The so-called notice-and-take-down provisions of the Digital Millennium Copyright Act (DMCA) provide both a very effective tool for copyright owners to get infringing content removed from the Internet as well as an important protection for service providers (such as website hosting companies) that may inadvertently publish infringing material, either directly or via user-generated content. But, the DMCA is neither a perfect weapon or shield. It cannot be invoked in every instance of online infringement -- and, even when it does apply, the DMCA is not always productive.

Here are five (of many!) myths and truths about limitations on the DMCA take-down notice process:

1.

Myth: A service provider is required to take down allegedly infringing content if it receives a proper notice under the DMCA.

Truth: The DMCA does not require a service provider to take down allegedly infringing content. Instead, the DMCA gives service providers an incentive to do so by providing that they "shall not be liable for monetary relief" if they comply with a proper DMCA notice. Not all service providers have opted into the DMCA system, and even those who have opted-in are not obligated to take down content.

2.

Myth: Service providers are required to take down infringing content within 24 hours of receiving a proper DMCA notice.

Truth: The DMCA does not specify a timeline for a service provider to take down allegedly infringing content. Instead, the DMCA requires only that service providers "act[] expeditiously to remove, or disable access to, the material." In practice, however, service providers familiar with the DMCA often take down infringing content within 24 hours.

3.

Myth: Every U.S.-based service provider is obligated to comply with the DMCA process.

Truth: Service providers (in the United States and elsewhere) must opt-into the DMCA system if they want to avail themselves of its protections -- and many fail to do so. The DMCA protections apply "only if the service provider has designated an agent to receive notifications of claimed infringement." A list of agents is available at the U.S. Copyright Office.

4.

Myth: If a service provider has not appointed a DMCA agent at the U.S. Copyright Office, there's no reason for a copyright owner to send a take-down notice.

Truth: Many service providers that have not opted into the DMCA system nevertheless act in accordance with the DMCA. In other words, a copyright owner may find it worthwhile to submit a DMCA take-down notice to a service provider even if the providerhas not appointed an agent, because the service provider may remove the infringing content upon receipt of the notice.

5.

Myth: Once a service provider has taken down infringing content in response to a DMCA notice, the content will be permanently removed.

Truth:  An alleged infringer can file a "counter notification" in response to a copyright owner's take-down notice. If that occurs, the service provider may, under certain circumstances, restore access to the allegedly infringing content and remain exempt from liability.

ICANN's recent announcement of what it called "an exciting milestone in the evolution of the domain name system" -- the delegation of the 1,000th new generic top-level domain (gTLD) -- went largely unnoticed. While that's consistent with the new gTLD program in general (at least from the perspective of the general public), that doesn't mean trademark owners should forget about them. I can't think of a single new gTLD that I've seen promoted in a mainstream advertisement or any company's marketing materials.

Of course, as a domain name attorney, I'm well aware of the new gTLD program in general, as well as some specific adoptions, such as <abc.xyz> by Google's parent Alphabet; <badgerbank.bank> by a small bank in Wisconsin; and <global.canon> by the camera company.

The nTLDStats website reports that more than 26 million new gTLDs already have been registered. And a $70 million offer from one registry operator (Donuts) to another (Rightside) clearly says something about the size and scope, if not the perceived future importance, of the domain name business.

But most people with whom I talk outside the domain name industry seem fully unaware of any of this.

The sheer number of new gTLDs means that most of them are struggling for recognition. Indeed, excluding the top five most-popular new gTLDs (.xyz, .top, .wang, .win and .club), no new gTLD accounts for more than 2% of the market, according to nTLDStats.

Many of the new registrations are speculative, defensive or infringing -- none of which seems to be sustainable.

As I've written before, new gTLDs are appearing with increasing frequency in domain name disputes. Indeed, of the top 10 most-disputed top-level domains in proceedings at the World Intellectual Property Organization (WIPO) so far this year (through June 28, 2016), half are new gTLDs (.xyz, .top, .club, .online and .cloud). Trademark owners are usually finding it pretty easy to win proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP), depriving domain name registrants of any benefits they have sought in registering in the new gTLDs.

In some UDRP decisions, the new gTLD is even making a trademark owner's case stronger. For example, in ordering transfer of the domain name <premierleague.club> to The Football Association Premier League Limited, one UDRP panel wrote:

In the Panel’s view, the inclusion of the TLD “.club” does not diminish the confusing similarity. To the contrary, this Panel finds that the inclusion of the descriptive term “club” reinforces the confusing similarity between the PREMIER LEAGUE trademark and the disputed domain name because the teams that compromise Complainant’s league are commonly referred to as clubs.

(See also my earlier blog post: "When is the Top-Level Domain (TLD) Relevant in a Domain Name Dispute?")

Still, in many cases, trademark owners are simply choosing to ignore the new gTLDs because they don't value them for themselves and they sometimes don't care what a cybersquatter is doing in a gTLD that no one knows about.

But trademark owners cannot ignore the new gTLDs entirely. Some gTLDs may be more important than others, due to their popularity or their relevance to the trademark owner's business. And some domain names using new gTLDs may be particularly problematic, based on how they are being used.

Ultimately, it seems as if a relatively small number of the now 1,000+ new gTLDs are likely to gain much traction. Trademark owners would be wise to monitor their popularity and selectively enforce their rights when doing so is necessary or important to protect their brands.

One of the most popular top-level domains under the Uniform Domain Name Dispute Resolution Policy (UDRP) is not even a gTLD (generic top-level domain). It's a ccTLD: .co, the country-code top-level domain for Colombia, in South America. Based on statistics at WIPO as of this writing, 29 .co domain names have been the subject of UDRP disputes this year, making it the most-disputed ccTLD under the popular domain name dispute policy.  The same has been true every year since 2010, when .co domain names apparently first became subject to the UDRP -- 11 years after the UDRP itself went into effect. Despite its late entry into the UDRP system, .co is in fact the most-disputed ccTLD ever under the UDRP (at least at WIPO), with 388 domain names in dispute.

(Granted, the number of .co UDRP disputes pales in comparison with the number of .com UDRP disputes: As of this writing, 1,464 .com domain names have been the subject of UDRP disputes this year at WIPO.)

At least 38 ccTLD operators, including .co, have adopted the UDRP, but only .co appears with any regularity in UDRP proceedings. Only the ccTLDs for Tuvalu (.tv) and Romania (.ro) rank in the top 10 among all ccTLDs for which WIPO administers domain name dispute policies.

So, why is .co (relatively) popular among disputed domain names?

The answer is probably obvious: .co is the top-level domain name that is most similar to .com. (While .cm, the ccTLD for Cameroon, is also only one character "off" from .com, the .cm registry has not adopted the UDRP.)

As a result, some cybersquatters find .co domain names attractive, hoping to catch Internet users who commit a typo by omitting the letter "m" when entering a website address.

For example, the following domain names, all of which have been the subject of UDRP disputes since last year, contain well-known trademarks:

• <autodesk.co>
• <traderjoes.co>
• <novonordisk.co>
• <7eleven.co>
• <publix.co>
• <skechers.co>
• <altria.co>
• <philips66.co>

In each case, the trademark owner that filed the UDRP complaint prevailed.

In one case, involving the domain name <sanofi.co> and the trademark SANOFI, a UDRP panel noted the obvious: "The Domain Name is identical to the Complainant’s mark… but for the suffix '.co', which the Panel accepts is to be disregarded for the purposes of the present test. Accordingly, the Complainant has established that the Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights."

Not only is .co obviously similar to .com, but several years ago, when Colombia granted a third party the right to manage its ccTLD, .co suddenly became the subject of an intense marketing campaign, the result of which was "to spread awareness about .CO domain names within a community of frequent domain purchasers," one writer said in 2012. The ccTLD even made an appearance in a GoDaddy Super Bowl TV ad "urging people to register a .CO domain before someone else snatches it up and gets rich doing so," Adweek reported in 2013.

The arrival of hundreds of new gTLDs (a few of which have proven moderately popular) has since taken over most of the publicity around domain name availability. But .co remains a quiet threat to trademark owners, who obviously are filing UDRP complaints with success to recover these problematic domain names.

As I've written before, the Uniform Rapid Suspension System (URS) -- the domain name dispute policy applicable to the new generic top-level domains (gTLDs) -- is just not catching on. Whether because of its limited suspension remedy, high burden of proof or other reasons, the URS remains unpopular among trademark owners. However, there's one interesting use to which the URS can be put: as a variation of a preliminary injunction.

While a true preliminary injunction is typically a court order to preserve the status quo, sometimes an injunction is used as a stop-gap measure to prevent a party from suffering immediate irreparable harm unless certain action is taken. In court, a preliminary injunction precedes further judicial action in the same proceeding.

While the URS doesn't strictly fit this definition, it can be used to the same effect.

Here's how: While the URS (which allows a trademark owner to get a domain name temporarily suspended) and the Uniform Domain Name Dispute Resolution Policy (UDRP) (which allows a trademark owner to get a domain name transferred to itself) are typically thought of as separate ("either-or") legal remedies, they can be used in conjunction.

Specifically, paragraph 13 of the URS states:

The URS Determination shall not preclude any other remedies available to the appellant, such as UDRP (if appellant is the Complainant), or other remedies as may be available in a court of competent jurisdiction. A URS Determination for or against a party shall not prejudice the party in UDRP or any other proceedings.

As a result, a trademark owner can take advantage of both the quick suspension remedy of the URS (determinations are typically issued within about 17 days) as well as the long-term transfer remedy of the UDRP (which usually requires about two months to reach a decision -- plus an additional 10 business days before implementation). To do so, a trademark owner could file a URS complaint followed by a UDRP complaint after the disputed domain name has been suspended.

The result (assuming the trademark owner is successful in both proceedings): The disputed domain name is quickly suspended, preventing any further harm, and then later transferred, allowing the trademark owner to use the domain name as it wants or at least to permanently keep anyone else from using it.

At least one trademark owner who pursued this approach has found success. Yves Saint Laurent won a URS determination for the domain names <saintlaurent.club> and <ysl.club> on July 22, 2014, followed by a UDRP decision for the same domain names, against the same registrant, on April 18, 2016.

Importantly, the panel in the UDRP case had no problem in finding bad faith even though, at the time of the UDRP proceeding, the domain names were still associated with suspension pages (as a result of the earlier URS determination). Specifically, the UDRP panel wrote:

The Panel notes for completeness that it does not consider that the web pages associated with each of the disputed domain names in their suspended incarnation, each stating that the disputed domain name has been taken down pursuant to the URS, constitute any "use" by the Respondent which should have any effect upon the analysis of whether such domain name is being used in bad faith in terms of the UDRP. In the Panel's opinion, it is the Respondent's use prior to any such suspension that is the focus of this question, namely during the period when the Respondent was in a position to exercise control over the disputed domain names.

Accordingly, the domain names that were previously suspended under the URS were ordered transferred to Yves Saint Laurent under the UDRP. Although Yves Saint Laurent apparently waited about 20 months after the URS determination before filing its UDRP complaint (while the domain names were still suspended), there's no reason why a trademark owner couldn't proceed directly to the UDRP after (or even before) receiving a URS determination.

Given the minimal cost associated with a URS proceeding (the Forum's filing fees start at only $375), the one-two punch of the URS-UDRP approach may be something that more trademark owners should consider.

Although domain name disputes involving adult content are among the oldest types of cybersquatting schemes, it seems as if porn sites using someone else's trademarks are less common than in the past -- perhaps because cybersquatters have found more effective ways to monetize their domain names. Or perhaps because they've consistently lost domain name disputes where sex-related websites are involved. Despite this background and the recent trend, one UDRP case is notable: <badhellokitty.com>.

For the benefit of those who don't have young children, or weren't children themselves since the mid 1970s, "Hello Kitty" is a fictional character originally aimed at pre-adolescent girls whose image first appeared on a vinyl coin purse and now can be seen on everything from plush toys to diaper bags to dresses. The "Hello Kitty" brand is owned by a company called Sanrio, which says the character "loves to bake and she can make really delicious cookies."

The Los Angeles Times has described "Hello Kitty" as "a part of global popular culture" since 1974, and Wikipedia cites the Detroit Free Press for valuing the "Hello Kitty" brand at "about $7 billion a year."

Naturally, the character's value holds appeal for those who want to take advantage of it, regardless of their rights or the consequences of their actions.

Enter <badhellokitty.com>.

In a UDRP dispute filed by Sanrio, the panel said simply that the domain name was used by its registrant in connection with "adult oriented materials." A search of the Internet Archive's Wayback Machine (which UDRP panels often cite) shows that the domain name was previously used to promote a woman who describes herself as Mistress Kitty -- "a Fetish Professional" who specializes in such things as "Sensual Bondage" and whose "greatest joy" is in "helping someone realize their deepest, darkest fantasies."

(Interestingly, a photograph of Mistress Kitty shows her with a patch of pink across the front of her blonde hair -- similar to the pink ribbon that the Hello Kitty character always displays across her white head.)

The website using the <badhellokitty.com> domain name included photographs of Mistress Kitty performing some of her services with a nude man. Another page lists Mistress Kitty's fees, starting at $250 per hour.

Regardless of what anyone may think of Mistress Kitty, her services or the photos on her website, one thing is without question: The content is not suitable for children. And the UDRP panel readily agreed, entering an order with minimal discussion that the domain name should be transferred to Sanrio (which, presumably, will maintain the domain name registration but disassociate it from any website).

Of course, not all sex-related cybersquatting takes advantage of popular children's brands. But frequently, using a domain name that contains someone else's trademark in connection with adult-related content is not something that domain name panelists look upon favorably.

As one UDRP panel wrote many years ago, in a dispute against the popular cybersquatter John Zuccarini:

Respondent’s acts of typo-squatting and redirecting the Domain Name to pornographic websites do not qualify as a bona fide offering of goods or services.... Bad faith is further evidenced by Respondent’s use of the Domain Name to forward Internet browsers to websites featuring pornographic material.

The <badhellokitty.com> case is just one of the latest examples of cybersquatting and adult-related content. It also makes clear that anyone -- any trademark owner -- can be targeted by cybersquatters without regard to the impact on consumers.

Click above for a replay of the GigaLaw webinar, "Cybersquatting and Banking: How the Financial Services Industry Can Protect Itself Online." The webinar was presented live on May 11, 2016. In this free webinar, Doug Isenberg of GigaLaw and Craig Schwartz of fTLD Registry Services provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. While some new top-level domains (such as fTLD’s .BANK and .INSURANCE) provide protection for trademark owners, the availability of nearly 1,000 new TLDs is also creating new opportunities for cybersquatters.

As recent news reports indicate, online banking scams are leading to multi-million-dollar losses, so the need has never been greater to safeguard the future of conducting financial transactions on the Internet.

This webinar will explain how trademark owners in the financial services industry (and other frequently targeted business sectors) — as well as anyone who interacts with these industries online — can proactively protect themselves against cybersquatting and use important rights protection mechanisms such as the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) to respond to online attacks.

Playing time is approximately one hour.

Related blog posts:

• The Growing Threat of Cybersquatting in the Banking and Finance Sector
• The Hope and Threats of New Domain Names for the Financial Services Sector
• Old Cybersquatting Tactic is New Again: A Case Study from the Banking Industry

Many trademark owners are continuing to fall for one of the oldest tricks in the cybersquatter's handbook: Failing to register a domain name that contains "www" as its first three characters. To be clear, I'm referring to a second-level domain that includes "www" in it -- not a web address (or URL) that uses "www" at the beginning as a third-level domain.

For example:

• In the URL www.bankofamerica.com, the relevant (second-level) domain name -- that is, the portion that is (or, rather, was) available for registration to anyone -- is simply "bankofamerica".
• In the URL wwwbankofamerica.com (without a dot between "www" and "bankofamerica"), the relevant (second-level) domain name is actually "wwwbankofamerica".

The difference in the above two examples is that the second one ("wwwbankofamerica.com") includes the characters "www" as a part of the domain itself. And, as a panel under the Uniform Domain Name Dispute Resolution Policy (UDRP) wrote in one of the earliest decisions addressing this type of activity, <wwwbankofamerica.com> "takes advantage of a typing error (eliminating the period between the www and the domain name) that users commonly make when searching on the Internet."

Since Internet users commonly, and unintentionally, "drop the dot," they end up at a website that may be unrelated to the website they were seeking. In the nearly 16-year-old Bank of America case, the domain name registrant "transport[ed] users to a website that [wa]s designed to derive revenue and profits from the banner ads and other commercial content," according to the UDRP decision.

Despite the age of the Bank of America UDRP decision, cybersquatters are still registering domain names that contain an unnecessary and misleading "www" -- because trademark owners still forget to register those variations of their trademarks as domain names. Recent UDRP decisions include those involving the following domain names:

• <wwwcalbanktrust.com>
• <wwwlegoworlds.com>
• <wwwnetbet.com>
• <wwwallianzworldwidecare.com>
• <wwwthehartford.com>
• <wwwcarrefour.com>
• <wwwfurla.com>
• <wwwathenahealth.com>
• <wwwmicrosoftword.com>
• <wwwchoicehotels.com>

In an variation on the same theme, some cybersquatters register domain names containing "www-" at the beginning (to catch Internet users who mistype a dash instead of a dot). Recent UDRP decisions in that scheme include those involving the following domain names:

• <www-lendingtree.com>
• <www-youtubeaccelerator.com>
• <www-capitalonebank.com>
• <www-exness.com>

In all of the UDRP decisions for the domain names listed above, the trademark owners prevailed, obtaining orders transferring the domain names away from the cybersquatters. But, in some (if not all) cases, not before damage was done. In the Choice Hotels case, for example, the trademark owner alleged that the domain name "resolve[d] to either third-party websites offering competing hotel reservation services or sites comprised of pay-per-click links to competing hotel reservation services," according to the UDRP decision, apparently resulting in lost business. Similarly, in the Capital One case, the domain name directed Internet users to "competing services."

UDRP panels typically have no reluctance to find such "www" domain names confusingly similar to the relevant trademarks. In the Carrefour case, for example, the panel wrote: "The similarity between the mark and the disputed domain name is obvious and does not require elaboration."

In addition, UDRP panels often find inclusion of "www" in a domain name containing a third party's trademark to constitute evidence of bad faith, in and of itself. Such a practice "is an obvious case of typosquatting," as the panel in the Furla case said.

In other words, these "www" domain names are typically strong UDRP cases for trademark owners, even if some of them could have been avoided in the first place by strategic domain name registrations.

A just-launched ICANN "working group" (of which I am a member) will -- eventually -- help to determine the future of the Uniform Domain Name Dispute Resolution Policy (UDRP), the 17-year-old domain name arbitration system that has been embraced by trademark owners and criticized by some domainers; as well as the Uniform Rapid Suspension System (URS), the new (and limited) arbitration process that applies to the new gTLDs. The Policy Development Process Working Group has been chartered by ICANN's Generic Names Supporting Organization (GNSO) Council to review the rights-protection mechanisms (RPMs) that have been developed for all generic top-level domain names (gTLDs). Despite the numerous acronyms necessary to describe the group, the charter is relatively straightforward and includes two phases:

• Phase One will focus on "a review of all the RPMs that were developed for the New gTLD Program" -- including "the Uniform Rapid Suspension System (URS); the Trademark Clearinghouse (TMCH) and the associated availability through the TMCH of Sunrise periods and the Trademark Claims notification service; and the Post-Delegation Dispute Resolution Procedures (PDDRPs)."
• Phase Two will focus on "a review of the UDRP" -- which the charter notes "has not been subject to comprehensive review."

The list of potential questions the group will address include important issues, such as:

• Should UDRP complaints be subject to a statute of limitations?
• Are domain name registrants' free speech rights adequately protected under the UDRP?
• Should the UDRP's requirement that a domain name be "registered and is being used in bad faith" be changed to registration or use in bad faith, as under some other domain name dispute policies?
• Should UDRP panels be able to award monetary damages?
• Should default judgments be available if a domain name registrant fails to file a response?
• Should complainants face penalties for "reverse domain name hijacking" -- that is, when the UDRP has been used in bad faith?
• Should the URS allow for a "perpetual block" of a domain name, not just a temporary suspension?

And these are just a few of the nearly 100 "potential issues for consideration" listed in the group's charter.

Given its large (and, in many cases, surely controversial) agenda -- and, in any event, like all ICANN activities -- this RPM working group likely will take a long time before issuing its reports; one of the group's anticipated three co-chairs suggested during the first phone call that it would probably be "late 2017" before Phase One is complete -- and even that timing could be optimistic. Plus, any resulting recommendations ultimately must be approved by the ICANN board, as set forth in the GNSO Policy Development Process (PDP) .

As a result, although it's impossible to know what the RPM working group will decide on any of the topics on its plate, it's safe to say that no changes to the UDRP or the URS are imminent.