Verisign just allowed the reserved domain name CM.com to be registered. Here’s why.
In 2013, the longtime registrant of CM.com lost his domain name.
The domain name had been registered to Satoshi Shimoshita since 2004. Yet the domain name was deleted following a period in which the nameservers for the domain name pointed to NS1.SPAMSHUTDOWN.COM.
That a registrar forcefully deleted an extremely valuable domain name not coming up for renewal is rather odd. But the story of CM.com has become even more intriguing since then…
When Domain.com deleted CM.com in 2013, the domain name didn’t become available for registration. At the time, I reached out to Verisign to understand why no one could register it.
Verisign pointed me to Appendix 6 of the 2012 registry agreement the company signed with ICANN. Appendix 6 states that “all two-character labels must be reserved from initial (non-renewal) registration.”
So existing owners of two character domains are free to continue using them, but if one isn’t already registered, then it can’t be registered. In the case of CM.com, the deletion meant it was no longer a registered domain name and had to be held back.
Yet last Friday, the domain name was suddenly registered again. The domain name was registered by CSC Domains, a corporate domain name registrar. The whois record lists only CSC, which essentially makes it private. (Thanks Elliot and Andrea for bringing this to my attention.)
I reached out to Verisign again this week to understand how a reserved domain name was registered.
The answer: a court order. And it’s a really interesting one.
Before Satoshi Shimoshita owned CM.com, the domain name was registered to Michael Berry in San Diego. Before that, it was registered to Internet Holding Group, currently known as Branded Holding Group. And according to Branded Holding Group, the domain name was stolen from its Network Solutions account some time between 1998 and 2001. It alleges the domain name was stolen in much the same fashion as Sex.com: someone sent a fax to Network Solutions requesting a change.
Last year, more than 13 years after the alleged theft, Branded Holding Group filed suit against Network Solutions to recover the stolen domain name. (View the lawsuit PDF here.)
The case, filed by attorney Brett Lewis of Lewis & Lin, explained the long gap between the alleged theft and the suit:
The principal of [Branded Holding Group] should not have been required to pursue litigation at that time due to [Network Solutions’] negligence, and was unable to do so due to financial constraints. As a result, the Domain Name Remained registered in Berry’s name.
The suit claims that the most recent registrant, Satoshi Shimoshita, was using the domain name to send spam:
Upon information and belief, from 2002 to some time in 2013, Shimoshita used the Domain Name in connection with the sending of mass unsolicited commercial email spam.
…Upon information and belief, in or about November 2013, the Domain Name was seized by its registrar for Shimoshita’s persistent and pervasive use of the domain name in connection with the sending of bulk commercial email spam.
The domain name hasn’t been at Network Solutions for nearly a decade or more, and the company (now owned by Web.com) didn’t respond to the lawsuit. The judge entered a judgment and ordered the domain name to be handed to Branded Internet Group.
Filing a suit at least 13 years after an alleged theft raises a lot of interesting questions, especially since the suit was filed against what is now a disinterested party. The judge essentially took the undefended allegations as fact.
It’s not clear who owns the company. The addresses for the two letter domain names all point to a New York City apartment. The address tied to its whois email address points to another New York address. It’s also not clear what type of business it is, and a search of registered New York businesses comes up null. [Update: a former address on some of the domain names links to the same address as LeaseMy.com, which is run by Roland Chemtob.]
I’m curious if there are more old domain name thefts that will come out of the woodwork now that some of the stolen domain names are worth hundreds of thousands, if not millions, of dollars.