October 12, 2005
Cybersquatting Slime Bags: Amazon Fights Back and My Tips To Prevent
An entire industry of Cybersquatters exists today. These slime bags are too lazy to build their own sites, are legally, morally, and ethically challenged. Rather, they choose to leach off registered Trademarks with their pervasive "typo" domains and often use redirects to their own low life sites. Many of these sites also use Affiliate Programs to earn money so these myopic Networks who are only interested in a quick buck effectively become "enablers" with these cyber thieves. In this installment I present a real world case and tips to prevent this action.
Amazon defeats them. A case study.
Every day, millions of unique visitors are generated by surfers who misstype a domain name in their browser and land up on a Cybersquatters site. The recent Amazon story for your reading pleasure:
Cybersquatters, typo-squatters, and parties who have tacked keywords onto trademark-protected domain names were hit hard this week in two separate rulings by the National Arbitration Forum.
Amazon.com took action against two individuals who had registered domain names it claimed violated its registered trademark. Arbitration was carried out under ICANN's Uniform Domain Name Dispute Resolution Policy.
One of the individuals, Michele Dinoila of SZK.com, maintained 12 domains that the online retailer claimed bore a "confusing similarity" to Amazon.com. The dozen domains included keyword meshing URLs such as "amazonappliances.com," typos like "wwwamazon.com," and a foreign translation of "amazzone.com." The sites in question contained links to Amazon's competitors, including BarnesandNoble.com and Booksamillion.com.
Dinoila, based in Italy, is named in more than 20 other decisions and has been called a "recidivist cybersquatter" by Amazon.com.
Amazon won. The slime bags lost. Source: http://www.clickz.com/news/article.php/3554411
Tips for Site Owners
1) Contrary to popular opinion, the very first thing you should do is register every possible "typo" and keyword leaching domain name. Start with your real domain name and register .com, .net, .org and then continue down the list with typos and keyword leaching. Set up these additional domains to redirect to your primary/real domain. Don't forget the loosers who will register the "-" (hyphen) incarnation of your fooproduct.com domain name like this: foo-product.com. If you find one already registered and you don't hold a Trademark on it, watch the expire date and try and register it as soon as it expires. At one time, I had over 15 domain names registered to prevent the leaches from using them. This even included a branded service on my site which I may wish to spin off into it's own site.
2) Register your domain name as a Trademark via the United States Trademark Electronic Search System (Tess) site. Consult with your attorney if you are not comfortable doing this yourself.
3) BEFORE you register a domain name, do some research via the United States Trademark Electronic Search System (Tess) site. Use the search feature to determine if the "mark" is already registered. Don't leach via registering a domain name like "keywordamazon.com" and or anything even remotely related to the registered mark. Many mark holders actively spider the net for infractions and for the most part they are prepared to play very serious hard ball as the above Amazon case illustrates. If you find a "gray area" in your search before registration, send a very polite and civil email and fax to the mark holder and ask them for permission to register the domain. Wait for an answer before you register. Save your correspondence. For example, Microsoft owns the mark for "Windows" but is perfectly happy to see other domain names registered which use this mark in the name like "windowstips" or "windowsbbs". You should still contact them to cover your bases.
4) Honest mistakes can happen to a Webmaster. If you receive a legal notice that your domain name infringes on an existing mark which was registered before your domain name, surrender it at once. Use the examples above in the Amazon case to guide you. Don't play games, don't listen to 13 year old kids on Forums, just play nice and surrender it for the cost of the registration and ONLY this amount.
5) I certainly don't feel your pain. All to common is the following plea: "but dude, I have spent the last 2 years building up my site. It makes a ton of money. I'm only 18 years of age and never knew anything about marks. This is really going to hurt me dude." Sorry Charlie, I have absolutely no sympathy for you. Ignorance of the law is not an excuse. Surrender your leaching domain at once or expect to find yourself in serious legal trouble. Learn from your mistake and don't do it again. Tell others about your mistake and encourage them to play nice and respect laws.
Tips for Affiliate Networks
Your not fooling anyone with your active participation in this deplorable leaching mess. Many of you permit the leachers and slime bags to join your network and earn money from sites which clearly infringe on marks and or cause confusion in the marketplace. STOP this practice at once! Just how much time does it take to search for a mark? Have you been living under a rock? When you see an affiliates domain name like "mickeymouse(insert whatever you wish) .com just reject it. Refuse to do business with these Cybersquatting leaches and the incidence of this abuse would immediately drop to a near zero level. Use your TOS and email to educate your affiliates about this issue and tell them you won't tolerate or accept their leach sites. If you find one, they forfit all income earned.
Additional Resources:
WIPO Arbitration and Mediation Center
Returns ownership of domains to the rightful owner which have been stolen or registered with the intent to "leach" via a typo or Trademark violation. Much faster than legal action.
The National Arbitration Forum
High litigation costs and the time-consuming nature of lawsuits can be a deterrent to anyone needing to solve a legal problem. That's why from large complex cases to smaller commercial and individual claims, parties trust the resolution experts at the National Arbitration Forum.
Posted by Steve_S
December 14, 2004
I just stole your domain name. It was easy!
Every month thousands of domain names are stolen. Often, these are developed sites which represent years of work. The criminals who do this can often be hired by anyone and returning the domain name to the real owner can takes weeks. Learn how these criminals work and what you can do to prevent this.
A flawed architecture
Domain name data is held in a huge database which is called Whois. Any criminal can view these records since they are essentially "public record". For example, click here to see the Whois records for Yahoo.com. A given domain name is registered/leased via an approved Registrar. Their are currently dozens of Accredited Registrars, all of whom are regulated by ICANN (Internet Corporation For Assigned Names and Numbers. All of this means that if you want a domain name which is not already taken, you start with an Accredited Registrar like godaddy.com or 000domains.com, create your account, and pay your annual fee.
Their are several major flaws in the ICANN rules which an Accredited Registrar must follow:
1. Only a single email address may be used for the Admin. If you loose control of this email address or a criminal gains control of it, your domain will be stolen.
2. None of the Whois data is verified by the Registrar. This permits fraudsters to hide behind false data.
3. If a domain name is not already registered, any one can registrar it, even if the domain name clearly encroaches on the Intellectual Property rights of others. For example, you could registrar a typo like gooogle.com (note the 3 0s)
4. Their is no provision to require a FAX and a signature to registrar and or change the Whois records for a given domain name.
5. Legal action against the criminals who steal domain names rarely occurs.
All of these shortcomings provide fertile ground for criminals.
Every day, criminals are looking at millions of Whois records for likely targets. They use automated tools to scan millions of records. In some cases, Whois records are sold on the "black market" to other criminals. What are they looking for? In some cases, they are looking for expired domain names which they can legally registrar. This hunt for expired domain names is perfectly legal. In other cases, they are looking for properly registered domain names which have not expired but use a free email providers like hotmail.com or gmail.com for the email address of record. The majority of theft occurs with these free email addresses. Next, they point their "hacker/crack" tools at your free email account and retrieve your user name and password. In other cases, they use these tools on the registrars site to break into your account. These criminals have a list of Registrars which are easier to break into and thus they target them.
After they break into your account, they change the DNS/Name Server records for your domain to their own hosting account along with the other Whois data. In a few hours your domain disappears and the criminal owns it on a new server. Sometimes they even transfer the stolen domain name to a new registrar to cover their tracks. You wake up, navigate to your site and see a different site. Then you check the Whois database and see what has happened.
What you must do to prevent theft
1. DO NOT use a free email provider for your email address of record for your domain name. Even if a Company like Yahoo offers a paid version, DO NOT use it. Companies which provide free email are not reliable, have slow support, thousands of times a day criminals are trying to break in with new tools, and many of these Companies can and have gone out of business.
2. ONLY use a POP email account hooked up to your domain for your Whois email address of record. Prepay this domain names registration for at least 5 years. Use a long alpha/numeric password for this email account. This password should be changed at least every 6 months and should never contain real words. An example: xVVs492nM177qrt27 We also suggest that you set up forwarding for this email address to at least 2 other email addresses to insure you don't miss a renewal notice. Insure that all your email addresses have adequate storage limits enabled. We suggest at least 100 megs and pick up your email on a regular basis.
3. When you create your account with your Registrar please follow the same rules for a password and email address from Item 2. Also, choose a hard to hack user name with your Registrar which is also Alpha/Numeric.
4. Lock all your domains with your Registrar. Prepay your domain name registration fee for at least 5 years.
5. Record this data on paper and leave this document in a secure place in case you die so that others can follow the trail.
6. Insure that your user name and password is NOT used anywhere else. For example, if you are using the same data for your PayPal account and your domain names Registrar, all I need to do is break into one account which then permits me to use the same data on your other accounts.
7. NEVER divulge your user name and or password in an email or by clicking a link in an email which appears to come from your Registrar. Type the domain name into your browser.
8. In some cases, you may wish to pay an extra fee for a private domain name record. This means that your data will not appear in the Whois database. Only the name and data of your Registrar will appear. This solution is not for everyone. If you sell a product or service, a "proxy/private" Whois record is always a red flag, indicating that the real owner is hiding and thus this may impact your sales. Also, a number of Affiliate Networks will either reject you or require extensive documentation to support your actual address and other data.
9. Insure that all your Whois data is 100% accurate and keep it current. A "fraudulent" Whois record is unlikely to fool most people and actually violates ICANN rules.
They stole my domain name. What do I do?
If you think the criminals hacked into your Registrars account, you need to contact your Registrar immediately and provide all the facts and work with them. We suggest you send them an email, FAX, and call them. All 3 just to make sure. Most Registrars are well equipped to handle these kinds of cases BUT it will take time and they will need proof. Click here to see the guidelines.
If you think that the criminals hacked into your email account of record in the Whois database and used this account to change your Whois data via your Registrar, you are going to indure more pain. It could take days or weeks for your free email provider to respond. We suggest you contact both your Registrar and your email provider.
ONLY your Registrar can return the stolen domain to you. Your current host and or the new host of the stolen domain name can not and will not return ownership of the domain name to you. We strongly suggest that you NOT contact the new host of the stolen domain. Their is nothing to gain and you run the risk that they are involved in the crime. Expect to wait at least 2 weeks or longer for the return of your domain. We also suggest that in this case you change ALL your other passwords and user names with other sites and or services.
Additional resources
Intellectual Property disputes for domain names (NOT stolen domain names) are resolved via WIPO (World Intellectual Property Organization). For example, view this case in a new window in which Google.com prevailed and the domain Registration for the four domain names was returned to Google. These procedures normally take about 4 months.
Posted by Steve_S