As those of you who have participated in one of our recent anti-cybersquatting webinars have heard, new rules went into effect for the UDRP as of July 31. While the changes are mostly technical, the ones I consider most important are designed to prevent what has come to be known as “cyberflight.”

What is Cyberflight?

This rather esoteric term has been defined by a UDRP Panel as, “an attempt to avoid or delay judicial or UDRP proceedings by changing domain registration details or registrars after learning of a complaint.”  The typical scenario is that a UDRP complaint is filed and, before the registrar can lock the disputed domain (as it’s required to do during the pendency of the dispute), the respondent transfers ownership of the domain to someone else in an attempt to avoid enforcement. Sometimes the registrar is a bit shady and tips off the respondent before the domain is locked and sometimes the respondent is very clever and makes sure that the newly-transferred domain resolves to a website that is defensible under the UDRP (e.g., a fair use such as comment or criticism of the asserted brand).

A case I filed a few years ago, against the domain, involved a scenario where the owner of the domain transferred it to another person right after it received the emailed complaint.  Luckily, the domain owner was rather unsophisticated – it had tried this exact same strategy before using the exact same transfer recipient.  As such, I was able to argue that it had engaged in cyberflight and should be maintained as the official Respondent in the case.  The Panel agreed and ultimately ordered that the domain be transferred to the Complainant.

In another, more recent case involving the domain, the registrar, upon being informed of the complaint and instructed to lock the domain, explained that the domain was actually not registered and was freely available for the Complainant to register.  Noting that the domain still had another six months to go before its expiration and calling the registrar’s actions “highly suspect”, the Panel determined that the registrar was actually itself the domain owner and had quickly canceled the domain once it received the complaint.  It ordered that the domain be transferred stating “[w]hile in this case the Panel is not aware that the disputed domain names have been registered to a new owner, the Registrar’s conduct is consistent with cyberflight, and seems to be calculated to avoid or delay proceedings under the Policy.”

What’s Different Under the New UDRP Rules?

Nearly two years ago, the ICANN Board of Directors approved changes to the UDRP rules that are meant to avoid or at least reduce the problem of cyberflight.  Under the old rules, a complaint was filed and the brand owner was required to serve a copy to the domain owner and the registrar at the same time as it was submitted to the dispute provider.  At that point, the complainant crossed its fingers and hoped that the registrar was both compliant and quick in locking the disputed domain before the respondent had a chance to spirit it away through transfer to someone else.

The new rules no longer require that the domain owner be served with the complaint at the time of filing.  Under the new UDRP Rule 4(a), a complainant merely needs to file the complaint with the dispute provider; the dispute provider then sends a request to the registrar to lock the disputed domain.  The registrar has only two business days in which to act and confirm to the provider that the domain lock has been applied.  The registrar is specifically prohibited from notifying the respondent of the dispute until after the domain is locked.  The registrar must also make any update to the domain’s ownership information within these two days.  This could involve removing privacy protection and revealing the true owner’s identity, as many helpful registrars do in these situations.

Only after the provider receives confirmation of the lock may it then formally serve the complaint to the respondent.  At this point, the respondent is not able to transfer or change the ownership information for the domain, and so it must squarely face the UDRP complaint.  Of course, this all presumes that the registrar will comply with the new rules and not pull some shady move to undermine the dispute process.  I’m quite hopeful that this will be extremely rare since the new rules are very clear and failing to follow them could lead to a registrar getting into hot water with ICANN or even losing its accreditation.

Closing One More Loophole for Cybersquatters

So, will these changes cure all the problems associated with UDRP enforcement?  Certainly not.  In fact, cyberflight is already quite rare (I’ve only experienced it once in nearly 300 complaints).  However, its effects can be costly to a complainant or even devastating to a case if done expertly.  These rule changes should improve the UDRP process as they go a long way towards closing one more loophole for cybersquatters.

Steve Levy
Targeting Cyberflight, New UDRP Rules Take Effect

One thought on “Targeting Cyberflight, New UDRP Rules Take Effect

  • August 7, 2015 at 7:18 pm

    Yeah, yeah…that’s nice, but how more important things like acknowledging the defense of adverse possession so that a registrant who owns a domain for 7+ years open and notorously (ie, with truthful whois details) is protected from frivoulous claims?

    Or, how about some teeth for the Reverse Domain Name Hijacking ruling so companies may think twice before attempting to swipe valuable domains for a mere $1,500 filing fee?

    And how about allowing netizens to comment on cases so that when a poor decision is handed down, it can be noted as such.


Leave a Reply

Your email address will not be published. Required fields are marked *