Watch out for reverse domain name hijackers
For over two decades, there’s been a system to help companies recover domain names that infringe their trademarks. Called the Uniform Domain Name Dispute Resolution Policy (UDRP), this system is designed to be easier, faster, and cheaper than using the court system to go after cybersquatters.
It works as designed — most of the time. Sometimes, companies that covet valuable domain names make spurious claims through the UDRP. When they go too far, the panelists (think judges) overseeing the case will say that the company tried to “reverse domain name hijack” the domain.
Think of UDRP as a stripped-down version of a lawsuit. A company with a trademark (called the Complainant) files a case against someone who owns a domain (called the Respondent) that it says infringes on its trademark.
The Complainant files the case and the Respondent gets a chance to defend itself. A panel of one to three people (usually active or retired attorneys) reviews the case and decides if the domain should be transferred to the Complainant or remain with the Respondent. The entire process can be completed in weeks, rather than the months or years required for a lawsuit.
To win the case, the Complainant has to show three things:
- The domain matches or is confusingly similar to a mark in which it has rights. It needs to show that it has a registered or common law trademark matching (or similar to) the domain.
- The Respondent lacks rights or legitimate interests in the domain name. The Complainant makes a case, and the domain owner can put up a defense, such as that they registered the domain for a legitimate business or personal reason.
- The Respondent registered and used the domain in bad faith. The Complainant needs to show that the domain owner registered the domain to target the Complainant.
Of the decided cases, over 90% are found in favor of the Complainant. This makes sense because most of the cases are clear-cut. Morgan Stanley recently won a case against morganstanley-futures.com, Impossible Foods won a case against a look-a-like domain imposslblefoods.com (swapping an L for an I), and Home Depot won a case to recover homedepotcustomercenter.com. These are all obvious cases of cybersquatting and the types of disputes the system was created to resolve.
What about the other 10% or so of cases that the Complainant doesn’t win? In some cases, they are a close call, and the panelists defer to the domain owner. Other cases are more appropriate for courts where claims can be vetted. And in some cases, Complainants tried to use the UDRP to get a domain name they have no rights to without paying for it.
These are reverse domain name hijacking (RDNH) cases. Here are a few recent examples:
- wex.com – Wex Inc., a publicly-traded technology company, tried to get wex.com. The panel determined that Wex left critical information out of its case and submitted misleading evidence. Disputes involving three-letter domains frequently end in RNDH decisions because the domains are valuable and can be used by many different companies.
- ecostream.com – Water management company Ecostream LLC tried to get this domain through UDRP. The domain owner registered the domain before the Complainant had any trademark rights in the name, which means it could not show that the domain was registered in bad faith. Ecostream first tried to buy the domain before filing the case. This scenario — when a company files a UDRP after failing to buy a domain — is usually labeled a “Plan B” RDNH.
- bartko.com – This case was especially egregious because a law firm was the Complainant. Bartko Zankel Bunzel & Miller filed the case on its own behalf, apparently in an effort to shorten its domain name to bartko.com. The domain name owner’s last name was Bartko, which means the case was doomed to fail on the issue of whether the domain owner had rights or legitimate interests in the domain. (If the domain matches your surname, that means you have a legitimate interest in the domain.)
While an RDNH filing might be embarrassing for the company that filed its complaint (or at least its lawyers), there’s no financial penalty for filing an RNDH case.
Some domain owners have called for there to be a penalty in order to deter companies from filing bad cases. This idea hasn’t gone anywhere yet.
It’s worth noting that courts can assess financial penalties for reverse domain name hijacking, but that’s in relation to lawsuits filed under the Anticybersquatting Consumer Protection Act (ACPA), not UDRP.
Domain owners can do a couple of things to protect themselves from both UDRP cases and reverse domain name hijackers.
First, don’t register domain names to target trademark holders. This is cybersquatting and you might lose your domain in a UDRP. Worse, you could be sued and have to pay damages.
Second, talk to a domain name attorney if one of your domains is hit with a UDRP and you think it’s baseless. They can help you respond to the dispute and perhaps win a reverse domain name hijacking finding.