In recapturing a domain name fraudulently transferred there is a common theme to losing it by inadvertent lapse of registration. In both, a domain name formerly registered in complainant’s name is latterly found in another’s, but the different factual circumstances demand a different approach to assessing intention. While a respondent’s post lapse registration is not inconsistent with good faith, hacking a current account is conclusive of bad faith. Proof of transfer alone whether to a new registrar or to a new registrant with the same registrar is sufficient to find that the respondent lacks rights or legitimate interests in the domain name. Claims of domain name hijacking by hacking a complainant’s account are within the scope of the Policy, but the assessment does not rest on the elements of conversion or grand larceny. Bill Clark v. HiNet, Inc., FA0501000405057 (Nat. Arb. Forum March 4, 2005) (“Although a fraudulent transfer raises potential contract or tort issues that are outside the scope of the Policy, the Panel may still decide to transfer the disputed domain name if it finds that Complainant has established that all requirements of the Policy, aside from the fraudulent transfer issue, are met.”).
The characterization of how the respondent came into possession of the domain name or its criminality in the use to which the site is being put (phishing) are not the controlling factors since those causes of action exceed the Panel’s authority. Further: “[i]f allegations [of] conversion were always to put a complaint outside of the scope of the Policy, the Policy would be ineffective.” Complainant can invoke the Policy to remedy abusive conduct in the acquisition and use of domain names as long as it has established all of the requirements for relief. For example, in Global Village Publishing, Inc. v. chenwen, FA1303001489761 (Nat. Arb. Forum May 6, 2013) Complainant claimed that Respondent hacked its account with GoDaddy.com, the previous domain name registrar, and transferred the <gvp.com> domain name to a new registrar in Respondent’s name without Complainant’s consent. Although Complainant made no specific claims of confusing similarity between GVPI (its trademark) and its stolen domain name <gvp.com> the Panel connected the dots to find that the deletion of a single letter was “insufficient in distinguishing a domain name from a mark.” In 8x Entertainment, Inc., Gener8Xion Television, Inc., Gener8Xion Entertainment, Inc. v. EXC International AG, D2005-1126 (WIPO December 28, 2005) the Panel noted that “the fact is that someone unlawfully took control of Complainants’ e-mail account and used it to fraudulently represent to Network Solutions and OnlineNic, Inc. that Complainants had authorized a transfer of the domain name in dispute, when in fact Complainants had not.”
Whereas unauthorized transfers of domain names recognized by the general public as sources of goods or services are implicitly within the scope of the Policy, fraudulent transfers of domain names that have no association with goods or services are not. Where there is no trademark, complainant has no standing to complain in a UDRP proceedings. Thus, Taeho Kim v. Skelton Logic, FA1002001305934 (Nat. Arb. Forum March 22, 2010):
Complainant concedes that he has no trademark or service mark rights and relies solely on his prior registration of the domain names and his stated intent to use marks corresponding to the domain names in the future. Given the generic nature of the second level domains, “recent,” “they” and “that,” the mere acquisition by Complainant of the disputed domain names cannot possibly give rise to trademark rights in RECENT.NET, THEY.NET or THAT.NET. Nor can intent to use give rise to trademark rights.
In these disputes, complainant’s are clearly aggrieved “and, if [their] allegations are correct, rightfully so. However the Policy is not designed to deal with allegations of fraud and theft.” Jimmy Alison v. Finland Property Services (Pty) Ltd., D2008-1141 (WIPO September 8, 2008) (<didyouknow.com>).