NameSilo

Using Catch-All Email - Beware

Namecheap AuctionsNamecheap Auctions
Namecheap AuctionsNamecheap Auctions
SpaceshipSpaceship
Watch

jberryhill

Top Member
:heavy_check_mark: John Berryhill, Ph.d., Esq.
Impact
18,884
There is a significant contingent of domainers who use variations on the theme of "catch-all" email inboxes to find sales leads. I believe there may be one or two businesses premised on providing free or low-cost email services for that specific purpose, which have been discussed here in the past.

There are a couple of risks to doing that. What I have generally advised is that it is hard to hold a domain registrant liable for what they don't know and don't have. If, unknown to the registrant, there is some other similar domain name which is being used by another party for communications, then the registrant will not be accumulating mis-directed email containing potentially sensitive information if the name is not configured to receive email. If, on the other hand, the registrant receives mis-directed sensitive communications containing, say, financial information, health data, or trade secrets, then there are legitimate concerns about why the registrant is accumulating those communications and what the registrant is doing with the information.

In the worst case scenario, the collection of mis-directed email is intentional, as in:

https://www.adrforum.com/DomainDecisions/125751.htm

"As to Respondent’s purpose in doing so, shortly after having registered the <wfubmc.com> domain, actual confusion occurred and Respondent complied with Complainant’s request to forward misdirected email to Complainant. When Respondent was asked in May 2002 what his proposal would be for Complainant to acquire the <wfubmc/com/net/org> domains, he said he could provide forwarding services for $20/year/user, or for a flat fee of $5,000 annually per domain. He then stated: ā€œIn light of the opportunity costs, lost productivity, security risks and privacy risks that are continuously being incurred by the Institution with the status quo, I believe this to be a bargain. Of course an offer for complete acquisition would be consideredā€."

Where a domain is parked or otherwise lightly used for HTTP queries, the existence of an MX DNS record (as opposed to simply having no MX record) might indicate simply that the registrant uses the domain name primarily for email and does not particularly care about a web presence as, for example, is the case for johnberryhill.com. There are numerous UDRP cases in which a respondent's use of a domain name primarily for email has been found legitimate. e.g. <https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2020-1577>

But where the domain name is similar to a distinctive mark, and there is no substantial use of the domain name for a website, then the existence of an MX record may suggest that the respondent may be collecting mis-directed email addresses or even sending confusing email addresses:

https://www.adrforum.com/domaindecisions/1888544.htm

"First, Complainant contends that the <o‑iglass.com> domain name has been registered and used in bad faith because the original Respondent was probably preparing to use the disputed domain name in furtherance of an email phishing scheme and for other improper purposes. [...] Complainant argues that an ā€œ@o‑iglass.comā€ email address associated with the disputed domain name is potentially being used to impersonate Complainant and to send phishing e-mails to Internet users, presumably designed to solicit information under false pretenses."

That same point appears to have been made sua sponte in:

https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2020-2754

"Furthermore, the MX records associated with the disputed domain name are openly available for view by the public and by the Panel. The Panel considers configuration of an email server on the disputed domain name as additional evidence corroborating Complainant’s assertions. More specifically, the disputed domain name contains in its entirety Complainant’s DEWBERRY trademark, and the record is devoid of any evidence to suggest that Respondent has any legitimate interest in sending emails from the disputed domain name. Respondent’s proactive configuration of an email server supports Complainant’s assertion that the disputed domain name creates a risk that Respondent would be engaged in a phishing scheme by using an email address impliedly associated with Complainant."

It is also true that some entities in the parking business cooperate with anti-spam organizations to provide anti-spammers with a feed of inbound email to parked domains, to assist in training automated spam identification and blocking systems.

However, the tendency of paranoid reasoning to track "I don't know what is going on, so it is probably something bad", and its application in UDRP jurisprudence as "here's a new hammer to beat anything that looks like a nail" mitigates against setting up passive email service for domains which are not going to be used for email purposes. I believe the open-ended "why is there an MX record for this domain" observation is an up and comer tool for finding bad faith use.
 
Last edited:
35
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
AfternicAfternic
But an unverified statement from an unidentified person on a website saying "Oh, we receive all the email, but we don't do anything with it" is kind of marginal.
In response to this thread, the unidentified person, as you would like to refer to them, has today removed all default MX records in their authoritative DNS for customer domains on their marketplace. I've verified this, and indeed, default MX records are no longer present. Thanks for starting this thread and further input @jberryhill.

https://www.namepros.com/threads/domaineasy-com-official-thread.1336838/page-18#post-9278736
 
3
•••
Atom has a catch-all option to use to find leads for domain sales.

I skipped over that sentence, but I want to pause and meditate on that for a moment.

In trademark disputes generally, an important concept is the likelihood of "consumer confusion" - i.e. is the alleged infringing mark likely to cause people to believe it is the genuine thing. A lot of times, the argument around likelihood of confusion is hypothetical. But, in situations where there is affirmative evidence of people looking for the mark owner and being misled - i.e. evidence of actual consumer confusion - that certainly nails down the answer to the question and leaves no doubt.

I've seen this sort of idea before - using misdirected emails to find sales leads and this is one of those things that, sure, makes some kind of practical sense, but through the eyes of a trademark attorney is simply mindblowing.

It's like you run a private school bus company and one of the ways you find customers is you set up a gingerbread house near the school, attract children to your house, and then tell the parents that you have their child and maybe they should think about hiring you to drive them to school instead. More likely than not, the parents are going to be upset that you are doing it in the first place. Now, sure, you didn't force them to your door, but I guarantee you nobody is going to care.

So, no, I don't think that collecting evidence of consumer confusion and then handing it over to the other side by saying "Hey, here's some evidence to use against me" is a good strategy.


You had asked about what happens with these cases in the absence of threats or extortion, but it is implicit in using misdirected emails as sources of "sales leads" because the inescapable message - no matter how you phrase it - is "buy this name or I'll be getting your customer communications" or misdirected internal messages etc..

Screenshot 2024-10-30 at 8.50.36 AM.png
 
Last edited:
2
•••
I skipped over that sentence, but I want to pause and meditate on that for a moment.
The default is that no such MX records are present for Atom customer domains. Sellers will have to add/enable these themselves from the Atom dashboard. It's an account-wide setting that will apply DNS records to all domains that are using Atom nameservers within the account.

Whether this is a smart move or not is debatable, but domain blogs have been actively promoting setting MX records at Atom, and receiving email on parked domains this way. So I guess more meditation is needed...

"How to set up catch-all email forwarding at Squadhelp"

"One of the cool things this enables is to set up catch-all email addresses for your domain names."

https://domainnamewire.com/2024/03/08/how-to-set-up-catch-all-email-forwarding-at-squadhelp/

Here's the tweet from Atom about the new feature, basically saying the same:

 
Last edited:
0
•••
but domain blogs have been actively promoting setting MX records

Yeah, so?

You might notice the first comment on that DNW article.

I mean, yah, sure, there are platforms that also promote automated PPC parking and serve up trademark-relevant ad links too. They don't care. They get a part of the revenue and a commission on sales, and if you get into legal trouble it's not their problem.

So, sure, I'd be interested to see the flipside of this - how many people have made sales as a result of misdirected emails, instead of simply pissing people off that you are getting them in the first place. But there is no downside for Atom if you choose to increase your risk profile this way, so why SHOULDN'T they promote it. They aren't in business to be your friend or help you out. They are in business to make money from your domain names.
 
Last edited:
5
•••
They aren't in business to be your friend or help you out. They are in business to make money from your domain names.
Hi

Thanks for the thread.
it's very informative and hope others understand the risks.

imo...
 
2
•••
Dynadot — .com TransferDynadot — .com Transfer
CatchedCatched
Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back