Domain Name News: February 2025

• Domain name industry news
  • WHOIS a has been
  • Free Hot Spots
  • EURid publishes Q4 2024 Quarterly Update
• Domain name recuperation news
  • From paw-sitive to problematic: lessons from the Nutripaw UDRP dispute
  • No reservations: UDRP panel serves up a cold dish to complainant
  • UDRP Complaint based on trade mark alone ends in finding of RDNH

For earlier Anchovy News publications, please visit our Domain Names practice page. Learn more about Anchovy® - Global Domain Name and Internet Governance here.

Domain name industry news

WHOIS a has been

The Internet Corporation for Assigned Names and Numbers (ICANN) recently announced that, on 28 January 2025, the Registration Data Access Protocol (RDAP) had officially become the “definitive source for delivering generic top-level domain name (gTLD) registration information in place of sunsetted WHOIS services”. As of that date, it also became optional for registrars to provide a WHOIS record.

WHOIS has long been the go-to record for anyone seeking to discover the details of a domain name’s owner. First developed in the 1980s, it was designed as a simple query and response protocol that allowed users to access the registration data of domain names. Originally intended for network administrators and IT professionals seeking to identify the owners of domain names and IP addresses, it came to be highly valued by both law enforcement agencies and brand owners seeking to enforce their intellectual property rights in the face of abusive domain names and websites.

The original WHOIS system was based on a TCP/IP connection to a WHOIS server, where a user could query for information related to domain names, IP address blocks and registered network resources. This information typically included details like the domain owner’s name, administrative and technical contacts, and registration and renewal dates.

However, as WHOIS grew in use, several limitations became apparent:

• Lack of standardisation: WHOIS lacked consistency across different registrars and domain name Registries, leading to a fragmented and sometimes confusing experience for users.
• Security concerns: WHOIS responses were typically unencrypted and sent in plain text, making the information vulnerable to abuse such as spam or even identity theft.
• Limited data accessibility: WHOIS queries were often difficult to automate or integrate with other systems due to the inconsistent formats and structures of responses.

As the Internet’s infrastructure matured, the need for a more secure, standardised, and machine-readable protocol became increasingly clear. RDAP was introduced as a response to the shortcomings of WHOIS. Developed by the Internet Engineering Task Force (IETF) in 2015, RDAP was designed to address the challenges of WHOIS by providing a more modern, standardised, and secure way to access domain registration data.

The goal of RDAP is to provide the same functionality as WHOIS, but in a more structured and secure manner. It is built on the foundation of the HTTP/REST architecture, which allows for easier access, better integration with other internet services, and enhanced flexibility. RDAP is also designed to comply with modern security protocols, ensuring that domain registration data is transmitted securely and reliably.

The key features of RDAP are:

• Standardised Responses: Unlike WHOIS, which lacked uniformity, RDAP uses a structured format based on JSON (JavaScript Object Notation). This standardisation improves the accuracy and consistency of responses across different Registries.
• Authentication and Authorisation: RDAP supports user authentication and access control mechanisms, meaning that domain registration data can be restricted or protected from unauthorised access when needed. This feature helps mitigate privacy concerns.
• Internationalisation: RDAP is designed to support multiple languages, enabling domain registrars to provide data in different languages and scripts. This is a significant advantage over WHOIS, which was often limited to a few languages.
• Security: RDAP supports secure transport over HTTPS, ensuring that registration data is transmitted securely, unlike WHOIS, which sends data in plain text.

Registries and registrars were contractually obliged to begin adopting the RDAP during the RDAP Ramp-Up period that commenced on 7 August 2023 and ended on 3 February 2024, pursuant to amendments to either the gTLD Registry Agreement (Base RA) or the 2013 Registrar Accreditation Agreement (RAA), as applicable. Although many of the major players have put in place the required changes since the 28 January 2025 implementation deadline, this may not necessarily be the case for some smaller registrars. Additionally, many registrars are still providing both RDAP and WHOIS records, in some cases, with different sets of data.

One thing that does not yet seem to have entered the collective consciousness is the replacement of the term “WHOIS” with “RDAP” for publicly available registration data search functionalities, with most registrars opting to either stick with the term “WHOIS” (even when providing RDAP records), or to label them “RDAP (WHOIS)”. Presumably this will evolve as the public becomes more aware of the change.

Back to the top

Free Hot Spots

Amazon Registry has recently announced the upcoming launch of three new generic Top Level Domains (gTLDs): .FREE, .HOT and .SPOT.

Amazon Registry runs other new gTLDs such as .BOT, .MOI (‘me’ in French), various Japanese-language gTLDs (such as 食品, which is Kanji for 'food') and .NOW and .DEAL, which it launched last year.

.FREE, .HOT and .SPOT were all delegated by ICANN back in 2016, but have never been made available until now. Trade mark owners may wish to secure their trade marks under these extensions before third parties can snap them up, especially as none of these three new gTLDs have restrictions, meaning that anyone can register domain names under these extensions.

The launch schedule is as follows:

• Sunrise Period: from 2 April to 2 May 2025

During this period, trade mark holders who have registered their trade marks with the TradeMark Clearinghouse (TMCH) will be able to apply for the corresponding domain names under any of these three new gTLDs. It is a “Start Date” Sunrise for all three gTLDs, meaning that domain names will be allocated on a first-come, first-served basis.

• Early Access Period (EAP): 12 to 17 May 2025

During this period, available domain names may be registered by anyone on a first-come, first-served basis at a higher price, which will decrease day by day leading up to General Availability.

• General Availability: from 19 May 2025 onwards

As from this date, anyone will be able to register available .FREE, .HOT and .SPOT domain names on a first-come, first-served basis, at standard prices.

For more information on the launch of these new gTLDs or to register domain names, please contact David Taylor or Jane Seager.

Back to the top

EURid publishes Q4 2024 Quarterly Update

EURid, the Registry responsible for running the .EU country code Top Level Domain (ccTLD), has recently published its Quarterly Update for Q4 2024. The report highlights EURid’s quarterly achievements and strategic advancements.

The Quarterly Update underlines EURid’s efforts during Cybersecurity Month, in October 2024. Cybersecurity Month is a public campaign designed to raise awareness about the importance of staying safe in the digital space. Under the motto of “Think Before U Click”, the campaign sought to encourage users to take basic security precautions, such as following strong password practices, using two-factor authentication and performing regular software updates, in order to improve users’ general online security. In this regard, EURid highlighted the “robust security measures” it employs, including the use of DNSSEC (Domain Name System Security Extensions), which was designed and implemented to mitigate the inherent security vulnerabilities in the Domain Name System.

In October 2024, EURid also participated in CodeWeek for the ninth consecutive year. During CodeWeek, EURid provided various educational activities and workshops in order to promote coding and digital literacy for over 350 students across Europe. The workshops covered essential skills for the students in coding, robotics and Internet principles.

The last quarter of 2024 also saw EURid publishing two new Policies in line with the implementation by Belgium of the Network and Information Security Directive (NIS2 Directive) aimed at “enhancing security and transparency in domain name management.” The Registration Data Disclosure Policy established the conditions under which “legitimate access seekers” can request access to registration data of a domain name holder, pursuant to which EURid will disclose registration data within 72 hours of receiving a duly motivated request demonstrating a legitimate interest (or within 24 hours for urgent cases). The Registration Data Verification Policy focuses on “maintaining the accuracy and completeness of registration data” with ongoing verification via the EURidity platform, launched in May 2024 (for more detailed information concerning both of these policies, see the October 2024 issue of Anchovy News).

In December 2024, EURid participated in organising the third .EU Day, which was held at the European Parliament. The event focused on disinformation, youth participation in digital policy and geopolitical issues. It included a number of speakers and more than 70 participants who took part in discussions around “how to ensure a secure future for an open and trustworthy digital Europe”.

Lastly, at the end of Q4 2024, there were a total of 3,741, 646 .EU domain names and 165,391 new .EU domain registrations. The average renewal rate during Q4 2024 stood at 81%, thus indicating a strong retention rate among .EU domain name holders.

To visit EURid’s website, please click here.

For more information, please contact David Taylor or Jane Seager.

Back to the top

Domain name recuperation news

From paw-sitive to problematic: Lessons from the Nutripaw UDRP dispute

In a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP) before the World Intellectual Property Organization (WIPO), a three-member Panel denied the transfer of the Domain Name at issue, finding that there was no evidence that it had been registered with the intent to target the Complainant or its trade marks, even though the Respondent may have acquired it after the Complainant obtained relevant trade mark rights.

The Complainant was Nutri-Paw Ltd, a UK-based company selling pet-related products, such as food, supplements and care products. It was incorporated in the UK in 2020 and held UK and EU trade marks comprising the term "NUTRIPAW", the earliest of which was registered in October 2021. It also registered its domain name <nutri-paw.com> in 2020, from which it operated its official website to promote and sell its products.

The Respondent was an individual based in the US.

The Domain Name <nutripaw.com> was initially registered in 2008. As per the historic WhoIs, it was owned by a third party as recently as January 2014. It redirected to a website displaying pornography and was also listed for sale on a domain name broker's platform without a specified price. In January 2024, the Complainant contacted the registrar's domain name broker service in an attempt to purchase the Domain Name. The broker responded that the Domain Name had been purchased by the Respondent in 2023 for more than USD 20,000 and advised the Complainant to make an offer "above that number".

To be successful in a complaint under the UDRP, a complainant must satisfy the following three requirements:

1. The domain name registered by the respondent is identical or confusingly similar to a trade mark or service mark in which the complainant has rights; and
2. The respondent has no rights or legitimate interests in respect of the domain name; and3
3. The domain name has been registered and is being used in bad faith.

With respect to the first limb, the Complainant contended that it had acquired registered and unregistered trade mark rights for the term "NUTRIPAW" as a result of extensive and significant use of this mark in connection with its pet-related products in the UK. The Complainant submitted that the Domain Name was identical to its trade mark rights. The Respondent did not dispute the confusing similarity but emphasized that the Domain Name was registered in 2008, long before the Complainant acquired its claimed registered or unregistered trademark rights. The Panel didn't challenge the Complainant's trade mark rights, which were in existence at the time that the Complaint was filed, and found that the Domain Name wholly incorporated the NUTRIPAW mark. The first limb was therefore satisfied.

Given its findings under the third limb, the Panel held that it was unnecessary to consider the second element.

Regarding the third limb, based on the historic WhoIs records and its correspondence with the domain name broker, the Complainant contended that the Respondent was not the original registrant of the Domain Name, but instead acquired it at some point in 2023, i.e., subsequent to the Complainant's acquisition of trade mark rights for NUTRIPAW. The Complainant therefore asserted that the Respondent purchased the Domain Name in full knowledge of its trade marks and business. Furthermore, the Complainant argued that the Respondent's use of the Domain Name to redirect to a pornographic website was intended not only to damage the Complainant's business and reputation but also to pressure it into purchasing the Domain Name at a high price. The Respondent responded that any claim of bad faith registration of the Domain Name was baseless and unfounded as the Complainant's trade marks or business did not yet exist when the Domain Name was registered in 2008. Regarding its use of the Domain Name, the Respondent argued that it had the right to explore different monetization strategies and that its then-current use—redirecting the Domain Name to a pornographic website and listing it for sale—neither misled consumers nor created confusion or exploited the Complainant's trade marks in any way.

Based on the historic WhoIs records provided by the Complainant, the Panel concluded that the Respondent could not have been the original registrant of the Domain Name and did not appear to be related to that prior registrant. In this context, the relevant date for the Panel's assessment of bad faith was the date on which the Respondent acquired the Domain Name. Despite the Complainant's submission of email correspondence with the domain name broker, the Panel was unable to verify whether the Respondent had indeed purchased the Domain Name in 2023. While the Panel considered issuing a procedural order to clarify this point, its subsequent findings rendered such an order unnecessary. The Panel found that even if the Respondent had acquired the Domain Name after the Complainant registered its trade marks in the UK and EU, there was no evidence that these marks had been extensively or significantly used in the US, where the Respondent was based. Additionally, the Complainant failed to provide evidence demonstrating its online presence or reputation, such as the content of its official website at <nutri-paw.com> , internet search results, or website traffic data. The Panel also noted that the Complainant's NUTRIPAW trade marks appeared to be derived from the combination of the dictionary word "paw" and a truncated form of "nutrition", collectively suggesting animal nutrition—the core focus of the Complainant's business. Given that the original registrant of the Domain Name chose this term 12 years before the Complainant began business, the Panel found that the mere identity with the Complainant's mark per se was insufficient to infer that the Respondent was aware of the Complainant and its marks at the time of acquisition. Likewise, due to the lack of relevant evidence, the Panel was unable to conclude that the Respondent's use of the Domain Name was intended to target the Complainant or to pressure it into purchasing the Domain Name. As a result, neither the registration nor the use of the Domain Name was found to be in bad faith. Therefore, the third element was not met, and the Complaint was denied.

This decision underscores the importance for brand owners to establish a strong online presence and demonstrate significant use of their trade marks, particularly in the geographic regions where respondents are based. Moreover, brand owners should recognize that success in a UDRP complaint hinges not only on the existence of prior trade mark rights but also on the ability to substantiate claims of bad faith with clear and compelling evidence of targeting. This includes showing a respondent's knowledge of the trade marks, any intent to profit from them, or actions that would likely cause confusion. Taking a step back, brand owners should also be aware of the risks involved in launching a business using a hyphenated domain name when the unhyphenated version is in the hands of an unknown third party.

The decision is available here.

Back to the top

No reservations: UDRP panel serves up a cold dish to complainant

In a recent decision under the Uniform Domain Name Dispute Resolution Policy (the UDRP or the Policy) before the World Intellectual Property Organization (WIPO), a Panel denied the transfer of three disputed domain names, determining that the case fell outside the scope of the UDRP.

The Complainant, LTG Support Pty Ltd., was an Australian company operating several restaurants.

The Respondent, an individual, was associated with Calibre Creative, an Australian digital development firm.

The disputed domain names, <lovetillydevine.com>, <ragazziwineandpasta.com>, and <lovetillygroup.com>, were registered in 2009, 2019, and 2020, respectively. At the time of filing the Complaint, the disputed domain names resolved to restaurant websites possibly relating to the Complainant’s businesses.

To be successful in a complaint under the UDRP, a complainant must satisfy the following three requirements under paragraph 4(a) of the Policy:

1. the domain name registered by the respondent is identical or confusingly similar to a trade mark or service mark in which the complainant has rights; and
2. the respondent has no rights or legitimate interests in respect of the domain name; and
3. the domain name has been registered and is being used in bad faith.

On the first point, the Complainant contended that it owned pending trade mark applications for various marks and that, if unopposed, these applications would eventually proceed to registration.

The Panel, however, determined that the Complainant had failed to establish the necessary rights under the Policy. It emphasized that a pending trade mark application does not, in itself, confer rights for the purposes of the UDRP. Furthermore, the Panel noted that the Complainant was only the applicant for the trade marks LOVE TILLY GROUP and LOVE TILLY, while other entities - who were not named as complainants - owned the remaining applications relied upon in the Complaint. The Panel underlined that the Complainant had provided no evidence of its relationship with these entities or any explanation for their absence from the proceedings. Crucially, according to the Panel, the Complaint lacked evidence of any actual use or reputation in order to support a claim of unregistered or common law trade mark rights under the UDRP. The Panel acknowledged that "Love Tilly Devine" could be a well-known restaurant, but found no supporting evidence on record to substantiate this claim.

The arguments of the Complainant under 4(a)(ii) were set aside by the Panel on the basis that it was not necessary to make a decision on this point, given its findings under 4(a)(iii).

Turning to the issue of bad faith, the Complainant argued that the Respondent had been engaged to register the disputed domain names for the Complainant's business entities but had since withheld access, deliberately ignoring the Complainant’s communications. The Complainant further argued that the Respondent’s refusal to communicate demonstrated bad faith under the Policy.

The Panel, however, found no evidence supporting the claim that the Respondent registered or used the disputed domain names to exploit the Complainant's alleged trade marks. The Panel emphasized that UDRP cases require demonstrable proof of bad faith, not just unsubstantiated allegations. The record contained no evidence of a contract between the parties, no indication of when or how the Respondent allegedly took control of the disputed domain names, and no prior communications on the matter between the Complainant and the Respondent. In short the key facts necessary to decide the case were missing.

The Panel noted that, based on the Complainant’s own assertions, the Respondent initially registered the disputed domain names to assist with the Complainant’s websites. The Panel concluded that the dispute was fundamentally contractual in nature, rather than an instance of cybersquatting. As such, the UDRP was deemed an inappropriate avenue for resolution in this case. Finally, the Panel stressed that a refusal to communicate did not, of itself, establish bad faith.

The decision serves as a reminder that complainants must present substantiated claims, particularly when asserting unregistered trade mark rights or alleging that a respondent’s actions constitute bad faith. Unsupported assertions and assumptions, without accompanying documentation or legal arguments grounded in UDRP precedent, are unlikely to succeed.

Additionally, the case underlines that disputes arising from business relationships, such as disagreements over domain name management, are generally beyond the scope of the UDRP and are more appropriately resolved through litigation in a court of competent jurisdiction. This decision serves as a cautionary example that the UDRP is not a catch-all remedy for all domain name-related grievances.

The full decision is available here.

Back to the top

UDRP Complaint based on trade mark alone ends in finding of RDNH

In a recent decision under the Uniform Domain Name Dispute Resolution Policy ("UDRP") before the World Intellectual Property Organization ("WIPO"), the Panel rejected a Complaint filed by Solar Hero GmbH regarding the disputed domain name <hive-pt.com> (the "Domain Name"), finding no evidence of bad faith and declaring the Complaint an attempt at Reverse Domain Name Hijacking ("RDNH").

The Complainant was Solar Hero GmbH, a German company and the owner of the European Union Trade Mark No. 18879410, TRADINGHIVE, registered on 9 September 2023 in Classes 36 and 42 for financial services, banking solutions and technology-driven finance. The Complainant asserted rights in the mark and claimed that the Domain Name <hive-pt.com> misappropriated its distinctive element "hive", creating a likelihood of confusion. The Complainant further alleged that the Respondent was using the term "hive" in a manner that could mislead users and cause confusion with its brand.

The Respondent was Sincronielevada Unipessoal, a Portugal-based proprietary trading company. It operated an online trading platform under the name "Hive PT", offering trader training and assessment through simulated trading challenges. The platform provided tools for evaluating traders at different skill levels, using structured challenges to determine their suitability for proprietary trading. The Respondent maintained an active online presence, including a professional website, social media accounts, and industry media coverage. The Respondent stated that the "pt" in its name stood for "proprietary trading" rather than a reference to Portugal.

The Domain Name <hive-pt.com> was registered on 11 February 2024. The Domain Name resolved to a website used for the Respondent’s proprietary trading services, featuring branding, promotional content, and information about its trading challenges. The Respondent's website presented itself as a platform catering to traders looking to improve their skills and qualify for funding opportunities. The Respondent emphasized that multiple registered trade marks containing the word "hive" existed in Class 36, including several European Union Trade Mark registrations.

To succeed under the UDRP, a complainant must satisfy the requirements of paragraph 4(a) of the Policy:

1. The disputed domain name is identical or confusingly similar to a trade mark or service mark in which the complainant has rights;
2. The respondent has no rights or legitimate interests in respect of the disputed domain name; and
3. The disputed domain name was registered and is being used in bad faith.

Identity or confusing similarity

The Panel first considered whether the Domain Name was identical or confusingly similar to a trade mark in which the Complainant had rights. The Complainant relied on its TRADINGHIVE trade mark and argued that the term "hive" was the dominant element, rendering the Domain Name <hive-pt.com> confusingly similar to the Complainant's mark. However, the Panel conducted a side-by-side comparison of the textual components of the mark and the Domain Name and found that the Complainant’s mark was not recognizable within the Domain Name. The Panel noted that the Complainant’s mark consisted of two elements, "TRADING" and "HIVE", neither of which was more dominant than the other. The Panel rejected the Complainant's argument that the term "trading" should have been disregarded as being merely descriptive, clarifying that it was necessary to assess the Complainant's trade mark in its entirety and that the Complainant’s suggested approach misrepresented the test under the first element of the UDRP. The Panel noted that the Complaint would have likely failed under the first element; however, noting the outcome of the case under the third element, the Panel did not consider it necessary to reach a definitive conclusion on the question of identity or confusing similarity.

Rights or legitimate interests

Similarly, in light of the Panel's findings under the third element, the Panel did not conduct a full analysis of whether the Respondent had rights or legitimate interests in the Domain Name.

Bad faith

The Panel found no evidence that the Respondent had registered or used the Domain Name in bad faith. Critically, the Complainant had failed to provide any evidence of use of its trade mark to support an inference that the Respondent knew of the Complainant when registering the Domain Name. The Panel further found that the Respondent had presented evidence of its use of the dictionary term "hive" in a descriptive sense, rather than as an attempt to exploit the Complainant's trade mark. Given the shortcomings in terms of the evidentiary record presented by the Complainant, the Panel noted that the Complainant's allegations of bad faith were unsupported by any factual basis and that bad faith could not be presumed solely from the existence of a similar word in the Domain Name. As a result, the Complaint failed under the third element of the Policy.

Reverse Domain Name Hijacking

The Panel noted that the Complainant, who was represented by legal counsel, had made unsubstantiated claims regarding the notoriety and global presence of its trade mark, without presenting any supporting evidence. It also failed to provide any basis for its allegation that the Respondent had targeted its trade mark. The Panel noted that the Complaint was based on bare assertions and that it presented a misinterpretation of the UDRP criteria, particularly in its attempt to disregard key elements of its own trade mark while asserting rights over a common dictionary word. Given the lack of relevant evidence and the weakness of the Complaint, the Panel concluded that the Complainant should have known that its claim had no reasonable chance of success. The Panel found that the Complaint constituted Reverse Domain Name Hijacking, amounting to an abuse of the UDRP process.

Comment:

This case serves as a reminder that while relevant trade mark rights do give rise to standing to file a UDRP Complaint, when asserting rights over a trade mark for purposes of a UDRP Complaint, it is essential to consider the entirety of the trademark rather than focusing on a single element of the mark. Moreover, a complainant must provide substantial evidence to support claims of bad faith registration and use of a domain name. In particular, claims regarding the notoriety or global presence of a trade mark must be backed by evidence. Failing to do so, or filing a complaint that lacks a reasonable chance of success risks leading to a finding of Reverse Domain Name Hijacking.

The full decision is available here.

Back to the top

Authored by the Anchovy News team.

• Laëtitia Arrault
• Sean Kelly
• Ying Lou
• Cindy Mikul
• Eliza Parr
• Thomas Raudkivi
• Maria Rozylo
• Jane Seager
• David Taylor
• Tony Vitali
• Grace Wilshaw

Anchovy® - Global Domain Name and Internet Governance

Hogan Lovells offers a unique, comprehensive and centralised Paris-based online brand protection service called Anchovy® for global domain name strategy, portfolio management and global enforcement. We are the only law firm to be an ICANN-accredited registrar and we are accredited with a number of country-specific Registries worldwide.

We also specialise in all aspects of ICANN’s new generic Top Level Domain (gTLD) process and we are an agent for the Trademark Clearinghouse. As the global Domain Name System undergoes an unprecedented expansion, brand owners must revise their online protection strategies and we are ideally placed to guide them.

We are also frequently brought in to advise on cybersecurity, data protection and on a whole range of technology-related issues.

For more information on our services, please contact David Taylor or Jane Seager.