What happens when someone uses your information to register a domain name?
The registrant of the domain name named zscalers .com made an unusual defense in a cybersquatting litigation: it did not actually register the domain name.
In response to the UDRP filing, the person stated that they had been the victim of identity theft and had not registered the domain name (or any domain for that matter).
It’s easy for anyone to put anything in the contact fields for domain names. The only check most registrars do is that the email address is working.
In the case of zscalers.com, panelist Debrett Lyons decided not to redact the name of the respondent who said he did not register the domain. Lyons wrote:
As noted above, the Respondent alleges that he was the victim of identity theft. Specifically, on February 24, 2022, the Forum received an email from Respondent stating that it did not own any domains. In certain circumstances, the Panel has the discretion to remove information, including a party’s name, from the published decision…
The Panel considers the following in its decision not to redact the Registrant’s name as Respondent in its decision. The Respondent’s February 24, 2022 message does not request the removal of his name from a Final Action. Respondent had until March 9, 2022 to provide the Forum with a formal Response; He does not have. The defendant provided no further elaboration or proof of his stolen identity claim. The name of the respondent has been protected by a confidentiality service.
Most of this is flimsy justification. Let’s break it down:
The Respondent’s February 24, 2022 message does not request the removal of his name from a Final Action.
If you don’t own a domain or have never encountered a UDRP, you probably don’t know your name will be published.
Respondent had until March 9, 2022 to provide the Forum with a formal Response; He does not have.
If you don’t own the domain, you’re not going to mount a formal defense of the domain.
The defendant provided no further elaboration or proof of his stolen identity claim.
It’s the only part of Lyon’s logic that makes sense. Lyons may not have been convinced by declarer’s story.
The name of the respondent has been protected by a confidentiality service.
It is possible that the registrant of this domain – the person who has impersonated the registrant in Whois or the person themselves – has chosen to use Whois privacy. This domain was registered late last year when GoDaddy was deleting some information, but may not have applied Domains by Proxy by default. But now GoDaddy adds Whois privacy to all domains. So, going forward, panelists should be careful not to jump to conclusions about domains using Domains by Proxy (or any other privacy service for that matter).
In this case, the Complainant alleges that the person who owned the domain posed as someone from his collection department to scam people. This means that it is highly likely that they used false information when registering the domain to cover their tracks.
I have decided not to link the decision of the National Arbitration Forum case nor to name the Respondent in the circumstances.