Hogan Lovells 2024 Election Impact and Congressional Outlook Report
This is the January edition of Anchovy News. Here you will find articles concerning ICANN, the domain name industry and the recuperation of domain names across the globe. In this issue we cover:
Domain name industry news: Launch of five new gTLDs / GlobalBlock to be launched by Brand Safety Alliance / EURid publishes its Q4 2023 progress report / ICANN make amendments to the RAA in fight against DNS Abuse.
Domain name recuperation news: Living on the edge of bad faith / Recent auDRP denial highlights evidentiary burden on complainants / WIPO cybersquatting cases grow by 7% to reach new record in 2023.
For earlier Anchovy News publications, please visit our Domain Names practice page. Learn more about Anchovy® - Global Domain Name and Internet Governance here.
The Registry Internet Naming Co., which currently runs 10 new generic Top Level Domains (gTLDs) including .CLICK, .LOVE and .FORUM, is launching five new gTLDs: .DIY, .FOOD, .LIVING, .LIFESTYLE and .VANA.
While .FOOD, .LIVING, .LIFESTYLE are self-explanatory, .VANA is “intended to be used in collaboration with major Web3 ecosystems to bring new functionality to domain names.” The Registry further explained that “unlike other TLDs with Web3 aspirations, .VANA operates like a traditional open gTLD by using standard EPP and does not require any special APIs or blockchain knowledge to register.”
As for .DIY (for “Do It Yourself”), it is advertised as being “the digital canvas to showcase [one’s] skills”, .DIY can serve as “the interactive knowledge base for customers” and can be used to “host how-to videos for customers or establish yourself as a do-it-yourself expert“.
All five new gTLDs are unrestricted, meaning that they are open to everyone, and their launch follows the same schedule, which is as follows:
During Sunrise, trade mark holders who have registered their trade marks with the Trade Mark ClearingHouse (TMCH) will be able to apply for the corresponding domain names under the gTLDs of their choice.
During this period, which is rather unusual, it appears that existing customers or partners of the Registry can register any available domain name on a first come, first served basis, for a high fee ($25,000 Registry application fee, plus the registration fee).
During EAP, available domain names can be registered by anyone on a first come, first served basis for an extra fee, which will be quite high at first ($25,000 on Day 1, which is the same price as during the 1-day Customer Loyalty Period). The Registry application fee will however decrease day by day leading up to General Availability, going down to $500 on the last day of EAP. The registration fee will need to be paid on top.
From this date, anyone will be able to register available domain names on a first come, first served basis, with no restriction and at a standard price (except for .VANA for which the registration fee is higher).
For more information on the launch of any of these new gTLDs, please contact David Taylor or Jane Seager.
The Brand Safety Alliance, an initiative launched by domain name Registries Godaddy and Identity Digital, is set to release its “GlobalBlock” and “GlobalBlock+” products at the end of January 2024. These products establish protected lists that block the registration of specified terms (and variations such as typos and homoglyphs in the case of the premium GlobalBlock+) in at least 560 generic Top Level Domain (gTLD) and country code Top Level Domain (ccTLD) extensions, with more to be added in the future.
The GlobalBlock product will function in the same way as other blocking services that are already available, such as the AdultBlock (and premium AdultBlock+) and the Domains Protected Marks List (DPML) in that they allow a trade mark owner that has its trade mark registered with the Trade Mark Clearinghouse (TMCH) to pay a single fee in order to block the relevant term across all of the participating extensions. The AdultBlock product was launched in 2021 by Minds & Machines (since acquired by Godaddy), the then owner of a number of adult-oriented TLDs including .XXX, .SEX and .ADULT, and the DPML service was introduced in 2013 by the Donuts Registry (now part of Identity Digital).
The GlobalBlock service will also be available for company names and celebrity names. Additionally, the premium GlobalBlock+ service will cover variations to the term protected, such as typos and Internationalised Domain Name (IDN) homoglyphs, thus offering increased protection against phishing and other common abusive practices.
Blocking services of this type are marketed as a way for brand owners to protect their brands across a large number of domain name extensions and as a cost-effective alternative to individual defensive registrations. Aside from covering a number of the legacy gTLDs including .BIZ, .INFO, .MOBI and .PRO, the GlobalBlock product covers a large number of new gTLDs, for example .COMPANY, .EMAIL and .FINANCIAL, but also a number of ccTLDs, including .US (United States), .SD (Sudan), .ID (Indonesia), .KE (Kenya) and .AC (Ascension Islands).
Both the GlobalBlock and the GlobalBlock+ options also offer what is called “Priority Autocatch”, a service that will prevent third parties from picking up, by way of backorders (a practice known as drop-catching), expired domain names that match strings protected by the block list in the protected extensions.
The program will be launched according to the following schedule:
GlobalBlock Beta Program
Standard GlobalBlock Ordering
Founders Discount Program
Blocks purchased during the Beta Program will go live immediately. The Founders Discount Program is open to the holders of existing AdultBlocks and DPMLs.
It is important to remember that while blocking services will block registration of the exact term protected (for example “anchovy”), as well as (in the case of the premium services) a lookalike term such as “aпchovy” (a homoglyph using a Cyrillic character) in the applicable TLDs, it will not protect against more complex terms such as “anchovynewss”, nor does it cover all TLDs. Brand owners will thus need to remain vigilant in respect of abusive third party registrations incorporating their trade marks.
Should you be interested in the GlobalBlock service, or in subscribing to our monthly domain name monitoring service, Name Tracker, please contact David Taylor or Jane Seager.
EURid, the Registry responsible for running the .EU country code Top Level Domain (ccTLD), recently published its Q4 2023 progress report which included its quarterly statistics for .EU, covering the .EU extension as well as .ею (“.eu” in Cyrillic) and .ευ (“.eu” in Greek).
At the end of Q4 2023, EURid recorded a total of 3,684,820 .EU domain names, which represented an increase of 158,737 domain names between Q3 and Q4. EURid noted that during Q4 2023, registrations by entities based in Hungary had the highest rate of growth at 4%, followed by Estonia and Sweden with growth rates of 2.1% and 1.0%, respectively. In terms of volumes, Germany was the country with the most .EU registrations with 985,934 domain names, followed by the Netherlands (456,298) and France (306,477).
EURid also reported 6,235 new multi-year domain name registrations during Q4 2023 (it is possible to register and renew .EU domain names for a period of between 1 to 10 years). In addition 5,004 Internationalised Domain Names (IDNs) were registered during this period, bringing the total to 40,126 IDNs. Overall, EURid recorded an average domain name renewal rate of 79%.
In terms of domain name disputes, 19 disputes were filed in Q4 2023 under the Alternative Dispute Resolution procedure with the Czech Arbitration Court (CAC) and the World Intellectual Property Organization (WIPO) Center.
The quarterly report also highlighted other developments during Q4 2023, including participation in the 18th annual Internet Governance Forum in Kyoto, Japan. EURid also, for the eighth consecutive year, organised coding and robotics workshops for over 400 students during CodeWeek 2023, and celebrated the six winners of the 10th annual .EU Web Awards (an online competition launched in 2014 which is designed to acknowledge the best websites under .EU, .ею and .ευ).
To visit EURid’s website, please click here.
The full Q4 2023 Report can be found here.
For more information on .EU, .ею and .ευ domain names, please contact David Taylor or Jane Seager.
The Internet Corporation for Assigned Names and Numbers (ICANN) put forward a raft of proposed amendments last year to the registrar and Registry contracts specifically targeting Domain Name System (DNS) Abuse. The voting period for these proposed amendments lasted three months and they received overwhelming approval from generic Top-Level Domain (gTLD) Registries and accredited registrars.
The current rules relating to DNS Abuse, as laid out in the Registrar Accreditation Agreement 2013, refer to “taking reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”, which is quite vague and makes enforcement difficult. The new proposed amendments aim to clarify what registrars will be required to do when there is evidence of DNS Abuse, thus facilitating enforcement.
In respect of registrars, the amended text stipulates the following:
“When Registrar has actionable evidence that a Registered Name sponsored by Registrar is being used for DNS Abuse, Registrar must promptly take the appropriate mitigation action(s) that are reasonably necessary to stop, or otherwise disrupt, the Registered Name from being used for DNS Abuse. Action(s) may vary depending on the circumstances, taking into account the cause and severity of the harm from the DNS Abuse and the possibility of associated collateral damage.”
In relation to Registries, the proposed amendments impose the following obligations:
“Where a Registry Operator reasonably determines, based on actionable evidence, that a registered domain name in the TLD is being used for DNS Abuse, Registry Operator must promptly take the appropriate mitigation action(s) that are reasonably necessary to contribute to stopping, or otherwise disrupting, the domain name from being used for DNS Abuse. Such action(s) shall, at a minimum, include: (i)the referral of the domains being used for the DNS Abuse, along with relevant evidence, to the sponsoring registrar; or (ii) the taking of direct action, by the Registry Operator, where the Registry Operator deems appropriate. Action(s) may vary depending on the circumstances of each case, taking into account the severity of the harm from the DNS Abuse and the possibility of associated collateral damage.”
In both the above cases, DNS Abuse is defined with the same five broad categories of malicious activity: malware, botnets, phishing, pharming, and spam aimed at disrupting the DNS infrastructure.
As soon as these amendments have been ratified by ICANN, registrars will be required to do the following:
1) Publish an email address or web form readily accessible on the registrar’s home page to allow people to submit abuse complaints.
2) Confirm receipt of those reports to the submitter, either via email or on the screen after submission.
3) Provide contacts for law enforcement in the registrar’s jurisdiction.
Upon receipt of a complaint with “Actionable Evidence”, registrars will be required to take prompt action to mitigate the DNS abuse.
In defining what is meant by Actionable Evidence the draft amendments stipulate that this should be “readily available to the registrar” and “must be sufficient to enable the registrar to make a reasonable determination as to whether the Registered Name is being used for one or more forms of DNS Abuse.” Taking for example a domain name used for phishing, such evidence might include a screenshot of how the domain name is being used for phishing, who is being targeted, and the full URL of the page used to collect information.
With regard to the definition of the term “prompt”, ICANN states that “the appropriate amount of time to investigate and take action will also vary, making it impossible to prescribe a fixed amount of time for an action to be considered “prompt.” Instead, it states that “registrars must demonstrate an ongoing attentiveness to allegations of sponsored names being used for DNS Abuse. The attentiveness should be commensurate with the potential harm that DNS Abuse causes victims.”
Additionally, pursuant to the following section of the proposed amendments, prompt action may involve informing the registrar, or other concerned party, and asking them to act:
“The registry operator will also consider whether it, the sponsoring registrar, and/or another party are the best-equipped parties to review and take the appropriate, proportionate mitigation actions. For example, for a single Registered Name being used for DNS Abuse, the registrar may be best placed to review and address the DNS Abuse with its customer. Similarly, in the case of compromised systems, the Registered Name Holder or the hosting provider that maintains administrative access to affected systems may be better able to address the issues, and the registry operator should refer these to the registrar first, as suspending the domain by applying either clientHold or serverHold can cause collateral damage on benign or legitimate content. On the other hand, the registry operator may be the best party to address large-scale threats that span many Registered Name Holders or registrars, such as domain-generating algorithms used to propagate botnets.”
The proposed amendments will go into effect following a 60-day notice from ICANN.
In a recent decision under the Uniform Domain Name Dispute Resolution Policy (the UDRP or the Policy) before the World Intellectual Property Organization (WIPO), a Panel denied the transfer of the Domain Name at issue, finding that the Complainant had failed to prove bad faith registration on the part of the Respondent.
The Complainant was Living Edge (Aust) Pty Ltd, an Australian retailer of designer furniture and lighting goods and a provider of interior design services. The Complainant owned four stores and showrooms throughout Australia and held several trade mark registrations, including an Australian trade mark for LIVING EDGE registered in September 2007. The Complainant also claimed unregistered rights through its predecessor since 2001.
The disputed Domain Name was livingedge.com. It was registered in February 2005 by an individual based in New York. The Respondent was previously involved in the creation of a company called Living Edge International Inc., which was incorporated in August 2005 and ceased its activity in 2009. When Living Edge International Inc. was active the Domain Name resolved to a website providing information about the company's activities. The Domain Name then resolved to a parking page with pay-per-click (PPC) links to furniture-related websites. At the time of the filing of the Complaint, the Domain Name resolved to an inactive webpage.
The Complainant initiated proceedings under the UDRP for a transfer of ownership of the Domain Name. The Respondent submitted a Response denying bad faith and claiming that he had no knowledge of the Complainant when the Domain Name was registered.
To be successful in a complaint under the UDRP, a complainant must satisfy the following three requirements:
(a) The domain name registered by the respondent is identical or confusingly similar to a trade mark or service mark in which the complainant has rights; and
(b) The respondent has no rights or legitimate interests in respect of the domain name; and
(c) The domain name has been registered and is being used in bad faith.
On the first element, the Panel agreed that the Domain Name was identical to the Complainant's LIVING EDGE trade mark, which satisfied the requirements of paragraph 4(a)(i) of the Policy. The Panel did not address the second element, finding that this was not necessary given its ruling on the third element and bad faith.
Turning to bad faith registration, the Panel first ruled that the Respondent had established that he had registered the Domain Name in connection with a bona fide business. The Panel noted that although the evidence provided by the Respondent was scarce, it was sufficient to prove that the Domain Name was registered in pursuance of a legitimate business. The Panel also underlined that such lack of extensive evidence could be explained by the fact that the company had not been active for over a decade.
Second, the Panel found that the Complainant, which operated from a small number of locations in Australia, did not provide enough evidence of its reputation or its unregistered rights at the time of registration of the Domain Name. As such, the Panel found that the Complainant had failed to establish that the Respondent was aware of the Complainant's existence when the Domain Name was registered. Further, the Panel underlined that even if the Respondent had somehow been aware of the Complainant, this would not necessarily have resulted in a finding of bad faith as long as the Respondent could prove that he registered the Domain Name for the purpose of a legitimate business in a manner which did not in any way seek to take unfair advantage of the Complainant’s trade mark or cause confusion to Internet users. The Panel noted that that rights in domain names are generally considered to be acquired on a first-come, first-served basis.
Finally, the Panel found that, although the Respondent was the registrant of several trademark-abusive domain names, this was insufficient, given the circumstances of the case, to prove bad faith.
As a result, the Panel found that the Complainant had failed to establish registration in bad faith and denied the transfer of the Domain Name. However the Panel declined to make a finding of Reverse Domain Name Hijacking as the Complainant had not conducted its case in bad faith.
Comment
Several elements of this case meant that it initially appeared winnable for the Complainant, namely the use of the Domain Name to resolve to a parking page with PPC links related to the Complainant's business and the registration of multiple trademark-abusive domain names by the Respondent. However, the Respondent was able to reply with solid evidence countering the Complainant’s allegations of bad faith and the case was denied. This decision therefore underlines the importance of conducting a thorough investigation on the previous use of a domain name, especially if it was registered a number of years before the filing, as well as a search on the respondent's details (either before the filing of the complaint if they are freely available in the WhoIs, or once obtained after the filing if the domain name is under privacy, as it was in this particular case).
The decision is available here.
In a recent decision under the .au Dispute Resolution Policy (auDRP) before the World Intellectual Property Organization (WIPO), the Panel denied a Complaint for the disputed domain name dukes.com.au, finding that the Complainant was unable to establish registration or use of the disputed domain name in bad faith.
The Complainant was Dukes Weight Loss Pty Ltd; an Australian company established in February 2022 operating an Australian-made and owned weight-loss system for men and women. The Complainant was the owner of Australian Trademark No. 2309548, DUKES, registered on 10 July 2023.
The Respondent was Ollority Pty Ltd, Australia.
The Respondent asserted ownership of the disputed domain name dating from 16 April 2006. Based on information sourced from auDA's Domain Creation Date request service, it appeared that the disputed domain name was registered with the registrar of record at the time of submission of the Complaint to the Center on 16 April 2007. At the time of filing of the Complaint, the disputed domain name resolved to a web page titled "DUKES.COM.AU", under which there were a number of "related searches": "Shipstation Alternatives", "Incident Mgmt", and "Royalty". There was also a header at the top of the web page stating, "Contact domain owner – This domain may be available for sale, lease or JV opportunity". Clicking on this text resulted in a form headed "DUKES.COM.AU If you want to buy this domain, please fill out this form".
In order to prevail, a complainant must demonstrate, on the balance of probabilities, that it has satisfied the requirements of paragraph 4(a) of the auDRP:
Identity or confusing similarity
The Complainant asserted that it owned the registered trademark for DUKES. The Panel found the disputed domain name, dukes.com.au, to be identical to the Complainant's trademark. The Respondent argued that "duke" is a common English word and pointed to numerous trademarks and business names containing "duke" in Australia. However, the Panel clarified that the relevant inquiry focused on the similarity between the disputed domain name and the Complainant's specific trademark, not the general usage of the term.
The Panel concluded that the Complainant successfully established the first element of the auDRP.
Rights or legitimate interests
Noting that the Complaint would go on to fail under the third element, the Panel did not include a finding under the second element of the auDRP.
Bad faith
As regards registration in bad faith, the Respondent claimed to have registered the disputed domain name in April 2006, well before the Complainant's founding in February 2022 and the registration of its trademarks. The Panel found no evidence supporting the assertion that the Respondent registered the domain with the intention of taking advantage of the Complainant's later-developed trademark.
On question of use of the disputed domain name in bad faith, the Panel reviewed the available evidence of historical use of the disputed domain name. As part of the Panel's discussion about bad faith, the Panel considered the eligibility criteria for registering a ".com.au" domain name at the time that the disputed domain name was registered, highlighting that domain monetisation, including pay‑per‑click advertising, was permissible under certain conditions. The Panel emphasised the lack of evidence related to these conditions, such as the specific content of the website at the time of registration. The panel found the Respondent's denial of knowledge of the Complainant to be credible, and noting the absence of evidence regarding the nature of the Respondent's historical use of the disputed domain name, the Panel concluded that there was insufficient basis to enter a finding of bad faith use.
Reverse Domain Name Hijacking
The Panel refrained from declaring Reverse Domain Name Hijacking (RDNH). The Panel acknowledged challenges in determining bad faith use but ultimately, on balance, did not characterise the Complaint as an attempt at RDNH.
Comment
The outcome of this case underscores the importance of thorough preparation and evidence presentation in auDRP complaints. The Panel's careful examination of the facts, particularly the historical use of the disputed domain name and the lack of evidence regarding bad faith registration, highlights the need for complainants to establish a clear and compelling case. The assertion of trademark rights alone will not suffice if there is insufficient evidence linking the registration to bad faith.
Additionally, the decision emphasises the significance of historical context in domain disputes. Potential complainants should be mindful of the timeline of domain registration relative to the establishment of their trademarks and businesses, including under domain dispute policies where a complainant is only required to prove registration or use in bad faith, as where a respondent can demonstrate legitimate use predating the complainant's activities, establishing bad faith becomes far more challenging.
The decision is available here.
According to the 2023 Summary of Domain Name Cases published in January 2024 by the World Intellectual Property Organization (WIPO), trade mark owners filed a record 6,192 cases under the Uniform Domain Name Dispute Resolution Policy (UDRP) and its national variations with WIPO’s Arbitration and Mediation Center in 2023.
WIPO’s 2023 caseload reflected an impressive 7% increase from the previous year and a substantial 68% rise since the onset of the COVID-19 pandemic as businesses reacted to the proliferation of websites used for counterfeit sales, unlicensed pharmaceuticals, malware, fraud, phishing, and other forms of cybersquatting.
WIPO’s caseload over the past 10 years can be seen here:
This surge propelled WIPO's cybersquatting cases to a cumulative total of 67,625 since the inception of the UDRP in 1999, indicating a clear trend of sustained growth over the past decade. These statistics underscore the ongoing significance of the WIPO-designed UDRP as a crucial tool for brand owners to combat cybersquatting.
Several factors contributed to this increase, including the overall growth in domain name registrations, heightened awareness of the UDRP among companies of all sizes, and the evolving nature of cybersquatting activities. Importantly, the UDRP continues to be an attractive alternative to filing court cases across various jurisdictions.
WIPO's procedures in 2023 were conducted in 17 languages, with English, Chinese, French, Spanish, Russian, Japanese, Turkish, German, Portuguese and Swedish being the top 10 languages used.
While WIPO began accepting cases for the .GA (Gabon) and .MG (Madagascar) country code Top-Level Domains (ccTLDs) in 2023, there was an increase in filings for ccTLDs such as .AI (Anguilla), .AU (Australia), .CN (China), .EU (European Union), .MA (Morocco), and .MX (Mexico). Representing 80% of the total caseload, .COM demonstrated the continuing popularity of the legacy generic Top-Level Domains (gTLDs).
The top 10 ccTLDs in terms of filings in 2023 were .CO (Colombia), .CN (China), .MX (Mexico), .AU (Australia), .AI (Anguilla), .EU (European Union), .IO (British Indian Ocean Territory), .FR (France), .NL (Netherlands), and .ES (Spain).
Notably, the United States, France, and the United Kingdom emerged as the top-filing countries. Europe, with 40% of all cases filed, remained the first-ranked filing continent, followed by North America (33%), Asia (20%), Latin America and the Caribbean (3%), Africa (3%), and Oceania (2%).
The top sectors of complainant activity were banking and finance (13% of all cases), biotechnology and pharmaceuticals (11%), fashion (10%), and retail (10%). The dominant outcome of these cases remains transfer (82% of all cases), with approximately 14% of cases being settled, resulting in the filing party receiving a $1,000 refund.
WIPO’s 2023 Summary of Domain Name Cases is available here. For further information on the UDRP and domain name recuperation in general, please contact David Taylor or Jane Seager, both of whom are WIPO panelists regularly deciding cases under the UDRP.
Authored by the Anchovy News team.
Anchovy News editorial team:
Anchovy® - Global Domain Name and Internet Governance
Hogan Lovells offers a unique, comprehensive and centralised Paris-based online brand protection service called Anchovy® for global domain name strategy, portfolio management and global enforcement. We are the only law firm to be an ICANN-accredited registrar and we are accredited with a number of country-specific Registries worldwide.
We also specialise in all aspects of ICANN’s new generic Top Level Domain (gTLD) process and we are an agent for the Trademark Clearinghouse. As the global Domain Name System undergoes an unprecedented expansion, brand owners must revise their online protection strategies and we are ideally placed to guide them.
We are also frequently brought in to advise on cybersecurity, data protection and on a whole range of technology-related issues.
For more information on our services, please contact David Taylor or Jane Seager.