the TMCH offering was not restricted to one registry’s portfolio. Rather, it consolidated TLDs from multiple smaller operators, including at least one ccTLD — .de — into one service.

It seems to have peaked at 43 TLDs, but lost three when XYZ.com pulled out a couple years ago.

Its biggest partner was MMX, which sold its 22 gTLDs to GoDaddy Registry last year. I’d be very surprised if this consolidation was not a big factor in the decision to wind down TREx.

I’d also be surprised if we don’t see a DPML-like service from GoDaddy before long. It already operates AdultBlock on its four porn-themed gTLDs.

The news follows the announcement late last year that TMCH will also close down its BrandPulse service, which notified clients when domains similar to their brands were registered in any TLD, when its existing subscriptions expire.

Both services leveraged TMCH’s contractual relationship with ICANN, under which it provides functions supporting mandatory rights protection mechanisms under the new gTLD program rules, but neither are ICANN-mandated services.

Cybersquatting cases down in .uk

Kevin Murphy, February 23, 2022, Domain Policy

The number of cybersquatting complaints, and the number of successful cybersquatting complaints, were down in .uk last year, according to new data from local registry Nominet.

Nominet said that its Dispute Resolution Service, which has a monopoly on .uk disputes, handled just 548 cases in 2021, the lowest number in the 20-year history of the DRS.

Only 43% of the complaints resulted in the domain being transferred, Nominet said. That’s down from 46% in 2020, 47% in 2019 and 49% in 2018, it said.

The trends fly in contrast to the UDRP, as least in WIPO’s experience in 2021, where cases were soaring.

General counsel Nick Wenban-Smith said in a press release:

Despite the worldwide shift towards online activity during the pandemic, and WIPO disputes on the increase, we haven’t seen a parallel pick up in the number of .UK domain name disputes for the past two years, but instead are reporting a record low in Complaints filed since the DRS launched back in 2001. We hope this is a result of our continued efforts to make .UK a safe place to be online.

Nominet has some pretty strict takedown practices in place — it will suspend a domain if the police’s intellectual property crime unit tells it to, which could clearly have an impact on the need to employ the DRS.

Is the .sucks mass-cybersquatting experiment over?

Kevin Murphy, February 4, 2022, Domain Registries

The Everything.sucks experiment is mass-cybersquatting .sucks domains may be over and done with.

Thousands of .sucks domains have been deleted in a huge junk drop, newly created domains at Everything.sucks’ registrar of choice have dried up, and there have been no new UDRP cases filed in months.

Everything.sucks, you may recall, is a wiki-style web site where thousands of famous brands and public figures have pages populated by content scraped from third-party sites discussing, on the rare occasion when the scraping works, how terrible they are.

When the site emerged in 2020, it was a redirect destination for around 2,000 .sucks domains that exactly matched those brands. You typed jackdaniels.sucks into your browser, you wound up at the Jack Daniels page at Everything.sucks.

Various attempts were made at monetizing these names by persuading the brand owners to purchase or transfer them for fees measured in the hundreds, or more usually thousands, of dollars.

The domains were registered to a Turks & Caicos company called Honey Salt and a likely fictitious individual named Pat Honeysalt or Pat Collins. The registrant has fought 21 UDRP cases, most of which it lost, since July 2020.

There hasn’t been a UDRP complaint filed against a .sucks domain since November 2021, and this may be because most of Honey Salt’s domains were only registered for one year and have since expired and dropped.

Registry transaction reports filed with ICANN by .sucks registry Vox Populi show the registrar Rebel.com — Vox’s sister company and Honey Salt’s registrar of choice — deleted 2,179 .sucks domains in September 2021.

That’s very close to the 2,184 one-year adds Rebel recorded in June 2020.

The most likely interpretation of this data, in my view, is that it’s Honey Salt’s first junk drop — the company let the domains go on expiry having failed to sell them to the brand owners and failed to convince UDRP panels that it wasn’t cybersquatting.

At least couple thousand more .sucks domains were registered via Rebel over the year to June 2021, most likely to Honey Salt, but since then the registrar has been selling no more than two or three new .sucks domains per month.

It looks like Honey Salt stopped buying .sucks domains in bulk several months ago.

And zone files show that the total number of active .sucks domains has continued to decline by the thousands since Vox’s last transaction report, from an August 2021 peak of over 13,000, to fewer than 9,000 today.

If these trends continue, it looks like the experiment in mass cybersquatting might be over by the third quarter, when Honey Salt’s last remaining .sucks domains drop.

UDRP panelists and yours truly have speculated that Vox/Rebel and Honey Salt are probably affiliated, because the registry/registrar are the only parties that stood to benefit from Everything.sucks’ monetization techniques, but Vox has denied a connection.

If you guessed Facebook’s “Meta” rebrand, you’re probably still a cybersquatter

Kevin Murphy, November 3, 2021, Domain Policy

Guessing that Facebook was about to rebrand its corporate parent “Meta” and registering some domain names before the name was officially announced does not mean you’re not a cybersquatter.

Donuts this week reported that its top-trending keyword across its portfolio of hundreds of TLDs was “meta” in October. The word was a new entry on its monthly league table.

We’re almost certainly going to see the same thing when Verisign next reports its monthly .com keyword trends.

The sudden interest in the term comes due to Facebook’s October 28 announcement that it was calling its company Meta as part of a new focus on “metaverse” initiatives.

The announcement was heavily trailed following an October 19 scoop in The Verge, with lots of speculation about what the name change could be.

Many guessed correctly, no doubt leading to the surge in related domain name registrations.

Unfortunately for these registrants, Facebook is one of the most aggressive enforcers of its trademark out there, and it’s pretty much guaranteed that Meta-related UDRP cases will start to appear before long.

While Facebook’s “Meta” trademark was only applied for in the US on October 28, the same date as the branding announcement, the company is still on pretty safe ground, according to UDRP precedent, regardless of whether the domain was registered before Facebook officially announced the switch.

WIPO guidelines dating back to 2005 make it clear that panelist can find that a domain was registered in bad faith. The latest version of the guidelines, from 2017, read:

in certain limited circumstances where the facts of the case establish that the respondent’s intent in registering the domain name was to unfairly capitalize on the complainant’s nascent (typically as yet unregistered) trademark rights, panels have been prepared to find that the respondent has acted in bad faith.

Such scenarios include registration of a domain name: (i) shortly before or after announcement of a corporate merger, (ii) further to the respondent’s insider knowledge (e.g., a former employee), (iii) further to significant media attention (e.g., in connection with a product launch or prominent event), or (iv) following the complainant’s filing of a trademark application.

Precedent for this cited by WIPO dates back to 2002.

So, if you’re somebody who registered a “meta” name after October 19, the lawyers have had your number for the better part of two decades, and Facebook has a pretty good case against you. If your name contains strings such as “login” or similar, Facebook’s case for bad faith is even stronger.

Of course, “meta” is a dictionary word, and “metaverse” is a term Facebook stole from science fiction author Neal Stephenson, so there are likely thousands of non-infringing domains, dating back decades, containing the string.

That doesn’t mean Facebook won’t sic the lawyers on them anyway, but at least they’ll have a defense.

UDRP respondent has name hidden on mental health grounds

Kevin Murphy, October 22, 2021, Domain Policy

An accused cybersquatter has had his or her name redacted from the UDRP record on mental health grounds in what appears to be an unprecedented decision.

The case of Securian Financial Group v [redacted] resulted in the transfer of securian.contact to the complainant, but the ADR Forum panelist did not make a determination on the merits.

Rather, the registrant had asked for the domain to be transferred free of charge and for their personal details to be kept out of the public record, telling the panelist:

I have a documented mental health history. I want to request ICANN and/or the complainant to at least redact my personal information from this case on medical grounds… I do not want to submit or reveal my medical documents to anyone, but if required by ICANN, I will do so.

The registrant said that the case had proved “mentally impactful” and that they did not want their name appearing in search results as it could affect their job and university applications.

The panelist found UDRP precedent of personal information being redacted in cases of identity theft and applied it to these apparently novel circumstances.

Because the respondent offered to freely give up the domain, the panelist did not decide on what would presumably have been a fairly cut-and-dried case.

Guy fills exact-match domain with porn, wins UDRP anyway

Kevin Murphy, October 19, 2021, Domain Policy

A Chinese registrant has managed to survive a UDRP over an exact-match domain name, despite not responding to the complaint and filling the associated web site with porn.

An ADR Forum panelist yesterday ruled the registrant could keep the domain boltonmenk.com (NSFW) despite Bolton & Menk, a Minnesota engineering firm that says it was founded in 1949, claiming infringement of common-law trademark.

Bolton & Menk has used the hyphenated version, bolton-menk.com, since 1996.

The non-hyphenated version at issue in this case has been in the hands of third-party registrants for at least 15 years, with at least 13 drops, according to DomainTools.

It seems to have been mostly parked with regular, inoffensive ads, and it was presumably only the recent addition of hard-core pornography that caught the complainant’s attention.

But the UDPR panelist ruled that Bolton & Menk, which has only a pending US trademark application, had failed to provide enough evidence that its brand also operates as a common-law trademark.

The complaint was therefore dismissed for the complainant’s lack of rights without even considering the registrant’s bad faith or legitimate interests.

It looks like a case of the bad guy getting away with it due to a less-than-comprehensive complaint.

Man with broken shift key sues ICANN and GoDaddy over Bitcoin domain

Kevin Murphy, October 13, 2021, Domain Policy

Sometimes I wonder if all they teach you at American law schools is how to correctly use upper-case letters.

A Georgia man who lost a cybersquatting case with Sotheby’s, concerning his registration of sothebysauctionbitcoin.com, has taken the auction house, along with ICANN, GoDaddy, and ADR Forum to court.

Harris’ case is filed pro se, which is Latin for “he doesn’t have a lawyer, his complaint makes no sense, and the case is going to get thrown out of court”.

He claims a UDRP decision that went against him recently was incorrect, that ADR Forum is corrupt and biased, and that the UDRP itself is flawed.

The domain was registered with GoDaddy, and ADR Forum was the UDRP provider.

He wants his domain back, along with root-and-branch reform of the UDRP and “self-regulating lumbering Monopolistic Behemoth” ICANN, which is apparently still working under the auspices of the US Department of Commerce.

Here’s a flavor of the filing (pdf), which was filed in a Georgia District Court yesterday:

We are ASKING THE Court to find the UDRP (Uniform Dispute Resolution Procedure) #FA2108001961598 (Sotheby’s and SPTC v Harris) Arbitration process and resulting ruling was Fatally Flawed; whereas ICANN failed to properly parse the “Provider” and we believe allowed Sotheby’s Counsel of Record in those proceeding to have specifically chosen ADR Form ADR FORUM whose history is tainted by a Consent Decree in their previous corporate iteration as an arbitration Provider for bad behavior and is also known to be a pro Claimant Provider.

In the version published to PACER, the complaint ends abruptly mid-sentence and seems to have one or more pages missing.

The decision in the original UDRP case is equally enlightening. Harris apparently sent nine responses to the complaint, many of which seemed to argue that Sotheby’s should have made an offer for the domain instead of “intimidating and bullying” him.

Harris apparently argued that the registration was a “legitimate investment”, thereby conferring rights to the domain.

Sole panelist Neil Anthony Brown seems to have taken pity on Harris, who had declared that Sotheby’s citation of previous UDRP cases was “irrelevant”, by deciding the case (against him, of course) without direct reference to prior precedent.

It was basically a slam-dunk decision, as I expect this lawsuit will also be.

.sucks registry probably “connected” to mass cybersquatter, panel rules

Kevin Murphy, August 19, 2021, Domain Registries

Vox Populi, the .sucks registry, is probably affiliated with and financially benefiting from a mass cybersquatter, a panel of domain experts has said.

In the UDRP case of Euromaster v Honey Salt, a three-person panel handed the complainant the domain euromaster.sucks, ruling that it was a case of cybersquatting.

It’s one of 21 .sucks UDRP complaints filed against Honey Salt, a Turks & Caicos company operating under unknown ownership believed to own hundreds or thousands of brand-match .sucks domains.

It’s lost 17 of the 19 so-far decided cases. It also won one case on a technicality and another early case on the merits after mounting a free-speech defense that subsequent panels have not bought.

What’s new about this one is that the WIPO panel — Lawrence Nodine, Douglas Isenberg and Stephanie Hartung — is the first to follow the money and openly infer a connection between Honey Salt and Vox Pop.

The panel said that it “infer[s] that the Respondent [Honey Salt] and Registry [Vox Pop] are connected”, and that Vox is probably trying to make money by charging trademark owners premium fees for their own brands.

Vox Pop has previously denied such a connection, when I first made the same inference last October.

Regular readers will recall that Honey Salt has registered hundreds of .sucks domains and pointed them to a wiki-style web site called Everything.sucks, ostensibly run by a third-party, US-based non-profit.

Rather than containing original “gripe” content, which could easily enable it to win a free-speech UDRP defense, Everything.sucks simply populates its site with poor-quality, context-free content scraped by bots from social media and third-party web sites such as TrustPilot and GlassDoor.

Originally, each page carried a banner linking to a secondary market page at Uniregistry or Sedo where the domains could be purchased, often at cost price.

That quickly disappeared when the first UDRP cases started rolling in, and earlier this year Everything.sucks said on each page that it refused to sell its domains to anyone, instead offering a free transfer.

It even published the pre-authorized transfer codes on each page, meaning literally anyone could seize control of the domain in question without asking permission from or negotiating with Honey Salt in advance.

The problem with that is that transfers are not free. Some domains are flagged as premium — including lots of brand-matches — and have transfer fees in the thousands of dollars. Even the cheapest still carry the base registry fee.

Many registrars steer well clear of this model, disallowing any .sucks transfers.

One registrar that reliably does allow .sucks transfers is Rebel, which is sister company to Vox Pop under the Momentous group of companies. It offers .sucks domains at the registry wholesale fee, which is $200 for an non-premium.

It’s been painfully obvious since the outset that the only parties that stand to make a profit on the Everything.sucks business model are the registry and its affiliated companies — it simply doesn’t make sense that Honey Salt would invest hundreds of thousands of dollars in trademark-infringing domains, simply to hand them over at cost.

But the Euromaster panel is the first to infer the connection, or at least the first to publicly infer the connection.

Euromaster had filed a supplemental document in its complaint pointing out that the “free” transfer of euromaster.sucks would in fact cost a “premium” fee of $2418.79. The registrar quoting that fee is not revealed.

The WIPO panel asked Honey Salt for an explanation and it sounds like it got a bunch of procedural waffle in response.

This led to the following discussion, to which I’ve added some emphasis:

The Panel also finds that Respondent [Honey Salt] has failed to show that it has no financial interest in the Disputed Domain Name. Complainant’s Supplemental submissions demonstrate that Complainant’s chosen registrar quoted a fee of USD 2418.79 to transfer the Disputed Domain Name. Complainant’s report is consistent with M and M Direct Limited v. Pat Honey Salt, Honey Salt Limited, WIPO Case No. D2020-2545, where a different panel conducted an independent investigation and reported that the domain name at issue in that case was not offered “free” as promised, but instead that registrars classified the domain names at issue as “premium” and quoted transfer fees of USD 3,198 and USD 4,270 respectively.

This directly contradicts any claim to be offering a free and noncommercial service, and given that any registration would result in a fee being paid to the Registry by a registrar, leads the Panel to infer that the Respondent [Honey Salt] and Registry [Vox Pop] are connected.

Given the prior decision in M and M Direct, and the evidence that Complainant’s Supplemental submissions, the Panel afforded Respondent an opportunity to submit additional argument and evidence to explain the inconsistency. Respondent made no effort to do so, but instead only opposed consideration of Complainant’s supplemental evidence and repeated its previous contentions. The Panel rejects the objections to Complainant’s Supplemental submission, and emphasizes that Respondent was given an opportunity fully to respond.

The Panel finds that Complainant’s evidence raises substantial questions about the credibility of Respondent’s assertion that it has no financial interest in the Disputed Domain Name and whether Respondent’s offer to transfer the Disputed Domain might, directly or indirectly, financially benefit Respondent. Accordingly, the Panel finds that Respondent has not carried its burden to show that its use is noncommercial

In other words, the panel suspects that Vox Pop is in on Honey Salt’s bulk-cybersquatting game.

The closest any other UDRP panel has come to making this link was in a recent case filed by multiple, unrelated trademark owners, where the panel, while denying the complaint on procedural grounds, suggested that aggrieved trademark owners instead invoke ICANN’s Trademark Post Delegation Dispute Resolution Procedure.

The Trademark PDDRP is a mechanism — so far unused and untested — that allows trademark owners to allege registry complicity in cybersquatting schemes. Think of it like UDRP for cybersquatting registries.

Frankly, I’m amazed it hasn’t been used yet.

As judge freezes assets, is this OnlineNic domain portfolio really worth $70,000?

A California court has frozen the assets of beleaguered Chinese/American registrar OnlineNic, at the behest of Facebook, which is suing the company for alleged cybersquatting.

The judge in the case Friday mostly granted Facebook’s request for a temporary restraining order, banning OnlineNic from transferring money or domains out of the country.

It had discovered that the registrar had started transferring domains it has registered in its own name — about 600 of them — out of the country, to China-based Ename.

OnlineNic had told the court it could no longer afford to defend the case, and that it would shut up shop July 26.

Following Facebook’s request for a TRO, the registrar said it was merely moving the names to Ename so it could use its secondary market platform to raise $70,000 of the $75,000 needed to pay the so-called “Special Master”.

This is a court-appointed agent who had conducted a review of OnlineNic’s ticketing system records and found the company had deleted or obfuscated huge chunks of potential evidence.

OnlineNic has now told the court that it’s found a potential buyer, willing to pay $70,000 for the names in question.

This is the portfolio (pdf).

I’m no domain broker — I’m not even a domain investor — but even I have to wonder who would pay $70,000, or about $120 per name, for this junk. By sight alone, hardly any of them seem to be worth the base reg fee.

I’m guessing they’re dropped domains with traffic and/or the opportunity of selling them back to a forgetful original registrant.

Facebook’s war on privacy claims first registrar scalp

China’s oldest accredited registrar says it will shut up shop permanently next week after being sued into the ground by Facebook, apparently the first victim of the social media giant’s war against Whois privacy.

Facebook sued OnlineNIC in 2019 alleging widespread cybersquatting of its brands. The complaint cited 20 domains containing the Facebook or Instagram trademarks and asserted that the registrar, and not a customer, was the true registrant.

The complaint named ID Shield, apparently OnlineNIC’s Hong Kong-based Whois privacy service, as a defendant and was amended in March this year to add as a defendant 35.cn, another registrar that Facebook says is an alter ego of OnlineNic.

The amended complaint listed an addition 15 squatted domains, for 35 in total.

This week, OnlineNIC director Carrie Yu (aka Carrie Arden aka Yu Hongxia), told the court:

Defendants do not have the financial resources to continue to defend the instant litigation, and accordingly no longer intend to mount a defense. Defendants do not intend to file any oppositions to any pending filing… Subject to any requirements of ICANN, Defendants intend to cease business operations on July 26, 2021.

But Facebook reckons the registrar is about to do a runner to avoid paying almost $75,000 in court fees already incurred and avoid the jurisdiction of the California court where the case is being heard.

Facebook had asked for $3.5 million in penalties in a proposed judgment and OnlineNIC had not opposed.

While it presents itself as American, it appears that OnlineNIC is little more than a shell in the US.

Its official headquarters are little more than a lock-up garage surrounded by builders’ merchants in a grim, windowless facility just off the interstate near Oakland, California.

Its true base appears to be a business park in Xiamen, China, where 35.cn/35.com operates. The company has boasted in the past of being China’s first and oldest ICANN-accredited registrar, getting its foot in the door when the floodgates opened in 1999.

Facebook is now asking the court for a temporary restraining order freezing the defendants’ financial and domain assets, and for a domain broker to be appointed to liquidate its domain portfolio.

If you’re a legit OnlineNIC customer, you might be about to find yourself in a world of hurt.

OnlineNIC had just over 624,000 gTLD domains under management at the last count. 35.cn had another 200,000.

The lawsuit is one of three Facebook is currently fighting against registrars, one prong of its strategy to pressure the ICANN community to open up Whois records rendered private by EU law and consequent ICANN policy.

OnlineNIC is the low-hanging fruit of the trio and the first to be sued. It already faced cybersquatting cases filed by Verizon, Yahoo and Microsoft in 2009. The Verizon case came with a $33 million judgment.

Facebook has also sued the rather less shady registrars Namecheap and Web.com (now Newfold Digital) on similar grounds.