discuss What to do with a UDRP fixer-upper that is held via privacy proxy?

[Rob Monster]

As many of you know, and as discussed here, Epik provides a WHOS privacy service through an affiliated but separate legal entity. WHOIS privacy has been around for a long time, but the climate is changing rapidly in 2019, particularly in case of a dispute. For one thing, the trajectory that the industry is on is that if you intend to defend your domain in UDRP, you should be prepared to de-cloak.

Although I have no interest in protecting criminals, I am not really a fan of this change in policy. The writing was on the wall with the RDAP rollout. I thought it was going to be law enforcement with an eye towards chasing criminals by piercing the privacy veil. However, here we have an indication that the privacy veil should also be pierced in the case of mere presumption and in a civil case too!

Now, here is an actual case from this month:

A UDRP has been filed again IBM20.com. It is a LLLNN.com domain that someone picked up recently in a large (10,000+) bulk buy of available LLLNN.com. Now IBM wants it asap for whatever reason. WIPO is also determined that the end contact should be disclosed. As you can see below, our compliance team's previous response identifying the privacy proxy as the legal owner appears to be insufficient.

In other words, whether or not someone wants to defend, WIPO wants your digits.

As WIPO's tactics clearly appear to have changed, now requiring, the disclosure of the end-registrant already at the start of the process, I am wondering if we need a clearing house where UDRP-entangled domains can be either sold or contracted, in very short order (e.g. 48 hours), to an entity that does not object to having their identity disclosed as the respondent for a particular UDRP proceeding.

The reason this matters is that there have been many cases where a domain prevails in UDRP in favor of the registrant, likely because they had capable counsel and paid the additional cost of a 3-person panel. In some cases, the complainant absolutely needs that domain and UDRP was simply viewed as a way to force the registrant to the bargaining table on favorable terms. ICYMI, those can be high value sales.

In order for WHOIS privacy-protected domains to not be tagged as easy targets for UDRP, I am wondering if there needs to be some kind of private sector counter-measure to offset the perception that UDRP can be used to compel a default judgement in favor of complainants due to procedural shortfall, or due to no-contest response at the start of the UDRP procedure.

Input welcome on this apparent change in WHOIS policy, and what do about it.

 

[oldtimer]

I see what you're getting at, Rob. Instead of implementing this at hindsight, why not shift focus to foresight? (or implement the following post-dispute)

Could this be a "Comprehensive" package for your new insurance offering? Dispute Insurance?

At enrollment, the owner would give your company Power of Attorney to handle all proceedings against their domains. Charge $X per month with/or a sliding scale premium upon dispute.

Would this work? Would a dispute be satisfied with the attorney-in-fact's contact info?

This is inline with what I suggested couple of post earlier, but I meant a program to be implemented at a bigger level that everyone in the Domain Industry can participate in and support. If some kind of assistance is provided to those who are victims of obvious complainant overreach that might discourage some of the companies that want to unfairly use the UDRP in their own advantage.

IMO

 

[Rob Monster]

lol .. In all fairness .. TMs/UDRPs and Digital Privacy Rights are both very complex and nuanced things .. combine them and there are very few analogies that can do justice to illustrating the realities of the situation in play.

I think the problem is that the panel was still demanding the underlying registrants information. I don't think it was necessarily obvious that that demand can deliberately be ignored/refused without consequences.

Maybe the only problem here is that Rob actually should have simply replied "no". But again .. given the settings and circumstances, and specifically the way the demand for information was done, you'd think that a simple "no" was not a possibility, even if it sounds super simple.

In this case:

- They asked and we responded.

- They asked again.

- They know we are registrant-friendly on WHOIS privacy.

It might not be an inquisition but the pattern of this case, and another case is just a tad alarming.

As a guy who is pushing hard to bring emerging market domain investors online with capital efficient portfolios, I am being extra vigilant to this use-case.

Others can focus on renewal fees but I am looking at case of IBM20.com where someone bought a .COM at Epik for $5.99 a month ago as a hand-reg and does not want to pay $X,XXX in UDRP defense.

 

[Randolph]

This is inline with what I suggested couple of post earlier, but I meant a program to be implemented at a bigger level that everyone in the Domain Industry can participate in and support. If some kind of assistance is provided to those who are victims of obvious complainant overreach that might discourage some of the companies that want to unfairly use the UDRP in their own advantage.

IMO

I meant to suggest that education in this matter should be at the forefront, which aligns with the advice program you were getting at.

At registrar level, Epik could push DNP during registration flow with a scan of domains against a TM/business API to look for risky names — up-selling the insurance program on the fly. While also teaching best practices, avoidance, preparation, etc with a free mini master class of some sort to help prevent and prepare domainers.

To offer this protection/service to the industry, the DNP scan could be turned into an API for other registrars to implement, up-sell, and earn a commission. One of the benefits of separating the service from the registrar (Epik).

For those that get tangled in UDRPs and the like, it's a "48 hours" scenario. Create a deep dive masterclass and offer consults to up-sell the proxy service. Assess the domain(s), if a worthy case, transfer power and fight for the client.

 

[oldtimer]

I meant to suggest that education in this matter should be at the forefront, which aligns with the advice program you were getting at.

At registrar level, Epik could push DNP during registration flow with a scan of domains against a TM/business API to look for risky names — up-selling the insurance program on the fly. While also teaching best practices, avoidance, preparation, etc with a free mini master class of some sort to help prevent and prepare domainers.

To offer this protection/service to the industry, the DNP scan could be turned into an API for other registrars to implement, up-sell, and earn a commission. One of the benefits of separating the service from the registrar (Epik).

For those that get tangled in UDRPs and the like, it's a "48 hours" scenario. Create a deep dive masterclass and offer consults to up-sell the proxy service. Assess the domain(s), if a worthy case, transfer power and fight for the client.

That sounds good, but you have to make sure that everyone in the domain Industry is onboard with such a program so that it can be implemented across the board (kind of like the MLS program).

In my opinion first it has to be determined whom you want to provide help to, perhaps there has to be two different programs, one for cases that the complainant might be in the right which the domainer has to pay for defending the domain or buy some kind of insurance and then there are the cases in which the complainant is clearly over reaching which will be in the interest of the domain Industry at large to provide free legal defence to the domainer who is being victimized.

IMO

 

[Randolph]

That sounds good, but you have to make sure that everyone in the domain Industry is onboard with such a program so that it can be implemented across the board (kind of like the MLS program).

In my opinion first it has to be determined whom you want to provide help to, perhaps there has to be two different programs, one for cases that the complainant might be in the right which the domainer has to pay for defending the domain or buy some kind of insurance and then there are the cases in which the complainant is clearly over reaching which will be in the interest of the domain Industry at large to provide free legal defence to the domainer who is being victimized.

IMO

Agree with all of this.

As far as onboarding, open sourcing certain aspects goes a long way with adoption, transparency, and trust.

Combating victimization was what Rob was getting at with the following quote. Hopefully knowing someone is represented/insured by DNP/other will prevent a large percentage of strong arm tactics.

So instead of [email protected], the insured domain is [email protected]. That signals to would be complainants that there is a checkbook behind that WHOIS.

 

[trelgor]

How about $ 0.18 to Icann (Administration fee) and $ 0.18 to ICA (Registrant rights protection fee)?

I agree that it is not crazy to have concerns about balance and fair use of a system that with one hand handle parties with immense financial power and with the other hand handle parties that, most likely, do not.

 

[Rattyfish]

How about Epik offers a $0.14 UDRP insurance policy with renewals? Show you were not acting in bad faith and @Rob Monster unleashes a rabid intern army.

 

[MapleDots]

https://www.icann.org/resources/pages/udrp-rules-2015-03-11-en

4. Notification of Complaint

(a) The Provider shall submit a verification request to the Registrar. The verification request will include a request to Lock the domain name.

(b) Within two (2) business days of receiving the Provider's verification request, the Registrar shall provide the information requested in the verification request and confirm that a Lock of the domain name has been applied. The Registrar shall not notify the Respondent of the proceeding until the Lock status has been applied. The Lock shall remain in place through the remaining Pendency of the UDRP proceeding. Any updates to the Respondent's data, such as through the result of a request by a privacy or proxy provider to reveal the underlying customer data, must be made before the two (2) business day period concludes or before the Registrar verifies the information requested and confirms the Lock to the UDRP Provider, whichever occurs first. Any modification(s) of the Respondent's data following the two (2) business day period may be addressed by the Panel in its decision.

----------------

The UDRP Rules, incorporating the output of the Working Group on Locking of a Domain Name Subject to a UDRP (https://www.icann.org/resources/pages/udrp-locking-2012-07-25-en) have been that way for more than four years.

Funny, that was the first thing I thought of when I read the topic

 

[MapleDots]

I had a UDRP that I lost right early in my domaining career and I hated that my name was all over the internet. The saving grace was that it was not my personal name but the registered company name that was disclosed.

I ended up losing the UDRP because I had absolutely no idea what to do and the company name was everywhere in the news. Again, fortunately the company was just a name I had made up and placed it in the company field of the registration but it saved my bacon and kept my personal name out of it.

Today I have a real company of course and the very first thing I do when I get a domain is to assure that I have my company name on the domain. I don't care, that can be all over the internet but my private name should not.

So my advice to all domainers is to put something in the company part of the registration even if you just use one of your domain name or something and that may help keep your personal name on the sidelines.

 

[oldtimer]

So my advice to all domainers is to put something in the company part of the registration even if you just use one of your domain name or something and that may help keep your personal name on the sidelines.

It has to be a real company that you own or are authorized agent of, because what you put in the company name area of the registration in effect becomes the entity that is in charge of the domain and not you.

IMO

 

[MapleDots]

It has to be a real company that you own or are authorized agent of, because what you put in the company name area in effect becomes the entity that is in charge of the domain and not you.

IMO

I understand that, but at the time I did not have a company. I had my real name in all 3 all three sections but I had one of my domain names in the company field name above my private name.

The UDRP disclosed only the company name and not my personal name.
Even thought the company did not exist the company part of the whois still had my personal information in it.

When the UDRP decision was published it did not state my personal name and nobody even mentioned that the company domanname.com was just one of my other domains.

This all happened a long time ago, in my early domaining days when technically I did not even consider myself a domainer yet. Things probably changed by now but I am happy because it kept my personal name out of the domaining headlines.

 

[oldtimer]

I understand that, but at the time I did not have a company. I had my real name in all 3 all three sections but I had one of my domain names in the company field name above my private name.

The UDRP disclosed only the company name and not my personal name.
Even thought the company did not exist the company part of the whois still had my personal information in it.

When the UDRP decision was published it did not state my personal name and nobody even mentioned that the company domanname.com was just one of my other domains.

This all happened a long time ago, in my early domaining days when technically I did not even consider myself a domainer yet. Things probably changed by now but I am happy because it kept my personal name out of the domaining headlines.

Looks like you got lucky back then, but I am not sure if you can do the same thing today from what my understanding of the rules are although I might be wrong. Perhaps @jberryhill or @Rob Monster can tell us for sure.

IMO

 

[Rob Monster]

How about Epik offers a $0.14 UDRP insurance policy with renewals? Show you were not acting in bad faith and @Rob Monster unleashes a rabid intern army.

A cross-sell of DNProtect.com from Epik.com at checkout is a pretty good idea, i.e. "Protect your domain with DNProtect" with some real-time amount based on DNP Score.

Will discuss wthat with @bhartzer, @Pat8 and @Ala Dadan how that fits into the user journey, but fundamentally the idea that there would be an open API for DNP risk-scoring is correct.

As for unleashing an intern army, I guess you are referring to this. There are a lot of worthwhile projects and also an abundance of talent, young, old, and everything in between.

 

[bulkdomainz]

$0.14 charge for UDRP Insurance is a tad low, me thinks.

 

[Mister Funsky]

Input welcome on this apparent change in WHOIS policy, and what do about it.

I've been way busy and traveling a lot in the last week or so...I have not read the responses in the thread...the only thing I spotted was a post suggesting an added fee to registration.

I'm not sure it this would be the answer to the problem described, but how about an option to add .25 to a name when we register or renew that would go into a pool for initial defense in the event an action is taken against a domain name. Maybe not even make it optional...it would be very comforting as a domain investor to know that my registrar 'has my back' by having an attorney on staff to, at a very minimum, answer in the proper legal way any challenges...it would at least weed out the 'tire kickers' trying to scare someone into giving up a name. Perhaps a 'commission' of domain investors with domains at Epik could offer their opinion as to whether more time and money should be used to defend a name...clear violations of trademark, etc. would not be defended beyond a certain point as part of the plan...but the investor would be given the option to pay a reduced amount to have further defense mounted.

 

[Rob Monster]

I've been way busy and traveling a lot in the last week or so...I have not read the responses in the thread...the only thing I spotted was a post suggesting an added fee to registration.

I'm not sure it this would be the answer to the problem described, but how about an option to add .25 to a name when we register or renew that would go into a pool for initial defense in the event an action is taken against a domain name. Maybe not even make it optional...it would be very comforting as a domain investor to know that my registrar 'has my back' by having an attorney on staff to, at a very minimum, answer in the proper legal way any challenges...it would at least weed out the 'tire kickers' trying to scare someone into giving up a name. Perhaps a 'commission' of domain investors with domains at Epik could offer their opinion as to whether more time and money should be used to defend a name...clear violations of trademark, etc. would not be defended beyond a certain point as part of the plan...but the investor would be given the option to pay a reduced amount to have further defense mounted.

Welcome back.

I think most people would just view that as a tax or a stealth price increase like adding an ICANN fee or adding payment processing fee at checkout. In most of Europe, if you see a price in the window, that is the price. It is predictable and transparent. I prefer to have a transparent all-inclusive price.

As for DNProtect.com and a prospective DNAdvocate.com (working name), two things:

1. It needs to be a separate brand in order to be registrar-agnostic. This way any registrar can integrate it as an upsell whether at checkout or when notifying a registrant that they are served with a UDRP, a C&D or whatever legal notice in whatever language.

2. It should be priced based on the domain name. For example, if you choose to register a blatantly hateful name that conveys an abominable or psychotic thought or intention, that domain might not even be insurable at all. Whereas, the domain name Love4Puppies.org seems pretty benign and safe.

 

[Mister Funsky]

Welcome back.

I think most people would just view that as a tax or a stealth price increase like adding an ICANN fee or adding payment processing fee at checkout. In most of Europe, if you see a price in the window, that is the price. It is predictable and transparent. I prefer to have a transparent all-inclusive price.

As for DNProtect.com and a prospective DNAdvocate.com (working name), two things:

1. It needs to be a separate brand in order to be registrar-agnostic. This way any registrar can integrate it as an upsell whether at checkout or when notifying a registrant that they are served with a UDRP, a C&D or whatever legal notice in whatever language.

2. It should be priced based on the domain name. For example, if you choose to register a blatantly hateful name that conveys an abominable or psychotic thought or intention, that domain might not even be insurable at all. Whereas, the domain name Love4Puppies.org seems pretty benign and safe.

Thank you.

Agreed...just add the cost into the reg fee (assuming it would not be too much considering what price hikes may be coming on the coms) rather than make it a line item but use it a promotional/added value for new registrants...further setting Epik apart from the rest of the pack. Not sure of how many regs and renewals happen at Epik on a yearly basis, but the math would be easy to do on your end to see if it would warrant a dedicated staff attorney and assistant(s).

An algorithm could be written to 'sense' a potential TM infraction but it might be a daunting task...you could offer an appeal process if someone felt their name is wrongfully 'penalized' but that would tie up alot of man/woman hours (this could be a good place to use global worker assistance). Maybe limit each Epik user to one appeal per 50/100 regs/renewals a year.

 

[Bob Hawkes]

You have a huge number of great ideas Rob, but in my opinion this is not one of them. I voted no, just no. Please use your boundless energy on other initiatives.
Bob

 

[Rob Monster]

You have a huge number of great ideas Rob, but in my opinion this is not one of them. I voted no, just no. Please use your boundless energy on other initiatives.
Bob

Thanks Bob.

I did register the domain DNAdvocate.com and am having some exploratory discussions about how to help people more effectively deal with C&D notices and UDRP cases where they don't have the ready means to hire an attorney to defend their interests.

From a development perspective, the upcoming launch of WHOQ.com can go a long way towards helping people get a hold of the domain owners to log a dispute before they hire a lawyer. Once lawyers are involved, the ship has substantially sailed,.

I believe our challenge as an industry is to try to help persons interested in a domain name to be able to easily find and engage with domain owners. RDAP, GDPR and bad MLS implementations have made this harder than it needs to be.

Anyway, there is a pain point here. The search for the answer continues.

 

[Rob Monster]

Good one from @DomainNameWire:

https://domainnamewire.com/2019/11/27/cbd-company-pays-160000-for-greenroads-com-after-losing-udrp/

This is why some UDRPs need a sponsor.

This is exactly why @Ategy and I agreed to put together a service called DNAdvocate.com to help folks who are being harassed by some overreaching legal tactic to hand over a domain.

Imagine if some bootstrapping domain investor got a C&D or UDRP notice. Would they have the means to defend their rights to own a generic term? I doubt it.

Working with @Ala Dadan to get that site live and to integrate ombudsman services more intuitively into the unified RDAP and GDPR-compliant WHOIS lookup service called WHOQ.com coming online soon.

The goal is for less disputes to get to UDRP where you are no longer assured a fair hearing unless you have ample funds to defend against complainant's counsel.

Domain ownership should not be just a rich man's game. It is for everyone.