Unless there’s a very specific agenda, cybersquatters don’t often target obscure brands. The lion’s share of domain abuse (and as a result, brand enforcement) is instead heaped upon famous brands.

One reason is that famous brands get more Internet traffic and so a squatted domain that contain a well-known trademark is likely to earn more money for its owner (for example, through pay-per-click ads). Also, the companies behind famous brands tend to have larger bank accounts and one could speculate that, at least in the minds of squatters (who may be unfamiliar with the ACPA or UDRP), such brands are more likely to pay a hefty ransom to recover domains.

But while this means that well-known brands are heavily targeted, there’s the other side of the coin to consider.

The Bigger the Brand, the Bigger the Influence

Court decisions have shown that famous brands enjoy certain advantages in disputes over domain names. For example, courts consider a wider scope of products or services when looking at claimed infringements against famous brands than they do for other brands. For example, even though chewing gum might be viewed as completely unrelated to automobiles, many feel that consumers will still think of the famous car manufacturer if they see the brand BMW on a pack of gum.

As for the UDRP, the fame of a complainant’s brand can impact all three elements of the Policy but is most often addressed in the third: the requirement that a Complainant show that the domain name in question has been registered and is being used in bad faith. Paragraph 4(b) gives examples of what acts can serve as evidence of bad faith and, among them, is item (iv): Using the domain for “commercial gain … by creating a likelihood of confusion with the complainant’s mark….”

Underlying this example is an assertion that a domain owner actually knew of the complainant’s mark. In some cases, respondents have successfully argued that they had no actual knowledge of the mark where, for instance, they live in a distant country in which the complainant and its brand conduct no business. However, it is much more difficult to support such a defense where a mark is famous.

Brand Enforcement of Major Brands

This concept was recently applied in a case involving the assertion of the WORDPRESS trademark against the domain wordpressw.com, which redirected visitors to a rotating selection of other commercial pages to earn affiliate fees. In ordering that the domain be transferred to Complainant, the Panel addressed the bad faith element of the Policy and stated: “Given the fame and distinctiveness of Complainant’s mark and the manner in which the domain name has been used, the Panel considers it reasonable to infer that Respondent’s initial registration of the domain name was intentionally targeted at Complainant or its mark.”

In a similar case involving the domain verizonphone.best, the Panel found that “[t]he disputed domain name appears intended to cause Internet user confusion with Complainant’s trademark that is famous in connection with telecommunications goods and services. Respondent was virtually certain to have been aware of Complainant’s rights in its trademark when it registered the disputed domain name.”

Of course, the devil is in the details and supporting this type of claim requires the submission of sufficient evidence without an assumption that the panel will automatically recognize the fame of the brand. There have been a number of cases where, due to insufficient evidence, complainants walked away from the process very unhappy.

To sum this up: The more famous a brand is, the more likely it is to be copied but the more power its owner has to claim that a cybersquatted domain was intended to cause confusion. However, complaints still need to be well drafted in order to succeed!

As recent headlines have made clear, our online life is often far from private. Hacking, phishing, and even common search engine results can expose us to dangers ranging from identity theft to routine spam.

Legitimate concern for one’s privacy and the desire to protect one’s information from bad actors are major reasons many domain name owners use Whois privacy (or “proxy”) services to hide their identity. When someone looks up the Whois record for a certain domain, these services show the information of the privacy service, rather than the true owner, and often supply a substitute email address such as [domain.tld]@domainsbyproxy.com, which will forward messages to the owner.

However, these Whois privacy services are also popular with cybersquatters.

A Cybersquatter’s Shield

Privacy services can help cybersquatters evade detection – the Whois privacy service hides the identity of the person behind an infringing website and makes it more challenging for brands to enforce their trademarks.

For example, domains using Whois privacy services likely won’t show up when researching whether a given cybersquatter owns other infringing domains or was the target of past UDRP complaints. Also, if a brand owner wants to save money by sending a demand letter prior to filing a complaint, privacy protection doesn’t give any other options for contact beyond the above-mentioned substitute email address. Some registrars will help out by disclosing the domain owner’s identity if you can convince them that infringement is occurring, but this varies quite a bit and some registrars are less than accommodating.

The good news is that the use of a Whois privacy service does not prevent a brand owner from filing a UDRP or URS complaint against the domain and, in fact, may actually help its case.

A Brand Owner’s Sword

Under paragraph 4(c)(ii) of the UDRP, a respondent may show that it has rights or legitimate interest in a domain if it or its business is “commonly known by the domain name.” If the domain name owner uses a privacy service to hide its identity, however, a brand owner can argue that the respondent wants exactly the opposite – to not be known by the domain.

Further, use of a Whois privacy service can be used as evidence of a respondent’s bad faith registration and use. This was upheld earlier this year, when the National Geographic Society brought a case against the domain name natgeokids.com. The Respondent used a private registration service and failed to respond to three attempts at email contact before the complaint was filed. While the facts of the case supported bad faith in other ways, the Panel felt compelled to note that the use of a privacy service “raises the rebuttable presumption of bad faith in the commercial context. Given the Respondent’s obligation to provide correct WHOIS information and its unexplained failure to do so, this raises the rebuttable presumption of bad faith.”

Since the Respondent submitted no evidence or argument to rebut this presumption, the finding of bad faith was reinforced and the domain was ordered to be transferred. In an earlier decision involving the domain quner.com (similar to a mark used by a company in Beijing) the Panel noted “the fact that the disputed domain name was registered anonymously and protected by Premium Registration Service is consistent with bad faith in this Panel’s view.”

So, as a practical matter, the use of Whois privacy services by cybersquatters can frustrate and sometimes delay the resolution of a domain dispute but it can’t prevent the inevitable. In the end, its more common and, in my own opinion, more pernicious effect is the wastefulness of the brand owner having to incur the expense of filing a UDRP or URS complaint. As mentioned above, emails sent through Whois privacy services don’t always get through and many disputes could have been avoided had communication been more open.

When some people think of cybersecurity, they envision dimly-lit rooms filled with glowing monitors staffed by FBI agents sleuthing scam artists and offshore bank accounts. While this may be the sharp end of the stick for cyber criminals, a significant, albeit less visible role is played by brand owners pursuing domain name enforcement efforts such as filing complaints under the UDRP or URS.

Over the years, I’ve had the opportunity to file a number of such cases where an infringing domain was used to try and perpetrate some sort of online scam. The variety and scope of these is quite wide and they are often quite instructional on how to best avoid becoming a victim.

The Free Gift Card Scam

One of the more common online scams involves using an infringing domain name to host a website that claims to offer a free gift card to a famous retail store.

In one case, this offer was made in exchange for users filling out a “survey” about the Twitter social media platform. The website, at <tiwtter.com>, alternated between attempting to deliver malware, hosting pay-per-click links, and redirecting to survey websites. These surveys are really just a pretext because, at their completion, users are asked to input their email addresses, names, postal addresses, phone numbers, and other personal information in order to receive their prize. The surveys are often rather long and, as a result, many users feel particularly motivated to complete the informational form with the hope of getting their hard-earned gift card. Unfortunately, there is no gift card and the gathered information is then sold to spammers, credit card thieves, and others perpetrating various forms of identity theft. In this case, Twitter obtained an order that the domain be transferred and it recovered an important typosquatted defensive domain name in the process.

The “Whaling” Technique

Another growing form of cyber fraud is what has become known as “whaling.” This is similar to “phishing” except that, instead of seeking to steal from an individual internet user, the perpetrator is out for a big score from a major corporation or its senior officers.

The famous French-based retail chain Carrefour got hit by one of these scams. About 240 of the Complainant’s employees received  emails from an address using the domain <webmail-carrefour.com> requesting that they go to a fraudulent website that was imitating Complainant’s official website and enter their login and password. A UDRP case was filed and the Panel found that these actions demonstrate identity theft (which meant that the Respondent did not establish rights or legitimate interests in the disputed domain name) and that the name had been registered primarily for the purpose of defrauding the Complainant’s consumers and employees into revealing personal and financial information (which clearly showed registration in bad faith).

The Use of a “Clone Firm”

Finally, there is a type of fraud known as “cloned firms”, in which the identity of an existing person or company is copied in order to give the appearance of trustworthiness or legitimacy, and thereby used to trick customers, business partners, and even investors. One recent case involved the famous currency market Forex Capital Markets, which owns the trademark FXCM.

A website at the domain <fxcmanagement.com> was created by a company using the name FXCManagement. This “clone” site featured the phrase “FXCM money management discover your potential” but was, in reality, set up by an unauthorized investment firm. The unauthorized firm approached customers posing as a foreign subsidiary of Complainant’s business. An email address at the same domain was used to further support its story. Citing these facts, the Panel in this UDRP decision found in favor of the Complainant on all three elements of the UDRP Policy and the domain was ordered to be transferred, thus shutting down the scheme.

Given the time it takes to go through the UDRP process, this may not be a weapon of first defense against online fraud; however, it can be quite useful to ensure that the domain is transferred to the brand owner and never used in connection with cybercrime again. Some companies have even used a combination of the much faster URS to get the domain shut down (sometimes within a week or two) followed by a UDRP complaint to get the domain transferred. In any case, these are tools which are currently being used to good effect and can form a part of a brand owner’s cybersecurity arsenal.

In many countries around the world, the free expression of ideas is a highly protected right and is considered a cornerstone to the functioning of a free and open society.  It’s expressly set out in the First Amendment to the United States Constitution which states that “Congress shall make no law … abridging the freedom of speech…”.

So, how does free speech stand up next to trademark rights and the ability of brand owners to prevent the misuse of their hard-earned reputations?   The courts, and even some legislators, have fashioned a concept called “fair use” which allows the limited use of a trademark for the purposes of comment upon, adoration of, and especially criticism of a brand owner’s products or services.  So long as the person engaging in such conduct isn’t trying to profit from the brand or otherwise compete commercially with it, there’s a good chance a fair use defense will hold up.

Protecting Free Speech in the UDRP

The UDRP specifically addresses this concept in section 4(c)(iii) which notes that a domain owner can demonstrate that it has rights or legitimate interests in a domain name where it is “making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.”

Just for clarification: This last clause about tarnishing a trademark has been interpreted to mean that the domain owner is seeking to destroy the brand’s reputation through lies, misquotes, etc. If a brand owners suffers harm due to its actions, which are being criticized on a domain name, that is not prohibited.

UDRP Panels have upheld the use of trademarks in many prior decisions where the accused domains, and their resulting website content, have been used to express criticism of the brand owner or its products and services.  For example, in a now well-known case involving the domain f*ckcalvinklein.com, the Panel denied the complaint, stating that “[t]he addition of the graphic vulgarity ‘f*ck’ means that the domain name is neither identical to the Calvin Klein mark nor is it confusingly similar.”  In another case, the domain maracutaiasnapetrobras.com (Portuguese for “dirty tricks Petrobras”) hosted a website intended to be a bulletin board for news, interview links and postings that were generally critical of a large Brazilian petroleum company.  In this case, the Panel held that, where traditional free speech, such as  criticism, is portrayed on a website, noncommercial use of a domain name is legitimate where it does not “obstruct access to a complainant’s website or confuse the public about the website of the trademark holder.”  It also held that “[h]onest and legitimate fair-use criticism does not constitute tarnishment”.

Further examples of the section 4(c)(iii) fair use defense may be found in the legion of “sucks” cases where that word is appended to the end of a trademark to indicate that the domain and its website are intended to be critical of the brand owner.  In fact, in the New gTLD Program, there is an entire top-level domain (TLD) – .SUCKS – whose business model is predicated upon the fair use/free speech defense.  The .SUCKS registrar made headlines earlier this year by claiming it would offer special “consumer advocate” domains and websites for only $10 which would be specially designed to fit within the fair use defense (no commercial content and only criticism of the brand mentioned in the domain name).

Gutting the Fair Use Defense?

Against this backdrop, the Panel in a recent case appears to have veered away from precedent and gutted the fair use defense of section 4(c)(iii).  In Philip Morris USA Inc. v. LORI WAGNER / DAVID DELMAN / DAVID@DELMAN.TV, NAF Claim No. FA 1627979 (2015) the Respondent hosts an anti-smoking website at the domain www.philipmorrisgripesite.com, which contains an array of links and information about the hazards of cigarette smoking.  However, at issue in this case were a number of other domains that resolved to websites with the identical content, including philipmorriscigarettediseases.org and philipmorriscigaretteskill.com.  For its part, the Complainant acknowledged that the Respondent has operated a gripe site but claimed that it is intending to divert Complainant’s customers illegitimately and that its domain names cause confusion with the Philip Morris trademarks despite their use of additional, derogatory words.  As one would expect, the Respondent defended claiming that it makes fair use of the domains as permitted under section 4(c)(iii).

The Panel first addressed the likelihood of confusion noting that each of the accused domains does, in fact, incorporate Complainant’s trademark and that “adding a generic term to a complainant’s mark does not alleviate confusing similarity.”  While this seems to contrast with the Calvin Klein case, I think it is within the realm of established UDRP precedent since confusion is considered a mere threshold test for complainants.

Where things start to go off the rails is in the Panel’s discussion of the next two UDRP elements:

• whether the Respondent has any rights or legitimate interests in its domains, and
• whether it registered and used them in bad faith.

Much to my surprise, the Panel stated that, under the UDRP, a disputed domain is to be considered separately from the website content to which that domain resolves.  The Panel noted that “a Respondent has a right to comment or criticize Complainants’ business practices, however Respondent had no right to do so in this manner, namely registering a domain name which contains the entire PHILIP MORRIS mark.”  In support of this position, the Panel cited a 2014 case between the exact same parties in which the domain philipmorrisusa.info was ordered to be transferred to the Complainant. In that case, the Panel held that the “Respondent’s bad faith use or registration may not be defended by any claim that using a confusingly similar domain name is protected by free speech rights.”

What Are the Implications Moving Forward?

My questions for the Panels in both of these cases are: If a respondent cannot claim free speech rights where a domain incorporates a complainant’s trademark, regardless of the other words in the domain and the content of its website, what is left of the section 4(c)(iii) fair use defense?  In what fact scenario could this defense be successfully argued?

I think it guts the entirety of the fair use defense as well as years of contrary UDRP precedent to say that, if you use a brand in a domain, you’re doomed regardless of the web content or other words in the domain.  For example, if one registered the domains philipmorrisprotest.org, ihatephilipmorris.com or even smokingphilipmorris.sucks, and resolved them to non-commercial pages which contain nothing but anti-smoking messages, would these Panels nevertheless find that they violate the UDRP?

It will be interesting to follow these cases and see if their reasoning is picked up by other Panels faced with section 4(c)(iii) fair use defenses – especially as the .SUCKS TLD domains roll out.  Or, will such reasoning be rejected as an improper chilling of online free speech?  A court appeal of this most recent decision by the Respondent would certainly make for some interesting reading.

As those of you who have participated in one of our recent anti-cybersquatting webinars have heard, new rules went into effect for the UDRP as of July 31. While the changes are mostly technical, the ones I consider most important are designed to prevent what has come to be known as “cyberflight.”

What is Cyberflight?

This rather esoteric term has been defined by a UDRP Panel as, “an attempt to avoid or delay judicial or UDRP proceedings by changing domain registration details or registrars after learning of a complaint.”  The typical scenario is that a UDRP complaint is filed and, before the registrar can lock the disputed domain (as it’s required to do during the pendency of the dispute), the respondent transfers ownership of the domain to someone else in an attempt to avoid enforcement. Sometimes the registrar is a bit shady and tips off the respondent before the domain is locked and sometimes the respondent is very clever and makes sure that the newly-transferred domain resolves to a website that is defensible under the UDRP (e.g., a fair use such as comment or criticism of the asserted brand).

A case I filed a few years ago, against the domain Nikedunk.com, involved a scenario where the owner of the domain transferred it to another person right after it received the emailed complaint.  Luckily, the domain owner was rather unsophisticated – it had tried this exact same strategy before using the exact same transfer recipient.  As such, I was able to argue that it had engaged in cyberflight and should be maintained as the official Respondent in the case.  The Panel agreed and ultimately ordered that the domain be transferred to the Complainant.

In another, more recent case involving the domain key-systems.cc, the registrar, upon being informed of the complaint and instructed to lock the domain, explained that the domain was actually not registered and was freely available for the Complainant to register.  Noting that the domain still had another six months to go before its expiration and calling the registrar’s actions “highly suspect”, the Panel determined that the registrar was actually itself the domain owner and had quickly canceled the domain once it received the complaint.  It ordered that the domain be transferred stating “[w]hile in this case the Panel is not aware that the disputed domain names have been registered to a new owner, the Registrar’s conduct is consistent with cyberflight, and seems to be calculated to avoid or delay proceedings under the Policy.”

What’s Different Under the New UDRP Rules?

Nearly two years ago, the ICANN Board of Directors approved changes to the UDRP rules that are meant to avoid or at least reduce the problem of cyberflight.  Under the old rules, a complaint was filed and the brand owner was required to serve a copy to the domain owner and the registrar at the same time as it was submitted to the dispute provider.  At that point, the complainant crossed its fingers and hoped that the registrar was both compliant and quick in locking the disputed domain before the respondent had a chance to spirit it away through transfer to someone else.

The new rules no longer require that the domain owner be served with the complaint at the time of filing.  Under the new UDRP Rule 4(a), a complainant merely needs to file the complaint with the dispute provider; the dispute provider then sends a request to the registrar to lock the disputed domain.  The registrar has only two business days in which to act and confirm to the provider that the domain lock has been applied.  The registrar is specifically prohibited from notifying the respondent of the dispute until after the domain is locked.  The registrar must also make any update to the domain’s ownership information within these two days.  This could involve removing privacy protection and revealing the true owner’s identity, as many helpful registrars do in these situations.

Only after the provider receives confirmation of the lock may it then formally serve the complaint to the respondent.  At this point, the respondent is not able to transfer or change the ownership information for the domain, and so it must squarely face the UDRP complaint.  Of course, this all presumes that the registrar will comply with the new rules and not pull some shady move to undermine the dispute process.  I’m quite hopeful that this will be extremely rare since the new rules are very clear and failing to follow them could lead to a registrar getting into hot water with ICANN or even losing its accreditation.

Closing One More Loophole for Cybersquatters

So, will these changes cure all the problems associated with UDRP enforcement?  Certainly not.  In fact, cyberflight is already quite rare (I’ve only experienced it once in nearly 300 complaints).  However, its effects can be costly to a complainant or even devastating to a case if done expertly.  These rule changes should improve the UDRP process as they go a long way towards closing one more loophole for cybersquatters.

There are many situations in which one division of a company will register domain names on its own and without telling its legal team or other company departments.  Maybe an eager marketing person grabs a domain to use for a particular promotion or a brand manager decides to be proactive and register a name for a new product.  In some cases, the domain is registered to the employee personally and in others incorrect or non-standard company information is used.  All of this creates confusion for those within the company who are tasked with enforcing trademark rights against cybersquatting (often the legal team).  Sometimes they are alerted to these domains after-the-fact, but sometimes they never learn of them and wind up taking enforcement action against a domain that is effectively within the company’s control.

A Whois Whodunnit

An astute FairWinds staff member recently brought to my attention a recent UDRP case which, on the surface, didn’t make sense.  The Complainant is Vail Trademarks, Inc. and the Respondent is listed as Eric Hernandez / Vail Associates Inc.  According to a Federal Securities and Exchange Commission website, both of these named companies are, or used to be, subsidiaries of the parent Vail Resorts, Inc.  It looked like one part of the company was filing an action against another part of the company over the domain.  Perhaps Mr. Hernandez fit into one of the scenarios mentioned above and jumped the gun in registering the disputed domain name?  Or could it have been that the named entity was sold off but the domain was registered while it still used the Vail Associates name?  There are many possibilities here.

Unfortunately, the written UDRP opinion doesn’t discuss the relationship between the parties.  In its examination of the second UDRP element (rights or legitimate interests) the Panel notes that the “WHOIS information indicates that Respondent’s organization is ‘Vail Associates Inc.’, which resembles the disputed domain name…[vailresort.org]” but then he goes on to say that Respondent’s failure to respond to the Complaint leaves an absence of any evidence showing that Respondent was commonly known by the disputed domain name.  No further detail is given in the Panel’s discussion of the UDRP’s bad faith element but does mention that the “domain name appears to resolve to a website that is virtually identical to Complainant’s legitimate” website.

So if you’re an experienced UDRP practitioner, or perhaps a avid fan of murder mysteries, you’ll quickly realize that the facts of this case lead to one, inescapable conclusion.  The Respondent listed false information in the Whois record when it registered the disputed domain name.  This explains why the Complainant is not actually going after a current or former sibling company and also why the Panelist didn’t discuss the lack of any relationship between the parties.  Doing so would have been pure speculation.  However, while Panels should avoid such taboo areas, I am not so constrained in this blog.

A Case of Whois Fraud

My own conclusion of the Respondent’s Whois fraud is based on a few points including his listing of a hotmail.com email address and a non-existent street address in the same town as the Complainant.  Since the full text of UDRP complaints are not usually published we can’t tell if the Complainant pointed out these facts to the Panel but, if it did, I feel the Panel would have been within its authority to reference them.  There is a line of UDRP cases holding that providing false Whois information can support a finding that the Respondent acted in bad faith.

So today’s lesson is that cybersquatters aren’t always who they appear to be.  While, on the surface, they may give the impression of a legitimate entity, once you dig into the facts a bit it may become clear that they are, in reality, just a slightly more clever wolf who is trying to avoid getting caught by wearing sheep’s clothing

For those following the politics of both medical and fully legalized marijuana, 2013 and 2014 were years of tectonic change.  On New Years Day of 2014, the U.S. state of Colorado decriminalized the sale and consumption of limited quantities of the plant; this resulted in worldwide publicity and an influx of millions of dollars to the state’s economy.  The state of Washington followed suit later that year.  Whenever there’s a movement this big you can bet that domain cybersquatting will quickly follow.

And so, in February of 2015, the domain marlborobud.com was registered by a man in Vancouver, British Columbia.  His use of the word “bud” after the well-known Marlboro brand was not meant to indicate that he was personal friends with the Marlboro Man or that he enjoyed a Budweiser beer along with his cigarettes. Rather, the Respondent stated that he is associated with an organization that has signed paperwork with the Vancouver government to operate a not-for-profit dispensary of medical marijuana. He claims that he registered the domain name to offer future medical marijuana products from Philip Morris, the owner of the Marlboro trademark, through his dispensaries.

Looking Back at Precedent in UDRP Decisions

At the time Philip Morris filed its UDRP complaint, there was no website resolving from the marlborobud.com domain but this is not an uncommon situation and is also not a bar to winning a UDRP complaint against a domain.

Under the third UDRP element, a non-resolving website might not seem like it clearly indicates bad faith registration and use of a trademark.  However, when viewed in combination with all the other circumstances of the case, it very well might.  I’ve won many cases where a famous brand was copied but the website was blank.  Under a line of decisions going back to the very early days of the UDRP, panels have held that bad faith may be shown by the respondent’s passive holding of the domain. When a famous brand is copied but there’s no website, this theory assumes that the domain was registered by the respondent in the hopes that, at some point in the future, the domain will become valuable.  Either they’ll be able to use it for some commercial venture or, even better, the brand owner will someday make an offer to buy the domain for a significant sum of money.

However, in this case, all the Respondent got for his marlborobud.com domain was a handful of smoke.  The Respondent, himself, said that he is holding the domain until the Complainant commences offering medical marijuana for sale at which time he hopes to set up a website offering medical marijuana for sale under the MARLBORO trademark.  Finding that this intention for the domain shows bad faith, the Panel held that “the Respondent is holding the Domain Name with the intention, should the Complainant ever commence the sale of medicinal marijuana under the MARLBORO Mark of … attempt[ing] to sell, rent, or otherwise transfer the Domain Name’ registration to the Complainant.”

What if the Respondent Tried Some Smoke and Mirrors?

In my experience, even if the Respondent hadn’t admitted his intended use of the domain, the Complainant still would have prevailed.  Once a good case is made to support the bad faith claim, the burden shifts to the respondent to defend and explain why its actions were not bad.  In most cases, the respondent either defaults or comes up with some far-fetched story to explain itself (see the Dunkin.menu case) but this is often rather transparent and recognized as such by Panels.

So, if you’re the owner of a famous trademark which has been squatted upon in a domain name but there’s no website or just a registrar parking page, don’t despair.  With the right evidence, arguments, and case citations you too can win a complaint and have the domain transferred to you.

A favorite topic that I return to time and again in this blog is the need for brand owners to carefully select a counsel who knows the domain name rules if they don’t want to waste their money going after a possible trademark infringement. The UDRP and URS , by design, not nearly as complex as court-based litigation, they do have their own nuances and idiosyncrasies which originate both from the language of the policies themselves and even more so from over 15 years of published decisions. This niche area of practice is often underestimated and, in fact, there have even been instances where experienced courtroom litigators in the trademark infringement field have lost cases due to missteps onto one of the UDRP’s procedural or evidentiary minefields.  For this reason, I always make it a point to advise potential complainants to only retain counsel who are specifically experienced in anti-cybersquatting and in filing UDRP or URS complaints.

Knowing When to Say “No” to a Case

One of the main advantages of following this advice is the ability of someone to say “no” when they feel a given dispute is not appropriate for the UDRP or URS.  Perhaps the domain name is not close enough to the brand for a Panel to find confusing similarity, maybe the content of the domain’s website indicates that the owner has some rights or legitimate interests or that it didn’t act in bad faith.  Or, as was the case in a recent decision, the complainant simply can’t meet the burden of proof to show that it owns trademark rights to the asserted brand.

The Complainant in a UDRP case against the domain etsalesrecruiters.com claimed that it owned trademark rights to the brand ETSRECRUITERS but admitted that it held no registration of the mark.  Instead, it claimed rights in the mark under the common law – in other words, that through extensive use, the name has taken on a secondary meaning to the mere words themselves as evidenced by the mark’s public recognition.  To support this, it submitted screenshots of its www.etsrecruiters.com website as well as copies of its LinkedIn and Twitter account pages showing the claimed mark.

Unfortunately, the Panel found this insufficient to demonstrate common–law trademark rights through public recognition.  It held that “[p]roof of secondary meaning generally requires evidence of use, sales, advertising, or similar methods of communication and interaction with the general populace that results in the public’s recognition of the mark as an indicator of a single source for the production of the goods or services to which the mark is affixed. Here the Complainant has failed to provide evidence of any sales figures or advertising expenditures or any indication of the extent of use aside from what may be implied from the business name registration and placement of the name(s) on social media. There is no evidence to show that the public is aware of the claimed marks at all, much less a public association of the claimed ETS marks with the Complainant.”

It concluded with the statement “Mere use of social media alone is not acceptable proof of secondary meaning, a/k/a/ acquired distinctiveness, in the mind of the general public.”

Playing by the Rules

In my own practice I’ve filed a number of complaints which required showing common-law rights because the complainant didn’t own a trademark registration at the time the disputed domain was created.  In these situations, I’ve submitted historical evidence showing use of the mark prior to the registration of the domain. However, when filing such complaints, I’ve maintained a keen sense that the burden of proof is on the complainant to support its claims on all three UDRP or URS elements.  Even though the proof of rights and likelihood of confusion analysis have often been referred to as “standing” or “threshold” matters, even these lower standards must be met.  A Panel is not likely to do your homework for you and conduct its own research into a complainant’s claimed trademark rights.

Unfortunately, under the principles of res judicata, the Complainant in the etsalesrecruiters.com case won’t be able to fix its mistake and refile its complaint with additional proof.  Just another reason UDRP panels have said brand owners must “get it right the first time” and why one should only hire experienced UDRP counsel to file these sorts of cases.

As every American high school student knows, the 1st Amendment to the U.S. Constitution guarantees the right to free speech.

Trademark court cases and UDRP decisions have recognized that there are instances where someone’s brand can be used in an exercise in free speech on the Internet.  This can include fan sites such as meissencollector.com, which is used by a devotee of porcelain figurines; sites promoting civic issues such as ronpaul.org, which espouses the domain owner’s political views; and complaint or “gripe” sites that are used to express anger or negative experiences relating to a particular branded product or service.  Perhaps the most famous of this last category are the “sucks” websites, such as metrolinksucks.com, which are used to complain about a brand owner.

What the UDRP Considers Free Speech Online

While most UDRP Panelists agree that free speech is permitted, there is a split of opinion on just how much leeway domain owners are to be given in creating names which copy a complainant’s brand.  For example, American Panelists typically allow a domain to incorporate the brand outright (ex., Trademark.TLD) whereas UK-based Panelists tend to feel that this amounts to impersonation regardless of whether the website content is focused on free speech.

An example of this occurred in a split-decision case where the domains <vedovi-gallery.com> and <willemvedovi.com> were ordered to be transferred to the complainants by a UK-based Panel, but the domain <thetruthaboutwillemvedovi.com> was not, due to its incorporation of additional words that were descriptive of the website’s critical purpose.  In other words, domains that consist only of the brand are often treated more liberally by American Panels but more strictly by those whose countries have different free speech rules.

It is against this background that the recent UDRP complaint against a lawyer gripe site came as somewhat of a surprise.

A Case of Infringement or Free Speech?

The Respondent registered the domain <johngbalestriere.com> and the website posted a request that anyone having had a problem with the services of this named lawyer should contact the Department Disciplinary Committee for the state of New York.  The site also displayed a copy of a letter from this Committee pertaining to an ethical violation committed by this lawyer.

The lawyer filed a UDRP complaint claiming that he owned common-law trademark rights to his name and asserting that the Respondent registered the domain for the purpose of defaming him and disrupting his business.  The Respondent, as expected, cited the First Amendment and saying that his website was noncommercial and provided a public service.

The Panel, in addressing the question of whether the Respondent has any rights or legitimate interests in the domain, mentioned that past UDRP decisions have held that, although respondents have a legitimate interest in criticizing complainants, they do not automatically have such an interest in a domain name that is identical to a complainant’s mark.  Similarly, he noted that past panels have found that, while criticism of a complainant may be a legitimate use of a domain name, doing so while using a domain name identical to a complainant’s mark is evidence of bad faith under the Policy.  Since the resolving website contains nothing except criticism of Complainant, it is an attempt to damage his goodwill and constitutes bad faith.

What is unusual about this decision is that the sole Panelist is American and a retired judge, marking a rare instance in which an American Panel holds to the more restrictive view of free speech.  However, the Panel does not ground his decision on impersonation, as many restrictive free speech cases do.  Rather, by stating that the website only criticizes the Complainant and damages his goodwill, the Panel appears to defy the very nature of free speech criticism since this sort of speech is specifically intended to be harmful to a brand owner but only in a way which is factual and truthful.

It will be interesting to see if this line of reasoning is picked up by other U.S.-based panels or whether this case remains something of an outlier in free speech UDRP jurisprudence.

Regular readers of this blog and others familiar with anti-cybersquatting know that, in order to succeed with a UDRP complaint, a brand owner must satisfy all three elements of par. 4(a) of the policy.  The first element of proving a complaint against domain name trademark infringements is proving that the “domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights.”  This test of confusing similarity is not quite the same as the rather complex 12 or 14-factor ones employed by the courts but is simpler and more akin to the famous “sight, sound, and meaning” test.  In other words, when determining whether a domain name is similar to a trademark, we must look at its appearance when viewed, how it sounds when pronounced, and any meaning it may have or image it brings to mind.

Sometimes this is a very straightforward analysis such as when the domain JackInTheBox.Email copies the entirety of the famous restaurant trademark and merely adds the .EMAIL TLD.  Other times it may require a minor leap of thought such as connecting the domain Dunkin.Coffee to the Dunkin’ Donuts brand.  But sometimes the analysis gets rather muddy such as when the couture brand Philipp Plein was claimed to be confusingly similar to the domain peopleincasinos.com.  In that case, the trademark was rather buried in the domain (bolded above) but most who view the domain saw the phrase “people in casinos” and the Panel in that case concluded as much when it denied the case.

Digging for Buried…Trademarks

This week we had another opportunity to read a case with a somewhat buried trademark but the result was quite different.  The well-known bank Capital One Financial Corp. took aim at the domain capitalmoneybank.com, which was registered by a credit mediation company in Bulgaria called Capital Group Srl.  Citing its ownership of the trademark “CAPITAL ONE”, the Complainant asserted that the domain is confusingly similar to the mark.  In defense, the Respondent argued that there is a fundamental distinction to be made between the words “money” and “one” and that, when considering the appearance, sound, and meaning of the domain, there is no likelihood of confusion with Complainant’s mark.

In addressing this debate, the Panel noted that panels in other cases have decided that “minor alterations to a valid trademark fail to belie the contention that a disputed domain name is confusingly similar under an analysis of Policy ¶ 4(a)(i).”  He ultimately held that that Respondent’s domain name, capitalmoneybank.com, is confusingly similar to the “CAPITAL ONE BANK” mark as it “incorporates the mark entirely, eliminates the spacing between words, adds the letters ‘m’ and ‘y’ to the ‘ONE’ in ‘CAPITAL ONE BANK.’”

While I think his conclusion was a reasonable one, I find this decision disappointing because the Panel didn’t address the question of how the domain is perceived by the average internet user.  Like the peopleincasinos.com case which included a lengthy discussion of the elements of confusing similarity, I feel the question of whether the domain here includes the word “money” or merely the word “one” surrounded by the letters “m” and “y” deserved to be well vetted.  Instead, the Panel here devoted a mere two lines to the confusion question and never addressed the real difference between the domain and the trademark other than calling it a “minor alteration.”  He then went on to discuss the other two elements of the UDRP and ordered that the domain be transferred to the Complainant.

Takeaways for Future Questions of Domain Name Trademark Infringement?

It is certainly not necessary for every UDRP decision to engage in extensive and detailed analysis of every one of the required factors – certainly not for the more obvious cases as noted above.  However, when there are close calls like this, I feel that panels owe it to the parties, to others who might quote their decision in future complaints, and even to the merely curious domain-obsessed reader, to provide more insight and thoughtful explanation of why they’ve decided the way they have.  This would serve the entire domain community and is a reasonable expectation of those trusted with the responsibility of arbitrating important property disputes.

Sometimes being embroiled in just one domain name dispute isn’t enough for some people.

Though rare, some domain owners have filed court cases against a brand owner who has just served them with a UDRP complaint.  The UDRP rules say that “in the event of any legal proceedings initiated prior to or during an administrative proceeding in respect of a domain name dispute that is the subject of the complaint, the Panel shall have the discretion to decide whether to suspend or terminate the administrative proceeding, or to proceed to a decision.”  The key word here is “discretion” and the suspension of a UDRP case in favor of court proceedings is certainly not mandatory.

The reasons for and against suspending or terminating a case were discussed recently in a case brought by the Regency Towers Owners’ Association against a company it had hired to redesign its website and to take over the vacation rentals side of its business.  Here, the domain owner filed a law suit in a Florida court soon after it was served with the UDRP complaint.  It then sought to have the UDRP case dismissed in favor of the court action.

Weighing How to Proceed

The Panel carefully considered the request and discussed prior domain name disputes dealing with this issue.  On the one hand, UDRP cases have not been stayed or terminated where the court proceedings “do not touch directly on the disposition of the disputed domain name or on the parties’ intellectual property rights.”  If all the litigation involves are claims concerning breach of contract, unjust enrichment, money damages, and other strictly commercial claims, it may be perfectly appropriate for a UDRP dispute to proceed since, by its very nature, it only involves ownership of a domain name.

However, where the court case directly involves intellectual property or other claims which could directly impact ownership of the domain, holding off on the UDRP case while a court sorts things out might be the better course of action.  After all, courts have a much more robust process involving things like discovery, witness testimony, and cross-examination and are better suited to get to the bottom of more complex issues.

In the present domain name dispute, the owner had filed for declaratory judgment that Regency Towers owed it money for unpaid commissions relating to its web design work and its management of vacation rental properties. Not surprisingly, the Panel found that these claims have no bearing whatsoever upon the domain name.  However, the court case also included claims that the disputed domain name is not in violation of the Anti-Cybersquatting Consumer Protection Act (ACPA). These claims are “the core issues in the case” and so the Panel decided that the UDRP claim “should not proceed where there is pending litigation involving the same issues and requesting the same relief.”

Of some interest was the Panel’s mention of other court claims that, while not directly impacting ownership of the domain, challenged Regency Towers’ authority to bring the UDRP complaint based upon certain provisions of Florida corporation law and its status as a non-profit condominium owners’ association.  Although Regency Towers asserted that its actions do not violate Florida law, it remains clear that a genuine dispute exists as to the interpretation of local statutory law.  The Panel decided that “interpretation of state statutory provisions such as those involved in this case are outside the scope of the UDRP; they should be determined by a local court in the state of Florida.”

Leaving the Window Open for a Future Filing

In the end, the UDRP case was dismissed “without prejudice” thereby deferring the matter to the Florida court but leaving a window open for Regency Towers to re-file the domain dispute in the event that the litigation, for whatever reason, is terminated or otherwise doesn’t fully resolve the question of who should own the disputed domain name.

Of course, at least a portion of this dispute could have been avoided if the parties had checked with their lawyers when they first started doing business together and signed an agreement that mentions who owns the domain and other intellectual property!

It’s been a while since I last submitted a post about poorly-conceived complaints and this one just caught my eye so here we go.  At just about every opportunity (speaking, webinars, blogs, etc.) I offer the advice that brand owners should only retain a domain name lawyer experienced in this rather niche area of UDRP practice to file complaints.  Of course, that implies that counsel should be hired and that brand owners should not seek to file complaints on their own.  While some complaints of this nature succeed, many more do not and the UDRP is no place for pro se experimentation.

Unfortunately, the owner of a U.S. registration for the TRUERATINGS trademark has not yet received this message and he decided to save some money by crafting his own UDRP complaint against the domain name truerating.com.  His trademark registration was filed in 2011 and claims a rather long list of services involving a website on which shoppers can earn redeemable points in exchange for posting business reviews; the provision of attorney and physician referrals; and a website where employees can post reviews of their companies, among others. The disputed domain name, which is owned by a woman in the UK, relates to a system whereby users can provide a 1-10 numerical rating of a businesses they patronize at the point of sale for that business.  She didn’t file a response to the complaint.

Going It On Your Own

The first sign of trouble here is the fact that the Complainant did not attach any evidence in support of its complaint. None.  Ask any law student on their first day of Evidence 101 (or even someone who watches TV shows with courtroom scenes) and they’ll tell you that most factual assertions must be backed up by some sort of proof.  There’s a long line of UDRP cases that hold that conclusory statements of fact are not to be given much weight without some evidence of their accuracy.

If you claim ownership of a trademark registration you need to submit a copy of the certificate.  If you claim that a domain resolves to an infringing website submit a screenshot of that website. You can’t count on a Panelist doing your homework for you and looking all of this up for themselves (although the Panelist in this case did actually forgive some of these flaws and found the Complainant’s trademark and the Respondent’s website online).

Next, the Complainant shoots himself in the foot by trying to make a point in his favor, but actually ends up supporting the Respondent’s case instead.  Much to my surprise, he states that “[t]he Respondent has a legitimate business called ‘ ruRatings’ which she is commonly known by and which is promoted at <truratings.com>. The name of the Respondent’s business is similar to the Trade Mark. However, as it is not identical, the Respondent is using the Trade Mark to misleadingly redirect users to the Respondent’s business.”  An attorney with experience in this field would know that such a statement conceding that a respondent has a legitimate business and is known by the disputed domain fits squarely within the wording of UDRP Par. 4(c) and amounts to throwing in the towel on the question of that respondent’s rights or legitimate interest in the domain – a required element for relief under this policy.  Of course, the Panel cited this statement and decided to deny the complaint on these grounds.

Although not mentioned in the decision, it is somewhat curious that the Complainant didn’t mention anything about his business other than the fact that he owns a US trademark registration.  In a quick online search, I wasn’t able to find any website, social media account, or even a news story about the Complainant’s business – although I did find other online review services calling themselves “True Rating” or some variation thereof.  This leads me to wonder whether there may have been some failed attempt made by the Complainant to purchase the Respondent’s domain, which lead him to file this Complaint for negotiating leverage or as a last-ditch effort to obtain the domain.  The fact that the disputed domain was registered a number of years after the claimed start of Complainant’s business might support this, since the Complainant obviously didn’t grab the domain himself when it was available for just a few dollars at a discount registrar.

The Benefits of a Domain Name Lawyer

So, the takeaways from this story are:

1. register or buy a domain for your business before you invest and tie yourself to a particular brand;
2. if you need to use the UDRP support your claims with documentary proof; and
3. hire experienced counsel to draft and file the complaint for you (or at least review the matter and tell you if your case is weak).

The investment in properly using the UDRP will pay off exponentially in the money you’ll save by having to either rename your business or try to strike a purchase deal with a winning respondent.