Using the Uniform Domain Name Dispute Resolution Policy to Stop or Prevent Fraud | Crowe & Dunlevy
You receive a package of iPhones and they appear to have been ordered by a purchasing department employee (let’s call her Jane Doe), however, you weren’t expecting iPhones.
Upon closer inspection, you notice that the order email address was Janey.Doe@oklahomacounty.net. However, there is no “Janey” Doe working for the county, and the county’s website is “oklahomacounty.org” not “oklahomacounty.net”. This type of fraudulent behavior was recently reported by the Oklahoma County Board of Commissioners, which reported that Namecheap Inc., an Internet domain registrar, had registered a private domain for oklahomacounty.net. The person who registered the .net domain then used fake email accounts with the domain to order thousands of dollars worth of products. After unsuccessfully asking Namecheap to deregister the domain, the county sought an injunction in Oklahoma County Court against the domain registrant.
What the county is aware of is a type of cybersquatting called typo-squatting or domain spoofing – where a domain name is slightly altered to impersonate another domain (think Amazon.com vs. Amazonn.com or Amazon.org) . Often these imitators not only change the domain name but may also duplicate the entire underlying website trying to trick visitors into spending money on counterfeit products or obtaining their information for additional scams. Another common form of cybersquatting is bad faith cybersquatting, or registering domain names for the sole purpose of profiting from the goodwill associated with someone else’s brand. These types of cybersquatters often purchase a domain name containing a trademark from another entity and then attempt to sell it to the trademark owner for profit.
Although filing an injunction with the county may result in an order requiring a domain registrar, such as Namecheap, to freeze, deregister, or transfer the domain, there are other options a person/entity can take if they experiences cybersquatting. The most common and least expensive way to attack a spoofed domain is through the Uniform Domain Name Dispute Resolution Policy (UDRP).
To buy a domain, a person or business simply needs to decide what words they want to capture in the domain address, find out if the domain is available, and then use a registrar, like Namecheap, GoDaddy, or Domain.com , to register. the desired domain. The person registering the domain can register privately, so their information is hidden from the public. Private registration can cause problems when a domain name infringes on the trademark of another person or entity, because without actual contact information, there is no way to directly sue or contact the registrant. domain, except through the registrar. Due to the rapid growth of the Internet, many branding and cybersecurity issues have arisen due to spoofed domains. Thus, the UDRP was implemented to protect businesses and trademark owners from abusive or bad faith domain registrations that confusingly resemble their own domains.
The UDRP allows the owner of a mark (whether a registered trademark or a common law mark) to file a complaint with a dispute resolution service provider, such as the Intellectual Property Organization (WIPO) or the Forum. The complaint must allege 1) that the disputed domain is identical or similar to the complainant’s trademark or service mark, 2) that the registrant of the disputed domain name has no right or legitimate interest in the domain name, and 3) that the disputed domain was registered in bad faith. Where the trademark owner is relying on common law trademark rights instead of a registered trademark, additional evidentiary requirements must be met to prove that there are real rights in the common law trademark. (such evidence includes length of use, types of advertising, sales evidence, public recognition and customer surveys).
Once a UDRP complaint is filed, the registrar is notified and is required to provide the complaint to the registrant of the disputed domain, who may then respond with a response. Notably, in most cases no response is filed – usually because the person who registered the disputed domain was using a fraudulent email address. Once the response date has passed, WIPO or the Forum assigns the file to an administrative committee which will make a decision concerning the domain. It is important to note that the burden of proving domain registration in bad faith in a UDRP process is on the complainant and that the three requirements mentioned above must be met, otherwise the UDRP panel will issue a decision in favor of the same registrant. if he fails. to respond to the complaint. If the Panel decides that the disputed domain is infringing and was registered in bad faith, the Panel will notify all parties involved, and the Registrant will be required to cancel or transfer the domain to the Complainant based on what the Complainant has requested. in the complaint. . However, transferring the domain is usually the preferable outcome as it will prevent the domain from falling into the wrong hands again.
The UDRP process is generally less expensive than litigation. It also provides a brand or business owner with a quick review and result. The UDRP process is an important tool for businesses in preventing fraud and trademark infringement like that experienced by the Oklahoma County Board of Commissioners.