Home / Blogs

Using Domain Name Privacy/Proxy Services Lawfully or to Hide Contact Information and Identity

Privacy/proxy services carry no per se stigma of nefarious purpose, although when first introduced circa 2006 there was some skepticism they could enable cybersquatting and panelists expressed different views in weighing the legitimacy for their use. Some Panels found high volume registrants responsible for registering domain-name-incorporating trademarks. Others rejected the distinction between high and low volume as a determining factor. WWF-World Wide Fund for Nature aka WWF International v. Moniker Online Services LLC and Gregory Ricks, D2006-0975 (WIPO November 1, 2006) expresses the consensus, namely that use of these services “does not of itself indicate bad faith; there are many legitimate reasons for proxy registration services”). Panels now see the services as factors among others; without more, their use cannot reach the threshold of abusive registration but there was sufficient concern in the ICANN community to investigate the issue and come up with terms to tether the services.

The current Registrar Accreditation Agreement at Section 3.14 (2013) and the Specification on Privacy and Proxy Registrations located at the bottom of the RAA (2016) address the respective responsibilities of registrars and services. The earlier Accreditation Agreements 2001 and 2009 did not address the issue and the Privacy and Proxy Accreditation Program referred to in Section 3.14 is (as of December 2016) yet to be implemented. However, pending the implementation registrars and services are governed by the Specification.

Registrants’ responsibilities, on the other hand, are typically spelled out in the respective services’ agreements. As with registration agreements, registrants who sign up for the services must warrant and represent that their domain names are not unlawful and if challenged the personal and contact information maintained by the services will be produced upon request “to resolve any and all third party claims, whether threatened or made, arising out of Your use of IDP Domain, or take any other action which Backend Service Provider deems necessary” (from Name.com ID Protection Service Agreement, sec. 5).

The action deemed necessary, is to disclose the beneficial holder and its contact information when requested in connection with a UDRP proceeding. When the provider receives the information from the registrar it informs complainant who is given the opportunity of amending the caption to include the real party in interest. Occasionally, the real party in interest (the licensee from a proxy) is unknown.

While privacy once disclosed is not an issue it nevertheless plays a role in determining bad faith. This is illustrated in Teva Pharmaceutical Industries Ltd. v. Teva Pharm, CAC 101326 (ADR.eu December 5, 2016). Respondent (who did not appear) registered <tevapharms careers.com> using a privacy service but it provided false information about its name and address, namely it registered under the name of “TEVA PHARM”. The Panel concluded it did this “on purpose”: “It shows that the Respondent [identified as ‘Susan Fowler’] intended to appear as being the Complainant when sending emails to third parties.” The Panel held that

using a false name spoofing Complainant’s name . . . as a first and last name to register the disputed domain name, and using Complainant’s address in the U.S. headquarters as its residential address is additional evidence of bad faith registration and use.

Respondent falsifying its identity is as close to a per se violation as can be found in a UDRP claim. In Federated Mutual Insurance Company v. David Michael / Acounting, FA1611001703578 (Forum December 12, 2016) (<fedmic.com>) it appeared to the Panel that “Respondent has utilized a privacy shield in a manner which materially adversely affects or obscures the facts of this proceeding” which supports a finding that “Respondent has registered and used the disputed domain name in bad faith under Policy ¶ 4(a)(iii).” As in Teva, Respondent defaulted in appearance.

Respondent appeared and argued in Coolmath.com LLC v. PrivacyGuardian.org / Aamir Munir Butt, cool math games, D2016-2203 (WIPO December 4, 2016) that its <coolmath-mathgames.com> domain name was distinguishable from the trademark and legitimate but the Panel found it “it inconceivable that the Respondent came up with the Domain Name and the content of the website to which the Domain Name is connected without knowledge of the Complainant.” In fact, knowledge is implicit in Respondent’s inclusion of a “notice/disclaimer ... which expressly recognizes the existence of the Complainant.” Respondent argued that “the presence of the notice/disclaimer is ‘evidence of [its] lack of intent to divert consumers/viewers’” but of course this is upside down thinking; the presence of a disclaimer on a website competing for attention is by definition infringing.

The last three examples involved the abusive use of privacy services. Proxy services are different in that proxies are the registered holders and nominal beneficial owners of domain names; users are licensees at least in a formal sense but in actuality, they are the real party in interest. The attempt to separate registrant and user by anonymizing it is illustrated in IDR Solutions Ltd. v. Whois Privacy Corp, D2016-2156 (WIPO December 12, 2016) (<jpedal.org>). In this case, Complainant lost control of its domain name by inadvertently failing to renew and the dropped domain name was immediately registered to a proxy who uses it “for what appears to be a website in French regarding Internet marketing, and technology. Respondent has only been identified as a ‘proxy service’ and the underlying identity of Respondent has not been revealed.” The Panel “notes that Complainant is active in software and technology and Respondent’s website (assuming it would be legitimate) under the Domain Name also appears to be connected with that field.” For these reasons

The Panel is persuaded that it cannot be mere coincidence that purchase of the Domain Name which has been used consistently for 14 years and suddenly available is not a deliberate purchase in which Respondent was unaware of Complainant and its use and mark.

Interestingly, the Panel rested the final phase of its decision on a balancing of rights to supplement the inference that Respondent was aware of Complainant and its mark:

The Panel also finds relevant the relative weighing of the harms to the parties. Complainant being deprived of the Domain Name after 14 years of consecutive use whereby important trademark rights have accrued through no apparent error of its own suffers a much greater harm than Respondent (assuming for argument’s sake that he would be acting in a bona fide manner) being deprived of the Domain Name that appears to have been used for a matter of weeks.

The Panel may have hammered in the extra nail because inadvertent lapses of domain names incorporating weak marks are vulnerable to appearing respondents who persuasively explain their registrations. As it happened in IDR Solutions there was no appearance and no persuasive reason to support legitimacy (really the licensee’s legitimacy!)

But there are always factual patterns that favor respondent even with well-known trademarks. They are rare, and one of the reasons for dismissing the complaint turns on the Policy’s limited jurisdiction. The Complainant in Adobe Systems Incorporated v. Albert Sole, Photoshopcaribe / Domains By Proxy, LLC, D2016-0582 (WIPO May 13, 2016) served a cease and desist notice for <photoshopcaribe.com>. The Respondent answered the notice and then (for unexplained reasons signed up with a proxy service). Complainant argued that this supported its claim for bad faith registration and use but the Panel disagreed:

in light of the Respondent’s reply to the cease and desist notice in which the Respondent[‘s] identity and that of his company, together with the latter’s status as registrant of the disputed domain name are clearly stated ... it cannot therefore have been with intent to obscure the identity of the registrant of the disputed domain name in order to prevent measures being taken by the Complainant as has been alleged.

Respondent prevails, however, not because it persuasively argues a right or legitimate interest but because the claim is outside the jurisdiction of the UDRP forum:

In any event, this case strikes the Panel as one which the Policy is ill-suited to resolve given that it is not a clear case of abusive cybersquatting and that there are apparently competing legal interests at its essence which are subject to the domestic laws of the Dominican Republic. These would be more appropriately raised and better suited to a determination in the courts of that country. Either or both of the Parties are free to take this dispute to a relevant forum. The present finding does not seek to influence any such subsequent proceedings, should they be raised.

For the right reasons, registrants cannot be faulted for buying privacy. The services provide a genuine need but they are ultimately accountable and that’s why by contract they have the final say when their clients are challenged to disclose their identities.

By Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Information about the firm can be found on the Firm’s website at iplegalcorner.com. Mr. Levine has a litigation and counseling practice representing clients in Intellectual Property rights and management, Internet and Cyberspace issues, domain names and cybersquatting, as well as a diverse range of legal and business matters from working with client to resolve commercial disputes, to copyright and trademark counseling and registrations. He is the author of a treatise on Trademarks, Domain Names, and Cybersquatting, Domain Name Arbitration: A Practical Guide to Asserting and Defending Claims of Cybersquatting Under the Uniform Domain Name Dispute Resolution Policy. A Second Edition of the treatise was published July 2019 and is available from Amazon or from the publisher, Legal Corner Press (LCP). For inquiries to LCP write to .(JavaScript must be enabled to view this email address) or Mr. Levine at .(JavaScript must be enabled to view this email address).

Visit Page

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Thanks for an interesting and helpful treatment Joe S Alagna  –  Dec 28, 2016 3:42 PM

Thanks for an interesting and helpful treatment of this topic.

What about companies that use their business name and “Name Admin” with a generic (but operational) company “DomainManagement” email address as the contact in whois?

It seems to be a helpful tool for companies who manage large portfolios and that may change employees from time to time who manage their domain portfolios.

I’ve always been curious of the legal aspects regarding this.

I'd think that'd (at least in the Todd Knarr  –  Dec 28, 2016 4:08 PM

I'd think that'd (at least in the US and Europe) fall into the same category as buildings, vehicles, land and other property owned under the company's name: the company's a legal entity that can own domain names in it's own right, and that email address is a role address rather than a personal address and routes mail to whoever's assigned to fill that role (like postmaster).

Company property Gerald M. Levine  –  Dec 30, 2016 2:54 PM

Just a note, though, Todd. Unlike trademarks domain names are not "owned" they are "held" for the duration of the registration and can be "lost" if the registrations are not renewed. Non renewal could cause havoc if there are suddenly no emails to route to whoever is supposed to receive them.

Yes, Joe,I think you're right about using Gerald M. Levine  –  Dec 30, 2016 2:48 PM

Yes, Joe,I think you're right about using Company Names. It solves the kind of problem that occasionally comes up of ownership and administrative contacts in employees' names who either take the domain name or it lapses, unknown to the company who won't realize until it's too late. It's a kind of inter-generational problem in which new managers are unacquainted with what earlier management has done.

Gerald,Just to quantify one of your points, Mark Stephens  –  Jan 6, 2017 6:02 PM


Just to quantify one of your points, IDRsolutions (of which I am the CEO) did actually pay a well-known and supposedly reputable registrar to renew the jpedal.org domain and contacted their technical support to confirm this had been done (which they did in writing). However, they actually failed to pass on the money which they had taken, causing the domain to lapse. Which raises a whole lot of additional interesting legal questions we are now working through with our legal advisors….

Lapse caused by registrar Gerald M. Levine  –  Jan 6, 2017 6:36 PM

I gathered as much, Mark,from the decision, and while certainly disrupting (even an assault on the fingernails) the award returned your domain name; Yes? Gerald

Indeed (although it was a time-consuming, stressful Mark Stephens  –  Jan 6, 2017 7:48 PM

Indeed (although it was a time-consuming, stressful and expensive experience). Our advice was that the trademark issue would be more valid as the main point for the appeal than arguing misrepresentation, negligence, breach of contract or potential fraud by an ICANN approved registrar, and thankfully we got the domain back (although these will obviously be the basis of our legal action to recover our costs from the registrar and our complaint to ICANN against them). We did try to contact the other party on several occasions but as you so eloquently point out, they are totally hidden by a privacy wall. We had no reply and they did not even submit a response against the appeal. They did not even try to sell us back the domain.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Brand Protection

Sponsored byCSC