By Ken Linscott, product director, Domains and Security
Natalie Leroy, senior IP advisor Share this post
A cyber security company recently attempted reverse domain name hijacking for an exact match domain name of its brand, and in so doing, failed in both its bid to take ownership of the domain and potentially damaged their reputation by using this somewhat nefarious tactic and abusing the Uniform Domain Name Dispute Resolution Policy (UDPR) process[1].
What is reverse domain name hijacking?
Reverse domain name hijacking, commonly known as RDNH in domain name dispute cases, occurs when a trademark owner attempts to secure a domain name by falsely making claims of cybersquatting against a domain name owner.
This is unlike domain name hijacking, which is usually associated with cybercrime where the domain name is stolen through unauthorized access to the domain management account, or domain name system (DNS) hijacking where the name servers for a domain are changed through similar unauthorized access.
In other words, RDNH is where a trademark owner uses UDRP proceedings to coerce an individual domain owner into surrendering their rights to a domain name. This tactic is in breach of the rules, which clearly state that the complainant must certify that they are not using the process improperly as a means to harass a domain holder, and that they are acting in good faith with reasonable argument.
“If after considering the submissions, the panel finds that the complaint was brought in bad faith, for example, in an attempt at reverse domain name hijacking, or was brought primarily to harass the domain-name holder, the panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding.”
— Internet Corporation for Assigned Names and Numbers’ (ICANN) Rules for Uniform Domain Name Dispute Resolution Policy (Rules), Paragraph 15 (e)[2]
It’s therefore important that companies fully understand the dispute resolution process in detail to avoid being found to have used this tactic. Furthermore, because cybersquatting is on the rise and third-party registrants are continuing to extort money from legitimate businesses and trademark owners, companies need to understand how to avoid a panel issuing a finding of RDNH against them.
Although a finding of RDNH does not carry a financial penalty, it will go on the public record and taint any future complaint. Panels are also usually quite ruthless in their choice of words, and RDNH is newsworthy, which may lead to reputation damage for a complainant found guilty of RDNH. Finally, RDNH is an offence under the Anti-Cybersquatting Consumer Protection Act, so that U.S.-based domain name owners may sue in a District Federal Court for damages up to $100,000.
What can companies do to avoid attempted RDNH?
Specifically, in the case of a trademark composed of generic words, or when the domain name has no content, there is an increased risk of the respondent calling for a ruling of RDNH. Trademark owners with sufficient grounds, or who do not display bad faith, are able to avert a RDNH ruling against them. (See case examples: D2007-0965 and D2018-0235.)
We recommend trademark owners:
- Make sure the trademark or the rights predate the domain name registration or acquisition by the last registrant (in case a domain name has changed hands). If prior rights can’t be proven, it will be difficult to claim “bad faith,” since under the UDRP, this hinges on registration and use.
- Document how the trademark was known at the time the disputed domain name was registered; how well it’s known now is irrelevant if the domain name is 20 years older.
- Substantiate claims. Don’t make allegations in one’s favor or discredit the respondent without evidence.
- Be honest with the panel. If there was an attempt to buy the domain name from the registrant before starting the UDRP, say so. No panel is going to blame a complainant for trying to recover a domain name more quickly or cheaply than a UDRP, however they’re not going to be impressed if a complainant says the respondent tried to sell the domain name to them for an unreasonable fee if the complainant initiated the discussion.
- Avoid blatant attempts to entrap the respondent or mislead the panel, for instance, only putting forward incomplete material evidence, details of which then come to light when the registrant files their response.
- Finally, carefully consider how and who to trust to file disputes. A boilerplate approach without careful consideration of the facts risks leaving the trademark owner open to not just a loss, but perhaps the accusation of below-the-belt tactics.
If you have a domain name you’d like to obtain, request a free domain name acquisition consultation from CSC. >>
[1]domainnamewire.com/2020/06/02/siemplify-reverse-domain-name-hijacking/
[2]icann.org/resources/pages/udrp-rules-2015-03-11-en