"Past performance does not necessarily predict future results." That's what the U.S. Securities and Exchange Commission requires mutual funds tell investors. But it's also true about domain name disputes.

Cases in point: In four recent proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP), the operator of a large bank won two decisions but lost two others, despite a track record of having won more than 30 previous UDRP disputes.

The complainant was Webster Financial Corporation, and all four of the cases involved the same trademark (HSA BANK) and the same type of activity by the domain name registrant (pay-per-click sites with links for competing services). The differing decisions were all issued within a two-week period of time.

Here are the decisions:

• Webster Financial Corporation v. SATOSHI SHIMOSHITA, Forum Claim No. FA1611001704955 (January 3, 2017): Panel denied transfer of <hsbank.com>.
• Webster Financial Corporation v. Domain Manager / Affordable Webhosting, Inc., Advertising, Forum Claim No. FA1612001705353 (January 6, 2017): Panel denied transfer of <hssbank.com>.
• Webster Financial Corporation v. Zhong Wan / Wanzhongmedia, Forum Claim No. FA1611001704956 (January 9, 2017): Panel ordered transfer of <hasabank.com>.
• Webster Financial Corporation v. Domain Admin / Hush Whois Protection Ltd., Forum Claim No. FA1612001705381 (January 16, 2017): Panel ordered transfer of <hasbank.com>.

At first glance, it might appear that the opposite outcomes reinforce a criticism of the UDRP: that the 17-year-old domain name dispute policy is unpredictable and subject to the whims of panelists. That would be a mistaken conclusion.

Rather, the different decisions can be explained by what seems to be a simple but essential factual difference: In the two cases that Webster Financial Corporation won, the disputed domain names were registered after the company's trademark rights arose; and in the two cases that Webster Financial Corporation lost, the disputed domain names were registered before the company's trademark rights arose. The issue is critical to the "bad faith" element of the UDRP.

As the panel in the <hssbank.com> case wrote:

Respondent registered the domain name a full year before Complainant introduced the claimed mark to commerce. Respondent therefore could not have entertained bad faith intentions respecting the HSA BANK mark because it could not have contemplated Complainant’s then non-existent rights in it either at the moment the domain name was registered or at any point in the succeeding year.

This conclusion, while not always consistently applied, is (as the panel noted in the <hsbank.com> case), the "consensus view" of UDRP panels, as described more fully in the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition:

Generally speaking..., when a domain name is registered by the respondent before the complainant's relied-upon trademark right is shown to have been first established (whether on a registered or unregistered basis), the registration of the domain name would not have been in bad faith because the registrant could not have contemplated the complainant's then non-existent right.

Whether the essential dates were overlooked by Webster Financial Corporation's attorney (the decisions indicate that the same attorney filed all four complaints) or whether the attorney argued that the panels should find bad faith despite the dates is unclear. But one thing is certain: Webster Financial Corporation's previous UDRP victories -- like those of any trademark owner -- do not guarantee ongoing success, given that the facts may differ.

Indeed, of Webster Financial Corporation's prior winning domain name dispute decisions, at least a dozen involved the same HSA BANK trademark -- and all had resulted in orders to transfer the domain names.

But the recent differing decisions are an important reminder that although trademark owners can often be encouraged by previous victories, they can't rely on them and instead must evaluate the merits of each dispute independently. Failure to do so could end a streak of winning UDRP decisions.

A company that registers a domain name containing someone else's trademark may be engaging in the acceptable practice of "defensive registration" if (among other things) the domain name is a typographical variation of the registrant's own trademark. That's the outcome of a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), a case in which the domain name in dispute, idocler.com, contained the complainant's DOCLER trademark -- but also contained a typo of the respondent's DOLCER trademark.

The UDRP complaint was filed by Docler IP S.à r.l. and related companies, all in Europe, that own the DOCLER trademark. According to the UDRP decision, Docler IP apparently uses the DOCLER trademark in connection with "a web platform with music, storytelling, and similar entertainment services."

The disputed domain name was registered by a Chinese company that "sells speakers and similar products under the name DOLCER," which is protected by an EU trademark registration.

Note the slight difference: The complainant's trademark is DOCLER, while the respondent's trademark is DOLCER. And, importantly, the respondent's domain name contains the complainant's trademark.

The UDRP panel had no trouble finding the domain name <idocler.com> confusingly similar to the complainant's trademark DOCLER, succinctly stating that the addition of the letter "i" to the domain name "does not obviate confusion." (Indeed, other UDRP decisions have found that inclusion of the letter "i" in a domain name that contains the complaint's trademark is irrelevant for purposes of confusing similarity. For example, in a dispute that included the domain name ambien-i.com, one panel said that the letter "i" is "a common prefix and suffix in domain names" that "may lead consumers to believe that a product or service may be ordered online" and therefore can "heighten the risk of confusion.")

However, a finding of confusing similarity is just one of three UDRP requirements, the third of which -- bad faith -- proved determinative. The panel in the idocler.com case found that the respondent had engaged in a "defensive registration" of the domain name and therefore had not acted in bad faith. As a result, the UDRP panel denied a transfer of the domain name.

So, what exactly, is a defensive registration?

According to email correspondence reviewed by the panel in the idocler.com case, "the Respondent has suggested that it registered the disputed domain name well prior to the commencement of this dispute in connection with its speaker business, to protect against typosquatting on its own DOLCER trademark." In other words, the respondent allegedly registered a variation of its own trademark as a domain to prevent a typosquatter from doing the same thing. The panel found this explanation acceptable.

(Interestingly, the panel reached this decision based on email correspondence submitted by the complainant, given that the registrant of the domain name did not submit a response. As I've written before, many trademark owners have lost UDRP cases even in the absence of a response, since there is no "default judgment" available under the UDRP. See: "The Most Embarrassing Way to Lose a UDRP Complaint.")

The idocler.com case is not the first UDRP case to address the issue of a defensive domain name registration. In a 2011 decision cited in the idocler.com decision, a panel described a defensive registration this way:

The Panel finds that the Respondent registered the Domain Name in 1999 as part of a policy of protecting itself against cybersquatters by the defensive registration of a large number of domain names similar to its own which might be used (if registered by others) to divert its customers or otherwise to damage its business.

In that case, the respondent was allowed to keep the domain name shoeby.com even though the complainant owned trademarks that contained the word "SHOEBY" -- because the respondent owned trademark registrations for SHOEBUY.

The doctrine of defensive registration in both of these cases seems to have limited applicability and would not protect a domain name registrant in just any situation. In these two decisions, the doctrine seems to have been applied only because the following factors also were present:

• The respondent's trademark rights arose long before the domain name dispute.
• The respondent has not used its domain name to target the complainant.
• The record does not indicate that the respondent was aware of the complainant's trademark.

As a result, although a defensive registration may on occasion be applicable, the limited number of UDRP cases that have addressed the issue and the restrictions on the doctrine show that a true cybersquatter could not successfully assert that it registered a domain name to defend its own rights.

Another domain name dispute decision -- this one for <24hour.fitness> -- has highlighted the increasing (potential) relevance of the top-level domain (TLD) under the Uniform Domain Name Dispute Resolution Policy (UDRP). As I have written before (see "When is the Top-Level Domain (TLD) Relevant in a Domain Name Dispute?"), the proliferation of new TLDs is having an impact on whether and how UDRP panels consider the TLD in their decisions. The traditional rule that the TLD is usually disregarded in assessing whether a disputed domain name is identical or confusingly similar to a complainant's trademark is clearly not always the case -- especially now that more disputes involving TLDs other than <.com>.

The <24hour.fitness> decision is an excellent example.

In that case, the complainant was 24 Hour Fitness USA, Inc. ("24 Hour Fitness USA"), which owns at least one U.S. trademark registration for 24 HOUR FITNESS. The complainant argued that the domain name was identical to its trademark, because the domain name "features the entire mark, merely omitting the spaces and using the FITNESS portion of the mark as a generic top-level domain ('gTLD'), which in this case increases the likelihood of confusion." The UDRP panel agreed.

Had the panel disregarded the <.fitness> TLD, it would have been forced to compare only the second-level domain (that is, "24hour") with the complainant's trademark (that is, 24 HOUR FITNESS). It's possible that the panel would have found the two not to be confusingly similar because the absence of the word "fitness" from the second-level domain could have been considered significant.

However, the UDRP panel made clear that, in this case, the TLD was important. Citing similar decisions, the panel in the <24hour.fitness> decision said:

Complainant... contends that Respondent’s <24hour.fitness> domain name is identical to its 24 HOUR FITNESS mark. Complainant argues that Respondent’s domain name merely omits the spaces and uses the FITNESS portion of Complainant’s mark as a descriptive gTLD. Panels have agreed that using a gTLD that is descriptive of a complainant’s business can lead to a finding of identicality and increase confusing similarity.... As such, the Panel finds that <24hour.fitness> is identical to the 24 HOUR FITNESS mark under Policy ¶ 4(a)(i).

Interestingly, this decision (and others in which the TLD has played a role) does not address the question of whether a TLD might ever be taken into account as a factor against a finding of confusing similarity -- such as in hypothetical disputes that might be brought by 24 Hour Fitness USA against any of the following domain names (each of which contains an actual new gTLD): <24hour.bargains>, <24hour.broker>, <24hour.clinic>, <24hour.loan>, <24hour.nyc>, <24hour.photos>, <24hour.salon> or <24hour.support>.

In any event, as the <24hour.fitness> decision makes clear, the TLD itself can be an important factor in finding confusing similarity under the UDRP -- an issue that is likely to arise with increasing frequency.