Home / Blogs

To our readers: Does your company offer DNS or DNS Security services? CircleID has an opening for an exclusive sponsor for our DNS topic. Gain unparalleled results with our deep market integration. Get in touch: [email protected]

The UDRP “Celebrates” Its 500th Reverse Domain Name Hijacking Case

Co-authored by Nat Cohen and Zak Muscovitch.

Today, for the 500th time, an expert panel under the Uniform Domain Name Dispute Resolution Policy or “UDRP”, issued a decision finding a Complainant guilty of Reverse Domain Name Hijacking or “RDNH”.1 RDNH is an attempt to egregiously misuse the UDRP to unjustly seize a domain name from its lawful owner.

ICANN, the Internet’s domain name overseer, established its anti-cybersquatting policy known as the Uniform Domain Name Dispute Resolution Policy or “UDRP” on August 26, 1999. The UDRP is intended to offer trademark owners a speedy, efficient and low-cost means to remedy instances of cybersquatting by enabling the trademark owners to take ownership of domain names that target their brands in bad faith.

To-date, the UDRP has adjudicated over 80,000 domain name disputes. The vast majority of them result in the transfer of a cybersquatted domain name to the rightful trademark owner.

The UDRP is not always used in good faith by aggrieved trademark owners. The UDRP is regularly misused by companies that attempt to seize coveted domain names from their rightful owners by asserting baseless allegations in their UDRP complaints. The appeal of a low-cost domain name seizure mechanism encourages unscrupulous companies to try their luck with speculative complaints on the chance that their baseless allegations will be persuasive to a panel such that the panel will transfer ownership of the coveted domain name to the company that filed the complaint. Sometimes, unfortunately, these baseless complaints succeed in winning an unjustified transfer ordered by a UDRP Panel. These successful hijackings then encourage other companies to try their luck with filing abusive complaints.

Fortunately, Panels are rarely persuaded by baseless allegations and attempted hijackings are usually prevented. When faced with a baseless complaint, the Panel, at its sole discretion, may make a finding of Reverse Domain Name Hijacking against the Complainant.

From its earliest days, RDNH has been a fixture of the Policy. The UDRP was based upon recommendations from WIPO in the Final Report of the First WIPO Internet Domain Name Process (the “Final Report”). The Final Report noted that several commentators were inter alia, concerned that the proposed dispute resolution procedure “might lead to the harassment of domain name holders acting in good faith by trademark owners seeking to acquire a domain name that is being used in a way that did not infringe the trademark owner’s rights”. It was this concern which ultimately led to ICANN stakeholders adopting the UDRP in its present form which included the concept of RDNH in its Rules. Rule 15 of the UDRP specifically states that, “If after considering the submissions the Panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain-name holder, the Panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding”.

Accordingly, where a Respondent believes that the UDRP Complainant brought its complaint in bad faith, the Respondent may request that the Panel make a finding of RDNH against the Complainant. Moreover, even where the Respondent itself does not make such a request, UDRP Panels are obliged to declare that a Complainant brought its complaint in bad faith if the circumstances so warrant. There is no penalty in the UDRP for such attempted Reverse Domain Name Hijackings, other than the censure itself which can lead to embarrassment for the Complainant and/or its counsel who brought an abusive Complaint. What this means in effect, is that a Respondent will necessarily have to bear the burden of defending against an abusive complaint, with little recourse and a mere moral victory. Accordingly, while the UDRP was introduced to combat the scourge of cybersquatting, it can also be mis-purposed to cause harm to innocent domain name owners.

Such abusive UDRP complaints have been launched by unscrupulous or unwitting Complainants from the very beginning of the UDRP. One of the first UDRP cases to consider RDNH, was Dog.com, Inc. vs. Pets.com, Inc., dated March 31, 2000, and concerned the domain name, Dogs.com. In that case, the Panel noted the Respondent’s request for a finding of RDNH against the Complainant, however the Panel “decline[d] to make a finding of bad faith or reverse domain name hijacking”, without explanation. This was even though the Complainant brought the UDRP complaint alleging that it had trademark rights when the Complainant was obviously well aware that it had no such rights, having expressly disclaimed the word, “DOG.COM” in the US trademark registration which it relied upon. Shortly thereafter on April 20, 2000, a different Panel also considered RDNH, however only one of the three Panelists in J. Crew International, Inc. v. crew.com, WIPO Case No. D2000-0054 (crew.com), made the determination, stating that “this is a case of reverse domain name hijacking in which the Complainant has unilaterally decided this is a domain it would now like to have, after encouraging its use by another, and that it is now trying to use the ICANN rules to achieve what it cannot do by negotiations for the purchase of the name”.

The first case to seriously consider RDNH and to explain the basis for a possible finding of RDNH was, Shirmax Retail Ltd./Détaillants Shirmax vs. CES Marketing Group Inc., eResolution.ca Case Number: AF-0104 (March 20, 2000) <Thyme>. Though the Panelist ultimately determined that the circumstances of the particular case did not warrant it, the Panelist, Professor David Sorkin nevertheless explained that; “Although the applicable policy and rules are quite vague on what constitutes bad faith in bringing a complaint, it seems logical that bad faith should be found if the complainant has an obvious interest in obtaining the respondent’s domain name for its own use, yet lacks even a plausible argument on each of the elements set forth in paragraph 4(a) of the ICANN Policy”.

The first decision where RDNH was declared was Qtrade Canada Inc. vs. Bank of Hydrov, eResolution Case No. AF-0169 <Qtrade.com> on June 19, 2000. The Panelist, Mark Warner, found RDNH because the Complainant initiated proceedings “after unsuccessfully initiating attempts, directly and/or indirectly, to encourage the Respondent to sell the domain name for almost one year” and because of the Complainant’s “over-statement” of the status of its trademark rights when it only had a pending application for a trademark. The Panelist remarked that “if this case does not rise to the level of bad faith and reverse domain name hijacking, it is difficult to imagine a set of facts and circumstances that would”.

The second RDNH case shortly followed Qtrade, but it was by majority only. In K2r Produkte AG v. Jeremie Trigano, WIPO Case No. D2000-0622 (August 23, 2000), the majority found that the Complainant filed the complaint notwithstanding that it had already ascertained that the Respondent’s explanation of its registration was “manifestly reasonable”, and made unsupported assertions of a pattern of cybersquatting, made unfounded allegations of impropriety, and asserted that “no reasonable explanation exists for use of the K2r.com domain name”, notwithstanding that the Complainant was aware that it was the initials the Respondent’s Parisian clothing store called, Kirk et Rose Rich”.

A general reluctance by some UDRP Panels to find RDNH has continued since then. For example, in HDT Software Limited v. Bryan Graves, WIPO Case No. D2022-0998 <HDT.com> (April 21, 2022), the Panel didn’t even expressly consider RDNH despite the parties reportedly making submissions on RDNH and despite the Complainant not even have existed nor having adopted HDT as a trademark at any time prior to the Respondent having acquired a common acronym. In another such case, Heliponix, LLC v. Groviv LLC, Forum Claim Number: FA2201001981274, the Panel didn’t expressly consider RDNH either, despite the Respondent agricultural company’s domain name registration predating the Complainant’s trademark rights by nearly 20 years and despite the Complainant’s previous attempts to purchase the domain name.

The reluctance or failure of some Panels to make declarations of RDNH, or in some cases not to even expressly consider RDNH, indicates that instances of RDNH is under-reported. While the data compiled by ICANN and by RDNH.com2 shows that panels are making RDNH findings with increasing frequency, it nevertheless doesn’t show the full extent of instances of attempted hijackings under the UDRP since some Panels have been reluctant to or have failed to make a finding of RDNH despite the circumstances apparently demonstrating that the finding is warranted.

The increasing rate at which RDNH findings are made may suggest that Panels are becoming less reluctant to make RDNH declarations and may see the value in upholding the integrity of the UDRP by calling out bad actors who would abuse the Policy. This willingness to make an RDNH finding is demonstrated in particular where the Panel makes a finding of RDNH where the Respondent does not appear such that the finding is made when unasked and in reliance on the allegations contained in the uncontested complaint. In GL Concepts, LLC d/b/a Goodlife v. Perfect Privacy, LLC / Amitava Saha, Firstcry, WIPO Case No. D2022-0451 (May 17, 2022) <GoodLife.com>, the Panelist declared RDNH given that inter alia, the Complainant who was represented by counsel, should have appreciated that it would be unable to prevail in the case yet proceeded anyway.

Furthermore, there are other encouraging aspects of the rise in RDNH findings. The concept of RDNH has also developed over the last several years, to encompass particular discrete forms of RDNH, such as the “Plan B” RDNH, which is “using the Policy after failing in the marketplace to acquire the disputed domain name” (See for example, TOBAM v. M. Thestrup / Best Identity, WIPO Case No. D2016-1990). And RDNH is also more commonly meted out against Complainant’s whose trademark rights clearly post-date the disputed domain name registration, even by some Panelists who have historically been generally reluctant to find RDNH, such as in Canon City Property Management, LLC v. David Borden, NAF Claim Number: FA2203001987569 (May 4, 2022) <canoncitypropertymanagement.com>. Panels also cite as reasons that serve to justify an RDNH finding that the complainant was represented by counsel. Another justification for finding RDNH is if the complaint relies on a misreading of the Policy whose illegitimacy should be clear to anyone who troubled to familiarize themselves with UDRP jurisprudence.

Observers will correctly note that a finding of RDNH occurs in only a tiny fraction of all UDRP cases: 500 cases out of over 80,000. Lost in this cursory observation is that each one of those 500 cases represents an honest and bona fide domain name owner being egregiously victimized by an unscrupulous or unwitting Complainant and counsel. Moreover, instances of RDNH may involve covetous Complainants abusing the UDRP with the aim of seizing a particularly valuable domain name. Three-letter dot-com domain names have substantial market value and as such have been targeted by dozens of Complainants who have been found guilty of RDNH. Valuable dictionary word domain names are another target of attempted hijacking. In 2019, News Group Newspapers was found guilty of RDNH after offering $600,000 for the domain name, TheSun.com, and when its offer was declined, filed an abusive UDRP complaint in an attempt to seize the domain name without compensation.3 RDNH was also found by the UDRP panel when a prospective buyer of Queen.com, was unhappy with the $2 million asking price and resorted to attempting to seize the domain name by making spurious allegations.4 The domain names, Mexico.com and NewZealand.com, were each targeted for seizure by UDRP complainants who were found to have engaged in RDNH.5 In Picture Organic Clothing v. Privacydotlink Customer 4032039 / James Booth, Booth.com, Ltd., WIPO Case No. D2020-2016, the extraordinary valuable Picture.com domain name, was the subject of a UDRP complaint and a finding of RDNH by the Panel who stated, “to put it bluntly, Complainant, who was represented by counsel, had ample reason to know its case would fail in a situation in which the disputed domain name consists of a generic term”. These are some of the many cases involving extremely valuable domain names that have been the subject of hijacking attempts.

Looking at the number of RDNH findings as a percentage of all UDRP decisions obscures the seriousness of the problem. RDNH findings are not issued for every instance of attempted hijacking. Regrettably, some attempted hijackings are successful. Many attempted hijackings, though denied, are not identified as such by UDRP panels. Many panels, even when the circumstances clearly demonstrate that a finding of RDNH is deserved, won’t consider RDNH or will offer excuses for the Complainant’s bad faith. Since high value domain names are regularly targeted for hijacking, a domain name targeted for hijacking may have an economic value thousands of times greater than the economic harm caused by a run-of-the-mill typosquatted domain name. This magnifies the stakes of those cases where such a hijacking is attempted. When the scourge of RDNH is given more than a cursory look, the seriousness of the problem becomes clear.

The occasion of the 500th RDNH case is a reminder that the UDRP, in addressing one form of harm, has inadvertently created the opportunity for another. Each RDNH finding can be celebrated because it means that the Panel prevented an attempted hijacking and publicly censured the Complainant. Yet each RDNH finding is also a reminder that the UDRP in its current form encourages attempted hijackings and that an RDNH finding is an entirely inadequate deterrent to bad actors. Each attempted hijacking is an egregious attack on an innocent domain name registrant who is usually burdened with an expensive, time-consuming, and stressful defense of his or her lawfully registered domain name and is denied under the UDRP any remedy for such harm.

Reducing or eliminating RDNH would benefit all stakeholders since no legitimate stakeholder has an interest in permitting the UDRP to be abused. Ultimately, since Respondents obtain no tangible benefit from an RDNH finding and since abusive complaints have no place in the UDRP, the objective should perhaps be to avoid these kinds of cases from being brought in the first place. Not having to defend against abusive complaints would be a far better outcome for Respondents than obtaining a toothless recognition that the complaint filed against them was abusive. While often proposed, a financial penalty is unlikely to serve as an effective deterrent nor would it likely be adequate compensation to the Respondent for being put through the trouble, time, expense, and distress of facing an abusive complaint. Greater education, resources, and even warnings to unwitting Complainant counsel prior to filing a Complaint could possibly serve as the greatest tool in avoiding RDNH and would be of benefit to both Complainants and Respondents.

By Zak Muscovitch, General Counsel, Internet Commerce Association

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

Related

Topics

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global