When two parties want the same domain name — identifiable through the WHOIS/RDAP system — someone has to decide who gets it. That “someone” might be an arbitration panel, a federal judge, or an international dispute resolution body. The legal frameworks governing domain disputes are some of the most heavily litigated areas of internet law — and the cases that have been decided read like a soap opera of corporate ambition, individual stubbornness, outright fraud, and occasionally, justice.
UDRP: The Uniform Domain-Name Dispute-Resolution Policy
The UDRP is the workhorse of domain dispute resolution. Established by ICANN in 1999 (based on recommendations from the World Intellectual Property Organization), the UDRP provides a relatively fast, relatively cheap alternative to litigation for resolving domain name disputes involving trademarks.
How It Works
A trademark holder (the “complainant”) can file a UDRP complaint against a domain registrant (the “respondent”) through an approved dispute resolution provider. The major providers are:
- WIPO (World Intellectual Property Organization) — the most-used provider internationally
- NAF (National Arbitration Forum) — commonly used for US-centric disputes
- ADNDRC (Asian Domain Name Dispute Resolution Centre) — for the Asia-Pacific region
- CAC (Czech Arbitration Court) — focused on European disputes
The Three Elements
To succeed in a UDRP complaint, the complainant must prove all three elements:
- The domain is identical or confusingly similar to a trademark in which the complainant has rights
- The respondent has no rights or legitimate interests in the domain name
- The domain was registered and is being used in bad faith
All three elements must be satisfied. If the respondent can demonstrate legitimate interests — they have their own trademark, they’re making genuine noncommercial use of the domain, or they’re commonly known by the name — the complaint fails.
Bad Faith: The Key Battleground
Most UDRP disputes hinge on bad faith. The policy identifies several indicators:
- Registering the domain primarily to sell it to the trademark holder at an inflated price
- Registering the domain to prevent the trademark holder from reflecting their mark in a domain (pattern of such conduct)
- Registering the domain to disrupt a competitor’s business
- Using the domain to attract users by creating confusion with the trademark (e.g., for advertising revenue)
Bad faith requires both bad-faith registration and bad-faith use. A domain registered before the complainant’s trademark existed generally can’t have been registered in bad faith targeting that trademark — a principle that has protected many long-time domain holders from overreaching complaints.
The Process
UDRP proceedings are fast by legal standards:
- Complaint filed (filing fee: ~$1,500 for a single-panelist decision)
- Respondent notified and has 20 days to respond
- Panel appointed (1 or 3 panelists, chosen from the provider’s roster)
- Panel decision rendered within 14 days of appointment
- Decision implemented (domain transferred or complaint denied)
The entire process typically takes 45–60 days. There’s no discovery, no live testimony, no appeal within the UDRP itself (though parties can file suit in court). Decisions are publicly available, creating a substantial body of “case law” — though technically, UDRP panels are not bound by prior decisions.
Since 1999, over 60,000 UDRP cases have been filed. Complainants win roughly 85–90% of decided cases, though this statistic is misleading — many clear-cut cybersquatting cases settle before filing, and marginal cases are often not filed due to the cost. The high win rate likely reflects selection bias more than systemic favoritism.
URS: Uniform Rapid Suspension
The URS was introduced as part of the New gTLD Program as a faster, cheaper complement to the UDRP — specifically for clear-cut cases of cybersquatting in new gTLDs.
Key differences from the UDRP:
- Speed: Designed for determination within about 18 days
- Cost: Lower filing fees (starting around $375)
- Standard of proof: Higher — the complainant must demonstrate “clear and convincing evidence” (vs. the UDRP’s “balance of probabilities”)
- Remedy: Suspension only — the domain is suspended for the remainder of the registration period, but not transferred to the complainant
- Scope: Only applies to new gTLDs (not
.com,.net, or legacy TLDs)
The URS was designed as a “no brainer” remedy — for cases so clear-cut that extended proceedings aren’t necessary. In practice, it’s used less frequently than the UDRP because the suspension-only remedy is less attractive than transfer, and the higher evidentiary standard makes marginal cases harder to win.
The ACPA: Anticybersquatting Consumer Protection Act
While the UDRP is an international arbitration mechanism, the ACPA (15 U.S.C. § 1125(d)) is a US federal statute that provides a judicial remedy for cybersquatting. Enacted in 1999 — the same year as the UDRP — the ACPA allows trademark holders to sue domain registrants in US federal court.
Key Provisions
The ACPA applies when someone registers, traffics in, or uses a domain name that is:
- Identical or confusingly similar to a distinctive mark, OR
- Identical or confusingly similar to or dilutive of a famous mark
AND the person has a “bad faith intent to profit” from the mark.
ACPA vs UDRP
The ACPA offers several advantages over the UDRP for complainants:
- Monetary damages: The ACPA allows statutory damages of $1,000–$100,000 per domain name, plus potential attorney’s fees. The UDRP only allows transfer or cancellation
- In rem jurisdiction: If the registrant can’t be found or is outside US jurisdiction, the complainant can file an “in rem” action against the domain name itself (in the judicial district where the registrar or registry is located)
- Binding judgment: Court decisions are legally binding and enforceable, unlike UDRP decisions which can be challenged in court
- Discovery: Full litigation tools including depositions, document production, and subpoenas
The disadvantage: it’s expensive. ACPA litigation can cost $50,000–$500,000+ and take years. For most domain disputes, the UDRP is faster, cheaper, and sufficient.
Trademark Law and Domains
Domain disputes exist at the intersection of trademark law and the DNS. Understanding the basics of trademark law is essential:
Trademark rights arise from use, not registration. In the US, you can have enforceable trademark rights in a name simply by using it in commerce — even without filing a federal registration. This means domain disputes can involve unregistered (“common law”) trademarks.
Trademarks are limited by geography and industry. “Delta” is simultaneously a trademark for an airline, a faucet company, and a dental plan. These coexist in the physical world because they operate in different industries. But there’s only one delta.com — and Delta Air Lines owns it.
Generic terms can’t be trademarked. You can’t trademark “hotel” or “computer” or “car.” This principle protects domain investors who register generic dictionary words — they’re not cybersquatting because no one owns the trademark to a generic term. (Though this gets complicated with “genericized” trademarks and semi-generic terms.)
First-to-file vs first-to-use. Different countries have different trademark systems. In the US, first use in commerce generally prevails. In most other countries, first to file a trademark registration has priority. This creates cross-border complications for domain disputes involving multinational parties.
Reverse Domain Name Hijacking
Not all UDRP complaints are legitimate. Reverse domain name hijacking (RDNH) occurs when a trademark holder files a UDRP complaint knowing they don’t meet the requirements — attempting to abuse the process to take a domain they have no right to.
UDRP panels can find RDNH when the complainant:
- Knew the respondent had legitimate rights in the domain
- Filed the complaint primarily to harass the respondent
- Misrepresented facts or law in the complaint
- Used the UDRP to bypass negotiation (trying to avoid paying fair market value)
RDNH findings are essentially a “shaming” sanction — the finding is published in the decision, but there are no monetary penalties. Some have argued for stronger deterrents, as the cost of defending even a baseless UDRP (in time and stress, if not money) can be significant.
Famous Cases
The history of domain disputes includes some extraordinary stories:
nissan.com
Uzi Nissan, a man whose family name is Nissan, registered nissan.com in 1994 for his computer business. Nissan Motor Company — which had used the ‘Nissan’ brand in the US since the early 1980s — sued under the ACPA. The litigation lasted over a decade. Uzi Nissan won the right to keep his domain, but the legal costs reportedly bankrupted him. The case is a cautionary tale about the power imbalance between individual registrants and corporate complainants.
sex.com
In one of the most dramatic domain stories ever, sex.com was stolen in 1995 when a convicted fraudster named Stephen Cohen sent a forged letter to Network Solutions, claiming the domain’s rightful owner (Gary Kremen) had authorized the transfer. Cohen operated the domain for years, generating millions in advertising revenue. Kremen eventually won a court judgment of $65 million, but Cohen fled to Mexico to avoid paying. Kremen sold the domain for approximately $14 million in 2006. After the buyer went bankrupt, it was sold again at auction for $13 million in 2010.
mike.com
Michael Berkens, a prominent domain investor, has owned mike.com since 1998. Despite multiple challenges from various parties, Berkens has successfully defended his right to the domain — a simple case of a person named Mike owning mike.com, yet still subjected to legal threats.
facebook.com
Before Mark Zuckerberg’s social network, facebook.com was registered by AboutFace Corporation. Facebook (the company) reportedly acquired it for $200,000 in 2005 — a bargain that illustrates how corporate foresight (or lack thereof) in domain acquisition can have enormous consequences.
google.com
Google itself nearly lost its domain in 2015 when a former Google employee purchased google.com during a brief window when it became available through Google Domains (ironically, Google’s own domain registration service) due to a system error. Google regained the domain and the buyer was refunded, plus given a reward for reporting the issue responsibly.
Key Principles Established by Case Law
Decades of UDRP decisions and court cases have established several important principles:
- Generic terms are fair game: Registering a dictionary word as a domain is generally legitimate, even if a company later wants it for their brand
- Pattern of bad faith matters: If a respondent owns hundreds of domains corresponding to famous trademarks, that pattern establishes bad faith even if an individual domain might be defensible alone
- Passive holding can be bad faith: A domain that’s registered in bad faith and simply parked (not used) can still constitute bad-faith use under certain circumstances
- Good faith registration protects: If a domain was registered in good faith before a trademark existed, the registrant is generally protected even if they later become aware of the trademark
- Fan sites and criticism: Domains used for legitimate commentary, criticism, or fan sites are generally protected as free expression, even if they reference trademarks
The domain legal landscape continues to evolve as new technologies (blockchain domains, decentralized naming) and new business models (brand TLDs, premium generics) create novel questions that existing frameworks weren’t designed to answer.
Next, we’ll explore the geopolitical drama behind country code TLDs — where DNS meets international politics in fascinating and sometimes disturbing ways.