Dear Gimlet: An Open Letter About the Dark Side of Domain Names

Dear Gimlet:

I've been a fan of your podcasts since the first episode of StartUp ("How Not to Pitch a Billionaire") three years ago.

So, as a domain name attorney for more than two decades, you can imagine my interest when I heard that your new season was launching with a profile on the domain name industry.

I quickly listened to the first episode, "The Domain King," in which you focused on how one well-known opportunist, Rick Schwartz, made riches by registering, using and selling domain names -- starting in 1995 -- that consisted of or contained generic words such as porno.com, candy.com and servicedepartment.com.

As your podcast made clear, Schwartz was a part of the Internet gold rush, fortunate to have identified the importance (and rewards) of domain names when generic dot-coms were still available. That he and others made many millions in the domain name industry is truly a great story. Which is why, I'm sure, you chose this topic for your podcast.

But, your podcast ignored an important -- and dark -- side of the domain name industry: Cybersquatting.

About Cybersquatting

"Cybersquatters" are people who register domain names that are identical or confusingly similar to someone else's trademark and then use the domain names in an improper manner. Unlike domainers who have found clever ways to profit from using domain names that contain generic words, cybersquatters use trademarks in domain names to cheat businesses, compete unfairly, trick consumers, create confusion and engage in all sorts of nefarious and often illegal activities and scams.

Cybersquatting is not new. And it isn't going away.

Perhaps a few examples will make clear just what cybersquatting is and why it causes problems. In all of the following cases, the domain names were registered by someone other than the obvious trademark owner:

  • Phishing: As I wrote about just last week, a cybersquatter registered the domain name <web-account-google.com> and used it to create a web page that looked like Google and had a login form where visitors were asked to enter their email addresses and passwords. This is a common "phishing" scam to get unauthorized access to an unsuspecting user's account.
  • Financial fraud: The registrant of the domain name <schwhab.com> used it to obtain personal contact information from users by creating a false suggestion that its website was related to Charles Schwab & Co.
  • Employment scams: A cybersquatter who registered the domain name <intercontinental-hotel.com> used it to impersonate the owner of the luxury Inter-Continental hotel brand, sending emails with addresses that contained the domain name. The emails were designed to trick recipients into believing they were being offered hotel jobs but instead deceptively collected personal information from those who fell for the scam, unaware that they were communicating with a cybersquatter instead of someone at the hotel company.
  • Malware: The registrant of the domain name <twitter.org> created a website that distributed malware -- that is, malicious software that can spread viruses on a computer -- putting visitors at risk.
  • Pornography: It's one thing for Rick Schwartz to use the domain name <porno.com> to offer pornography. As you point out in your podcast, anyone who visits a website with that domain name is probably seeking the content that he'll find. But it's something quite different when, as actually happened, a cybersquatter registered the domain name <pokemonl.com>  -- which contains a typographical variation of the famous children's animated character -- and redirected visitors to pornography and gambling websites.
  • Obscenity: The registrant of the domain name <prada-baby.net> presented visitors with child pornography.
  • Counterfeiting: A cybersquatter who registered the domain name <tagheuer-watches.com> created a website that falsely appeared to be for an authorized reseller of the luxury watches. The website even included the TAG Heuer logo and the word "authorized" along with photographs of real TAG Heuer watches. But the watches actually sold on the website were counterfeit copies of the authentic products.
  • Drug sales: Because consumers are obviously eager to find less expensive ways to fill their prescriptions, one cybersquatter registered the domain name <genericvalium.net> and offered to sell prescription drugs to consumers without a prescription -- even though doing so is illegal in the United States, to protect patients.

Clearly, these few examples highlight the unfortunate harm easily -- and frequently -- created by cybersquatters. Fortunately, all of these examples were resolved through a popular domain name dispute process that was created to combat cybersquatting.

Fighting Cybersquatting

The Uniform Domain Name Dispute Resolution Policy (UDRP) was created by the Internet Corporation for Assigned Names and Numbers (ICANN). Since 1999, it has resulted in more than 60,000 cases in which trademark owners have filed claims to stop cybersquatting.

The UDRP is an alternative to traditional trademark litigation, which was not designed for domain name disputes and, like most forms of commercial litigation, is expensive and time-consuming. The UDRP, on the other hand, is relatively inexpensive and quick and has resulted in decisions favoring trademark owners more than 85 percent of the time.

The UDRP, too, has spawned other domain name dispute policies, including those that apply to certain country code top-level domain names (such as .us, .uk, .fr and many more) as well as the Uniform Rapid Suspension System (URS), which applies to the 1,000+ "new" generic top-level domains (new gTLDs) that you mentioned in your podcast (such as .pizza, .link, .email, .audio and .media -- and .law, which I now use on this website).

A large part of my legal practice is devoted to helping trademark owners pursue cybersquatters. As I tell them all the time, I'm never surprised by the devious tactics and new tricks that I see.

Indeed, despite legal tools such as the UDRP, cybersquatting is getting worse, not better. Notably:

  • Last year, 2016, represented a record year for the number of domain name disputes filed at the World Intellectual Property Organization (WIPO), the leading dispute service provider.
  • Many cybersquatters have large portfolios of domain names. In the largest UDRP complaint ever filed (in which I represented the trademark owner), a single cybersquatter registered more than 1,500 domain names that contained trademarks owned by one of my clients.
  • The addition of more than 1,000 new gTLDs in recent years (the benefits of which your podcast guests debated) has created new opportunities for cybersquatting. One particularly motivated cybersquatter already has faced more than 50 domain name disputes after he registered domain names that primarily consisted of well-known trademarks in the .email top-level domain, such as <footlocker.email>, <eharmony.email> and <ebaysupport.email>.

Of course, most of the more than 330 million domain names registered are not being used improperly -- or, at least, relatively few of them will ever end up in a legal dispute. But that's no indication that cybersquatting is a minor problem, or one that should be ignored.

The Future of Cybersquatting

Unfortunately, a number of factors make cybersquatting a popular activity for many:

  • Domain name registrations are cheap and easy to obtain.
  • An active aftermarket in domain name sales, as your podcast highlighted, has encouraged some hopeful enthusiasts to ignore trademark law in their race for riches.
  • Cybersquatters can easily hide their identities behind privacy services or by providing false identities and contact information. I once filed a domain name dispute on behalf of a jewelry company against "Barack Hussein Obama Jr" -- because that was the (obviously fictitious) name used by the cybersquatter who registered a number of domain name that contained my client's trademarks.
  • Facing a mountain of potential domain name disputes, trademark owners must be selective in choosing which to pursue, because resources are obviously limited.

As a result, fighting cybersquatting often has been likened to the carnival game of whack-a-mole -- except, on the Internet, more troublesome domain names often pop up than are eliminated.

This means that trademark owners must spend a growing amount of time, effort and money -- expenditures that are only necessary to protect, not to grow, their businesses. And if they don't, not only will their bottom lines suffer, but so, too, will their consumers, who fall victim to the cybersquatters' schemes.

This is the dark side of the domain name business that your podcast overlooked. A side that's not as glamorous as what your podcast described as "one of the great opportunities in American business." A side that is hurting businesses. And consumers.

But, perhaps, shining some light on this dark side will help make more people aware of the dangers of cybersquatting, keep some Internet users from falling prey to the cybersquatters' scams, and educate businesses about the legal tools they have to fight back.

Sincerely,

Doug Isenberg