IBM’s case was “ill conceived and poorly executed,” but panelist stopped short of finding reverse domain name hijacking.
IBM has lost a cybersquatting claim it made against IBMS.com, and the panelist found that IBM’s “prosecution of the Complaint was ill conceived and poorly executed.” However, the panelist stopped short of finding reverse domain name hijacking.
The company filed a complaint (pdf) with World Intellectual Property Organization against IBMS and its domain name ibms.com. IBMS LLC is a Delaware limited liability company founded in 2011.
It seems that IBM filed the case after someone used an email address at @br.ibms .com to try to trick an IBM customer into providing bank details. While that would indeed be grounds to find bad faith use, it doesn’t appear that the domain owner sent this email.
The domain registrar confirmed that only one email address was set up on ibms.com and that it hasn’t been used in the past two years. And IBM provided additional evidence in a supplemental finding that showed the email was sent from an IP address identified on spam lists as associated with a botnet network that distributes malware.
IBM sent a cease-and-desist to the domain owner on April 18, 2023. It claimed in its filing that there was no reply. After the Respondent provided proof that there was a reply, IBM acknowledged there was one but characterized it as “terse.”
IBMS LLC wasn’t represented by counsel and didn’t specifically ask for a finding of reverse domain name hijacking. But panelist W. Scott Blackmer decided it warranted a discussion. He wrote:
Here, the Complainant inadequately investigated the underlying facts. The disputed domain name was registered more than 24 years before the Complaint was filed, which should have suggested that some basic research was in order to determine when it was acquired by the current registrant and how the registrant has used it since. The Complaint did not refer to the more than 250 archived screenshots of the disputed domain name, merely asserting (erroneously) that the disputed domain name had only been used for a redirect to <greenfence.io> and for phishing emails. The Complainant also did not mention (until its supplemental filing) the fuller report from the Complainant’s own security team indicating that the March 2023 phishing emails came from an IP address associated with a botnet on spam lists, thus casting doubt on the Complainant’s theory that the Respondent sent the phishing emails. However, the Complainant was responding to a blatant spoofing email attack using the disputed domain name and did not necessarily have to accept the Respondent’s denials of involvement. The IBM mark is well known and frequently attacked by cybersquatters and fraudsters, as evidenced in numerous UDRP decisions. On balance, the Panel finds that the Complainant’s prosecution of the Complaint was ill conceived and poorly executed but does not represent harassment or bad faith as described in Rule 15(e). Therefore, the Panel declines to enter a finding of RDNH.
IBM was internally represented.