The state of Maryland learned the hard way about the risks of not maintaining domain ownership. In order to appreciate the pickle the state got itself in, it’s necessary to understand the importance of separately protecting trademarks and domain names in order to ensure full brand protection. 

Domain Names vs. Trademarks

From 2012 to 2016, Maryland issued special edition license plates to celebrate the 200^th Anniversary of the War of 1812. These plates showcased a patriotic design in red, white and blue and an illustration of a flag waving over Fort McHenry. At the bottom of each license plate, there is a website address, www.starspangled200.org. At the time, the website offered a history of the national anthem, a list of notable places to visit and other information about events celebrating the bicentennial. However, recently a regrettable oversight came to light in the news. At some point last year, Maryland failed to renew the domain registration. The URL on the license plates redirected to a website (globeinternational.info) that promotes online casinos in the Philippines, with the result that more than 800,000 Marylanders were driving around with a license plate that advertised an online gambling site. Following the news stories, on June 7, 2023, the domain was transferred to a new owner and now directs to mva.maryland.gov, the website for the Maryland Motor Vehicle Administration. Even though Maryland no longer issues these license plates, the state should have retained ownership of the domain name (for a nominal renewal fee, typically $20-$30/year) for as long as they remain in circulation. Instead, they found themselves victims of domain “drop catching,” a practice whereby cybersquatters attempt to register or acquire a domain name immediately after it has expired or been intentionally released by its previous owner in order to profit from it.

Trademarks: Defending Against Cybersquatting and Internet Misuse

Cybersquatting is illegal under the Anti-Cybersquatting Consumer Protection Act (ACPA), yet it is one of the most common forms of trademark misuse on the Internet. Cybersquatting occurs when somebody buys, sells, or uses a domain name that is identical to or very similar to a trademark with a bad faith intent to profit from it. Sometimes cybersquatters register Internet domain names with no intention of developing a working site but instead hold the domain name hostage to resell to either the trademark owner or a third party. Cybersquatters also register domain names to sell counterfeit goods, distribute malware and engage in phishing campaigns. This is likely what happened to the Maryland Motor Vehicle Administration. By allowing the domain name registration to expire, Maryland exposed itself to an embarrassing (and likely expensive) negotiation with cybersquatters, which in hindsight, could have been avoided if they just retained ownership of the domain name. 

The domain name registration system is first-come, first-serve, and registrar companies (GoDaddy, Domain.com, etc.) do not require proof of trademark ownership at the time of registration. As a result, cybersquatters can register domain names that include registered trademarks, famous people or businesses with which they have no connection. The onus is then on the trademark owner to enforce their rights through civil litigation, administrative procedures or negotiations. This is why it is important for brand owners to understand that a trademark registration does not automatically grant domain name protection, and vice versa. Brand owners need to defensively protect and enforce their trademarks and domain names separately.

Tools to Identify Anonymous Infringers

The easiest way to look up the owner of a domain name is through the Whois database, a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership and requires that registrars and registries (the website host) publish point of contact information. This is the most common way to identify and contact a potential infringer in order to send a cease and desist letter, take down notice, or serve a civil complaint. However, these traditional infringement remedies are not necessarily effective when the cybersquatter has registered the infringing domain name anonymously. Over the past few years there has been a significant rise in anonymous domain registration. This is a relatively recent change, resulting from the implementation of new privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR). Now anyone can register a domain name anonymously by using a proxy company like Domains By Proxy (owned by GoDaddy) or Name Silo. These companies are legal and are frequently used by cybersquatters to provide an extra layer of privacy protection, making it ever harder for trademark owners to identify the infringer and enforce their rights.

Instead of displaying the registrant’s actual information in the WhoIs database, a service like Domains by Proxy will replace the registrant’s information with its own. So when you look up the domain name in the WhoIs directory the record will look something like this:

• Domain Name: www.domainname.com
• Registrar WHOIS Server: whois.godaddy.com
• Registrar URL: https://www.godaddy.com
• Updated Date: Date the domain was last updated
• Creation Date:Date the domain was originally registered
• Expiration Date: Expiration date
• Registrar Abuse Contact Email: abuse@godaddy.com
• Registrar Abuse Contact Phone: +1.4806242505
• Registrant Name: Registration Private
• Registrant Organization: Domains By Proxy, LLC
• Registrant Street: 2155 E GoDaddy Way
• Registrant City: Tempe
• Registrant State/Province: Arizona
• Registrant Postal Code: 85284
• Registrant Country: US
• Registrant Phone: +1.4806242599
• Registrant Fax: +1.4806242598
• Registrant Email:domainname@domainsbyproxy.com or a randomized email address

Domain proxy services are still required to release a registrant's personal information in some cases, such as by a court ordered subpoena or for other reasons listed in the company’s Domain Name Proxy Agreement. However, obtaining a subpoena or other court order to obtain this information typically requires filing a civil complaint and can cost considerable time and expense.

UDRP

An alternative solution when dealing with domain name infringement is the Uniform Domain Name Dispute Resolution Policy (“UDRP”). Initiating a UDRP proceeding against an anonymous cybersquatter is a quick and effective administrative procedure that can be used by trademark owners to enforce their rights and recover a domain name that bears their trademark. The leading ICANN-accredited domain name dispute resolution service provider is the World Intellectual Property Organization (“WIPO”). As of November 20, 2020, WIPO had administered 50,000 UDRP proceedings covering more than 91,000 domain names involving parties from more than 180 countries.

In most cases, a UDRP Complaint can be filed against a domain owner even if the domain is registered anonymously. The Complaint must contain the domain name registrant’s information, even if this is just the publicly identified registrant in the registrar’s WhoIs database such as “Name Redacted” or “Private Registration.” If it matches the WhoIs database information, then such a complaint will be accepted by WIPO for review and the domain name registrant, even if a WhoIs privacy/proxy service, is required to submit to the mandatory UDRP proceeding.

In order to prevail, a UDRP Complaint must contain three basic elements: 

1. The registrant’s domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
2. The registrant has no rights or legitimate interests in respect of the disputed domain name; and
3. The disputed domain name has been registered and is being used in bad faith.

The first element is relatively easy to meet if the trademark is registered. UDRP panels have consistently held that where a domain name wholly incorporates a trademark holder’s registered mark, that is sufficient to establish that the domain name is confusingly similar to the mark. As for the second element, under the UDRP, a respondent is generally considered to have no rights or legitimate interests in a domain name if (a) the respondent does not use, or undertake demonstrable preparations to use, the domain name in connection with a bona fide offering of goods and services, (b) the respondent is not commonly known by the domain name and (c) the respondent is not making a legitimate noncommercial or fair use of the domain name. Proof that the infringing domain name hosts a website with no content, or that the site is merely a “for sale” sign for the domain name is usually sufficient. If the website contains content that includes the registered trademark or sells competing goods and services, this is also evidence that there is no legitimate or bona fide offering of goods and services. To satisfy the third element, the complainant must submit evidence that the registrant acquired the domain name in bad faith. Evidence that the registrant acquired the domain name to sell, rent or otherwise transfer the domain name to the complainant or to a competitor of the complainant for a price much higher than what the registrant paid for it, or solely to use the goodwill of the trademark to attract Internet users to its own site typically supports a finding of bad faith.

The respondent has the opportunity to submit a Response and defend against the allegations in the Complaint. However, it is our experience that if the respondent is truly acting in bad faith, they do not respond. If they default, the UDRP provider will then quickly move the case along. A panelist is appointed to decide the case and issue an opinion whether the domain name should be transferred or cancelled. The panelist is informed of the respondent’s default and can take this fact into account in deciding the case. A successful ruling will order the infringing domain name to be transferred to the trademark owner or cancellation at the offender’s expense. There are no monetary damages or injunctive relief available in UDRP disputes. The accredited domain name registrars (GoDaddy, Domain.com, Squarespace, etc.) who have agreed to follow the UDRP must implement the decision after a period of ten days, unless the decision is appealed in court.

Dispute resolution at WIPO is much faster and less expensive than litigation in courts, and cases are normally resolved within three months using, except in extraordinary cases, only online procedures. The basic cost is $1,500, but if the complainant wants more than the standard single panelist, there are additional charges.

Additional Steps to Take to Protect Domain Name

As evidenced with the Maryland license plate example, defensive domain name registration and renewals are ultimately the most cost-effective way to enforce your brand online. Domain name registration and trademark registration should be considered in tandem to ensure full brand protection. Domain name registrations are typically between one and ten years. If you wish to continue using the domain name, you must renew it with your registrar before it expires or risk losing the name for a short time or even losing it for good. Failing to stay on top of domain name renewal, even for a few hours, can disrupt your online presence. In April 2021, Google Argentina’s domain name was out of action for two hours and someone was able to purchase the domain name, resulting in millions of Google searches and website visitors going to the new domain name holder. (If you are unsure as to which registrar you used for your domain name, you can conduct a search on ICANN’s site.) When your domain name registration is about to expire (or “drop”), the registrar is required to notify you, typically via email. It is best practice for you, or your lawyer, to docket your domain name registration and expiration date so you can renew it before it expires. Even if you are no longer using the domain address, if the domain name contains your registered trademark, or your company name, it is in your best interest to retain ownership of the domain and/or have it redirected to your new website address. 

Lutzker & Lutzker is available to provide assistance with trademark and domain registration, monitoring and trademark enforcement.