I don’t think this is a clear-cut case of cybersquatting.
A World Intellectual Property Organization panelist has handed down a decision to transfer cic.marketing (pdf), and I find the case somewhat troubling.
I say somewhat because the domain owner didn’t do himself any favors in his response. But to what extent should an end user domain registrant who doesn’t know anything about UDRP know how to respond? And is this really a clear-cut case of cybersquatting?
Credit Industriel Et Commercial, a bank in France, filed the dispute against a Canadian resident who said he bought the domain name for “marketing services”.
Many things concern me in this case involving a three letter domain name.
What concerns me most about this case is the timing. The domain owner registered the domain on November 11, 2022, and the bank filed the UDRP later that month, on November 28.
How much should a domain registrant have to do within a couple of weeks to demonstrate actual plans to use a domain name?
The bank pointed to three things to bolster its case.
First, the domain pointed to a pay-per-click page full of finance-related links. This is a strike against the domain owner, but it’s Namecheap’s default page. The person didn’t set it up.
Second, the domain was registered the day after the bank posted a job opening for Chargé de Marketing on its website. It’s a stretch to suggest that someone would register this domain because the bank is looking for a marketing director.
Finally, the bank argued that because the domain had MX records, the domain owner might be getting ready to undertake a phishing campaign.
OK, I guess it’s possible they are going to undertake a phishing campaign. But could there be MX records because they’re getting ready to use the site for a legitimate business? Perhaps this is a demonstration of their intent to develop the domain, not to undertake a nefarious activity?
Here’s the full text of the domain registrant’s responses to this case:
In an e-mail dated December 1, 2022, Respondent stated: “I have no idea and can’t find any documents attached related to the case. Please give us more elaboration and details.”
In an e-mail dated December 5, 2022, Respondent stated: “We just registered this domain for our marketing services and have no plan to take someone’s else brand. But we need this domain and planning to keep it for our website, We have already started working on the site, and it’s ready to publish. They had the chance to register the domain and protect their brand, and most importantly, this CIC is not specifically their unique brand name, and they can’t ask for it.”
The domain registrant could have written a few more sentences to clear things up. Why did it choose CIC for its acronym? What type of marketing services will it offer? So you might feel compelled to blame the domain registrant. But this person was clearly confused about what this UDRP thing was all about.
Generally speaking, if someone registered the domain to run a phishing campaign or to cybersquat, they wouldn’t bother responding.
What concerns me the most about this case is that in reading it, I didn’t say, “yep, this is a cybersquatting”. On the contrary, I think there’s a good chance the domain registrant registered this domain in good faith for a business, even if they didn’t articulate this well.
I live in the United States and have never heard of CIC. When I Google CIC, I get a bunch of responses on the first page. None are related to the bank. (In fact, the first one is related to Canada.) And this domain ends in .marketing, which has nothing to do with finance.
So I’m inclined to think that the registrant registered this domain for something other than the bank.