Home Depot Product Authority, LLC v. Domain Owner / Knowbe4
Claim Number: FA2204001990823
Complainant is Home Depot Product Authority, LLC (“Complainant”), represented by Richard J. Groos of King & Spalding LLP, Texas, USA. Respondent is Domain Owner / Knowbe4 (“Respondent”), represented by Joe Dimont of Winston & Strawn LLP, California, USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <homedepotcustomercenter.com>, registered with Amazon Registrar, Inc.
The undersigned certify that they have acted independently and impartially and to the best of their knowledge have no known conflict in serving as Panelists in this proceeding.
Charles A. Kuechenmeister, Panelist
Sandra J. Franklin, Panelist
Martin Schwimmer, Panelist
Complainant submitted a Complaint to the Forum electronically on April 4, 2022; the Forum received payment on April 4, 2022.
On April 4, 2022, Amazon Registrar, Inc. confirmed by e-mail to the Forum that the <homedepotcustomercenter.com> domain name (the Domain Name) is registered with Amazon Registrar, Inc. and that Respondent is the current registrant of the name. Amazon Registrar, Inc. has verified that Respondent is bound by the Amazon Registrar, Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On April 5, 2022, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint setting a deadline of April 29, 2022 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@homedepotcustomercenter.com. Also on April 5, 2022, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
A timely Response was received and determined to be complete on April 29, 2022.
Complainant filed an Additional Submission on May 4, 2022. It was considered by the Panel.
Respondent filed an Additional Submission on May 10, 2022. It was considered by the Panel.
On May 16, 2022, pursuant to Respondent’s request to have the dispute decided by a three-member Panel, the Forum appointed Charles A. Kuechenmeister (Chair), Sandra J. Franklin, and Martin Schwimmer as Panelists.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.
Complainant requests that the Domain Name be transferred from Respondent to Complainant.
A. Complainant
Complainant owns the HOME DEPOT trademark and licenses it to The Home Depot, which is a large, well-known provider of home improvement supplies, equipment and services. It has rights in the HOME DEPOT mark based on its registration of that mark with the United States Patent and Trademark Office (“USPTO”). Respondent’s <homedepotcustomercenter.com> Domain Name is confusingly similar to Complainant’s HOME DEPOT mark as it incorporates the entire mark, merely adding the generic term “customer center” and the “.com” generic top-level domain (“gTLD”).
Respondent has no rights or legitimate interests in the Domain Name. It has no relationship or affiliation with Complainant, Complainant has not authorized Respondent to use its HOME DEPOT mark, and Respondent is not commonly known by the Domain Name. Additionally, Respondent is not using the Domain Name in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use, as Respondent uses it to pass off as Complainant and engage in phishing via emails. An email sent from an address based upon the Domain Name reached one of Complainant’s customers, conveying information that Complainant was the subject of a data security breach.
Respondent registered and is using the Domain Name in bad faith. It is attempting for commercial gain to deceive Internet users as described in Policy ¶ 4(b)(iv). Respondent uses the Domain Name to pass off as Complainant in phishing emails, and it had actual knowledge of Complainant’s rights in the HOME DEPOT mark when it registered the Domain Name.
B. Respondent
Respondent KnowBe4, Inc. is a cyber security company that provides Security Awareness training programs to prevent successful phishing attacks. These programs provide Respondent’s customers with access to materials to test their employees’ preparedness for phishing attacks. The materials include emails from safe spoofed email domains, allowing Respondent’s customers to send a phishing test to their employees that appear to originate from a source other than the company or organization itself. Respondent is using the Domain Name for this purpose, not to engage in a genuine phishing scheme. It takes great care to ensure that the Domain Name is used only in a tightly controlled testing environment and that it cannot be used for anything other than a simulated phishing attack. It is not used to attract commercial gain for itself, to compete with Complainant, to disparage Complainant, or to disrupt Complainant’s business. Respondent has never used the Domain Name to host a website or any other content. Respondent’s use of the Domain Name in this manner is a legitimate fair use, without intent for commercial gain to divert consumers or to tarnish the Complainant’s mark. Respondent thus has rights or legitimate interests in the Domain Name.
The Domain Name is not confusingly similar to Complainant’s mark since it has the added terms “customer center,” which creates a conceptual difference from the mark.
Respondent’s registration and use of the Domain Name is not in bad faith. It was registered and is used only in connection with Respondent’s security awareness training program, as described above.
Complainant Additional Submission
Respondent acknowledges that it is using the Domain Name in connection with its for-profit business, and that it selected the Domain Name for the very reason that emails sent from an address based upon it would appear to have originated from Complainant.
An email sent from such address reached one of Complainant’s customers, stating that Complainant was the subject of a data security breach.
Complainant never authorized or permitted Respondent to use its mark for any reason. Respondent is using the Domain Name for its own commercial gain. This is not a legitimate noncommercial or fair use within the meaning of Policy ¶ 4 (c)(i) or (iii). Nor is it anything but bad faith. The ends (security training) do not justify the means (appropriating Complainant’s mark for Respondent’s own financial gain).
Respondent Additional Submission
Respondent objects to the Panel considering Complainant’s Additional Submission because it knew or should have known about Respondent’s good faith use of the Domain Name before it filed its Complaint.
Respondent’s use of Complainant’s mark is not connected to any website so its use is uniquely limited and is not for any kind of commercial leverage or benefit. Policy ¶ 4(c)(iii) provides a defense when the use of a domain name is fair and without intent to tarnish the mark at issue.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires a complainant to prove each of the following three elements to obtain an order cancelling or transferring a domain name
(1) the domain name registered by the respondent is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
(2) the respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
The HOME DEPOT mark was registered to Homer TLD, Inc. with the USPTO (Reg. No. 2,314,081) on February. 1, 2000 (USPTO registration certificate included in Complaint Exhibit B). There is no documentary evidence before the Panel or any explanation in the Complaint of whether or how this or any of the other USPTO registrations evidenced in Complaint Exhibit B is owned or controlled by the named Complainant. One of the USPTO registration certificates included in Exhibit B evidences a registration of a Home Depot logo, a square with the words “The Home Depot” written diagonally inside of it, to an entity named The Home Depot, Inc., with an Atlanta, Georgia address different from the Atlanta address of Complainant as shown in the Complaint (Reg. No 1,297,161 registered September 12, 1984). The Complaint only states that Complainant is the owner of the HOME DEPOT and THE HOME DEPOT marks. It also refers to Complainant, “through its predecessors in interest and licensees, including The Home Depot,” commencing use of those marks as early as 1979. These allegations are not disputed by Respondent, and, taking into consideration the 1984 registration to The Home Depot, Inc., the Panel elects to accept them as true. Complainant’s ownership of these marks establishes its rights in them for the purposes of Policy ¶ 4(a)(i). DIRECTV, LLC v. The Pearline Group, FA 1818749 (Forum Dec. 30, 2018) (“Complainant’s ownership of a USPTO registration for DIRECTV demonstrate its rights in such mark for the purposes of Policy ¶ 4(a)(i).”). As current owner of the February 2000 registration, Complainant has sufficient rights in the HOME DEPOT mark to bring and maintain this proceeding.
Respondent’s <homedepotcustomercenter.com> Domain Name is confusingly similar to Complainant’s HOME DEPOT mark. It incorporates that mark in its entirety, merely adding the generic “customer center” term and the “.com” gTLD. These changes do not distinguish the Domain Name from Complainant’s mark for the purposes of Policy ¶ 4(a)(i). Respondent’s argument that the added generic terms, which make the Domain Name double the length of the mark, create a conceptual difference, is rejected. If anything, the added terms enhance the confusing similarity because, as Complainant is a large retail establishment, it would be plausible for it to have a “customer center” and use a domain name which reflects that. MTD Products Inc v. J Randall Shank, FA 1783050 (Forum June 27, 2018) (“The disputed domain name is confusingly similar to Complainant’s mark as it wholly incorporates the CUB CADET mark before appending the generic terms ‘genuine’ and ‘parts’ as well as the ‘.com’ gTLD.”), Microsoft Corporation v. Thong Tran Thanh, FA 1653187 (Forum Jan. 21, 2016) (determining that confusing similarity exists where [a disputed domain name] contains Complainant’s entire mark and differs only by the addition of a generic or descriptive phrase and top-level domain, the differences between the domain name and its contained trademark are insufficient to differentiate one from the other for the purposes of the Policy), Dell Inc. v. Pham Xuan Hoa, FA1891655 (Forum May 14, 2020) (“Indeed, the added the term ”driver” exacerbates the confusing similarity because Complainant produces and distributes small pieces of software called drivers to support operating systems.”). The WIPO Panel Views on Selected UDRP Questions, Third Edition (WIPO Overview 3.0), at ¶ 1.7, states that the test for confusing similarity “typically involves a side-by-side comparison of the domain name and the textual components of the relevant trademark to assess whether the mark is recognizable within the domain name.” Notwithstanding the changes described above, Complainant’s mark is clearly recognizable within the Domain Name.
If a complainant makes a prima facie case that the respondent lacks rights or legitimate interests in the domain name under Policy ¶ 4(a)(ii), the burden of production shifts to respondent to come forward with evidence that it has rights or legitimate interests in it. Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”). If a respondent fails to come forward with such evidence, the complainant’s prima facie evidence will be sufficient to establish that respondent lacks such rights or legitimate interests. If the respondent does come forward with such evidence, the Panel must assess the evidence in its entirety. At all times, the burden of proof remains on the complainant. WIPO Overview 3.0, at ¶ 2.1.
Policy ¶ 4(c) lists the following three nonexclusive circumstances, any one of which if proven can demonstrate a respondent’s rights or legitimate interests in a domain name for the purposes of Policy ¶ 4(a)(ii):
(i) Before any notice to the respondent of the dispute, the respondent’s use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services;
(ii) The respondent (as an individual, business or other organization) has been commonly known by the domain name, even if the respondent has acquired no trademark or service mark rights; or
(iii) The respondent is making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.
Complainant asserts that Respondent has no rights or legitimate interests in the Domain Name because (i) it is not affiliated with Complainant and Complainant has not authorized Respondent to use its mark, (ii) Respondent has not been commonly known by the Domain Name, and (iii) Respondent is not using the Domain Name in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use because Respondent uses it to pass off as Complainant and engage in phishing via emails. These allegations are addressed as follows:
Complainant states that Respondent is not affiliated or associated with it and that it has never authorized or permitted Respondent to use its mark. Complainant has specific competence to make this statement, and it is unchallenged by Respondent or any evidence before the Panel. In the absence of evidence that a respondent is authorized to use a complainant’s mark in a domain name or that a respondent is commonly known by the disputed domain name, the respondent may be presumed to lack rights or legitimate interests in the domain name. IndyMac Bank F.S.B. v. Eshback, FA 830934 (Forum Dec. 7, 2006) (finding that the respondent failed to establish rights and legitimate interests in the <emitmortgage.com> domain name as the respondent was not authorized to register domain names featuring the complainant’s mark and failed to submit evidence that it is commonly known by the domain name), Indeed, Inc. v. Ankit Bhardwaj / Recruiter, FA 1739470 (Forum Aug. 3, 2017) (”Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and, as discussed below, there are no Policy ¶ 4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at-issue domain name.”).
Respondent does not claim that it has been commonly known by the Domain Name. The information furnished to the Forum by the registrar lists “Domain Owner / Knowbe4” as the registrant of the Domain Name. Neither of these names bears any resemblance to the Domain Name. Evidence could, of course, in a given case demonstrate that the respondent is commonly known by a domain name different from the name in which it registered the domain name, e.g., the case of a domain name incorporating the brand name of a specific product offered by and associated with the respondent. In the absence of any such evidence, however, UDRP panels have consistently held that WHOIS evidence of a registrant name which does not correspond with the domain name is sufficient to prove that the respondent is not commonly known by the domain name. Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same), Alaska Air Group, Inc. and its subsidiary, Alaska Airlines v. Song Bin, FA1408001574905 (Forum Sept. 17, 2014) (holding that the respondent was not commonly known by the disputed domain name as demonstrated by the WHOIS information and based on the fact that the complainant had not licensed or authorized the respondent to use its ALASKA AIRLINES mark). The Panel is satisfied that the Respondent has not been commonly known by the Domain Name.
Complaint Exhibit D contains a copy of an email sent from thehomedepot@homedepotcustomercenter.com to one of Complainant’s customers notifying the customer that a file containing the customer’s email address and possibly passwords had been compromised by a security breach, and recommending that the customer change its password and security questions by clicking a link to a website which appears in the email. The customer instead contacted Complainant, and that is how Complainant learned that Respondent registered and was using the Domain Name. Using a domain name to gain commercially through a fraudulent email scam is neither a bona fide offering of goods or services as contemplated by Policy ¶ 4(c)(i) nor a legitimate noncommercial or fair use as contemplated by Policy ¶ 4(c)(iii). Emerson Electric Co. v. golden humble / golden globals, FA 1787128 (Forum June 11, 2018) (“Passing off as a complainant through e-mails is evidence that a respondent lacks rights and legitimate interests under Policy ¶¶ 4(c)(i) & (iii).”), Chevron Intellectual Property LLC v. Thomas Webber / Chev Ronoil Recreational Sport Limited, FA 1661076 (Forum Mar. 15, 2016) (finding that the respondent had failed to provide a bona fide offering of goods or services or any legitimate noncommercial or fair use, stating, “Respondent is using an email address to pass themselves off as an affiliate of Complainant. Complainant presents evidence showing that the email address that Respondent has created is used to solicit information and money on false pretenses. The disputed domain name is being used to cause the recipients of these emails to mistakenly believe Respondent has a connection with Complainant and is one of the Complainant’s affiliates.”), Emerson Electric Co. v. Adilcon Rocha, FA 1735949 (Forum July 11, 2017) (finding that respondent’s attempt to pass off as complainant through emails does not constitute a bona fide offering of goods or services and, as such, respondent lacked rights or legitimate interests in the disputed domain name).
The evidence furnished by Complainant establishes the required prima facie case. It is now incumbent upon Respondent to go forward with evidence to demonstrate that it has rights or legitimate interests in the Domain Name. To that end, Respondent offers the following:
Respondent states that it provides useful and important cyber security services intended to train its customers’ employees to spot and deal appropriately with phishing emails. Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Respondent’s training program consists of having the customer’s IT department send a phishing email to the customer’s employees that appear to originate from a source other than the customer’s organization, and evaluate how they respond.
Respondent further states as follows: Its registration and use of the Domain Name has been only in connection with this program. The Domain Name has never been used to host any website, to disparage Complainant, to compete with Complainant, or to disrupt Complainant’s business. Respondent has never attempted to sell the Domain Name, nor has it ever used the Domain Name as a trademark. Respondent takes measures to ensure that its use of the Domain Name does not result in confusion or commercial harm. The only person who sees the Domain Name is the customer’s employee to whom the test email is sent. If that employee attempts to reply to the test email he or she receives an error message that the reply was not delivered because the Domain Name could not be found. A person who attempts to type the Domain Name into a URL to reach a website associated with it would receive an error message that the site “can’t be reached” because the server IP address “could not be found.” In short, Respondent’s use of the Domain Name is purely for educational purposes. It does not use it to conduct genuine phishing operations, or for a website that seeks to trade on Complainant’s reputation and goodwill for commercial gain. Respondent asserts that the Domain Name is being used as part of a bona fide offering of services, namely educational programs directed at computer security awareness, and that this is a prime example of fair use.
As alleged by Complainant, the Complaint Exhibit D email notified the recipient[i] that a file containing the customer’s email address had been compromised by a security breach and recommended that the customer change its password and security questions by clicking on a link in the email. Respondent states that had the recipient clicked on the link in the email he or she would have been redirected to a landing page notifying the recipient that he or she had been part of a simulated phishing test.
While the Complaint Exhibit D email based upon the Domain Name does pass off as Complainant and does solicit sensitive private information, Respondent argues that this is done as a supervised and controlled training exercise. It is clear that Respondent is not using the Domain Name in connection with a genuine phishing program, or for a website which impersonates or competes with Complainant or otherwise trades on Complainant’s reputation and goodwill. The Panel also recognizes that Respondent is taking precautions to ensure that the Domain Name is used only in a controlled testing environment and that its primary focus is on training and education in an important field—cyber security. None of this, however, addresses the underlying fact that Respondent does not own the HOME DEPOT mark, and that it appropriated and is using that mark without Complainant’s permission as part of its for-profit business. By incorporating Complainant’s mark into the Domain Name, Respondent is using it as a tool or equipment in connection with the services it sells to its customers. This is analogous to a person performing at a paid concert music which is the intellectual property of another, without the composer’s permission and without paying royalties owed. It cannot be a bona fide offering of goods or services or a legitimate or fair use. It is not possible to gain rights or legitimate interests in a Domain Name which is based upon and incorporates a mark that the domain holder has no authority to use. IndyMac Bank F.S.B. v. Eshback, FA 830934 (Forum Dec. 7, 2006) (finding that the respondent failed to establish rights and legitimate interests in the <emitmortgage.com> domain name as the respondent was not authorized to register domain names featuring the complainant’s mark and failed to submit evidence that it is commonly known by the domain name), Indeed, Inc. v. Ankit Bhardwaj / Recruiter, FA 1739470 (Forum Aug. 3, 2017) (”Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and, as discussed below, there are no Policy ¶ 4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at-issue domain name.”). The fact that, apart from the wrongful appropriation of Complainant’s mark, Respondent may be conducting a lawful and useful business does not in and of itself demonstrate rights or legitimate interests. Facebook, Inc. and Instagram, LLC v. WhoisGuard Protected, WhoisGuard, Inc. / Phishing Operations, Wombat Security Technologies, D2020-3218 (WIPO Jan. 25, 2021) (“Respondent is undoubtedly engaged in a legitimate business, but engaging in a legitimate business does not automatically vest Respondent with a legitimate interest vis-à-vis the Domain Names.”).
Complainant argues also that the Exhibit D email disparages and tarnishes Complainant’s reputation by alleging that it experienced a security breach jeopardizing the recipient’s email address and possibly passwords etc. Respondent points to Policy ¶ 4(c)(iii) which provides a defense when the domain name is used “without intent . . . to tarnish” the mark at issue. The Panel finds that Respondent’s test email certainly does tarnish Complainant’s mark, a result that Respondent could easily foresee, and its use was by no means necessary. Respondent could have found any number of ways to simulate a phishing email without alleging a security breach. Its use of that language in the email borders on reckless and is not consistent with any notion of fair use.
For the reasons discussed above, the Panel finds that Respondent has no rights or legitimate interests in the Domain Name.
Policy ¶ 4(b) sets forth a nonexclusive list of four circumstances, any one of which if proven would be evidence of bad faith use and registration of a domain name. They are as follows:
(i) circumstances indicating that the respondent has registered or acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant which is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of the respondent’s documented out-of-pocket costs directly related to the domain name; or
(ii) the respondent has registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that the respondent has engaged in a pattern of such conduct; or
(iii) the respondent has registered the domain name primarily for the purpose of disrupting the business of a competitor; or
(iv) by using the domain name, the respondent has intentionally attempted to attract, for commercial gain, Internet users to the respondent’s website or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation or endorsement of the respondent’s website or location or of a product of service on the respondent‘s website or location.
The evidence of Respondent’s conduct discussed above in the rights or legitimate interests analysis also supports a finding of bad faith registration and use. That conduct does not fall within any of the circumstances articulated in Policy ¶ 4(b), but ¶ 4(b) recognizes that mischief can manifest in many different forms and takes an open-ended approach to bad faith, listing some examples without attempting to enumerate all its varieties. Worldcom Exchange, Inc. v. Wei.com, Inc., WIPO Case No. D-2004-0955 (January 5, 2005). The non-exclusive nature of Policy ¶ 4(b) allows for consideration of additional factors in an analysis for bad faith, and Respondent’s wrongful appropriation of Complainant’s mark for a confusingly similar domain name used in connection with its for-profit business is sufficient to support a finding of bad faith registration and use. It knew when it registered the Domain Name that it did not own the HOME DEPOT mark, and that it did not have permission from the owner of that mark to use it. Respondent continuously emphasizes the legitimate and useful nature of its business, but that neither justifies nor excuses the appropriation of Complainant’s mark without Complainant’s consent. Its conduct here is wholly inconsistent with any concept of good faith.
In Facebook, Inc. and Instagram, LLC v. WhoisGuard Protected, WhoisGuard, Inc. / Phishing Operations, Wombat Security Technologies, D2020-3218 (WIPO Jan. 25, 2021), the respondent registered and was using confusingly similar domain names which resolved to a landing page operated by respondent. The landing page informed the visitor about respondent’s services as a security awareness provider and provided a hyperlink to respondent’s commercial website, where respondent offered its services to interested persons. The Facebook panel correctly held that respondent was using the domain names to attract for commercial gain Internet traffic to its commercial website by causing confusion as to the source, sponsorship, endorsement or affiliation of the site. It also, however, addressed respondent’s arguments to the effect that it was providing useful and important services, namely education and training in the field of cyber security. The panel stated that “Respondent may sincerely believe that it has not violated the UDRP here, but the fact remains that Complainant never gave Respondent permission to use its famous trademarks in such a manner as to enhance the number of Internet users arriving at Respondent’s parent’s commercial website, and yet Respondent has done exactly that.” The Policy ¶ 4(b)(iv) factor is not present in the case before the Panel here, but the wrongful appropriation of Complainant’s mark is, and the Facebook panel obviously attached great weight to that factor as well. Respondent may not be using the Domain Name overtly to attract business, but it is using the Domain Name as an important tool in the delivery of services to its customers. Respondent’s registration and use of this confusingly similar Domain Name for commercial gain without Complainant’s permission is, in and of itself, bad faith.
Respondent also argues that while the list of examples of bad faith use and registration set forth in Policy ¶ 4(b) is not exclusive, the nature of those examples effectively requires a respondent’s conduct to relate “to taking advantage of trademark owners for commercial purposes” in order to qualify as bad faith. Respondent thus appears to argue that the conduct must consist of some direct misuse of a domain name that trades upon the reputation or goodwill of the complainant’s mark in some manner similar to the Policy ¶ 4(b) examples or other commonly recognized indicia of bad faith such as passive holding, failure to respond to a complaint, installation of malware, typosquatting, etc. The Panel is not persuaded. Respondent’s wrongful appropriation of Complainant’s mark amounts to “taking advantage of” a trademark owner “for commercial purposes” every bit as much as the conduct described in Policy ¶ 4(b).
Respondent’s wrongful appropriation of Complainant’s mark is not the only basis for a finding of bad faith in this case. Respondent intentionally registered and is using the Domain Name, which fully incorporates the well-known HOME DEPOT mark. As discussed above, however, Respondent has no connection with that mark or its owner, the Complainant. Again, this does not fit precisely within any of the circumstances set forth in Policy ¶ 4(b) but in light of the non-exclusive nature of that paragraph, using a domain name that is confusingly similar to a trademark with which the respondent has no connection is evidence of opportunistic bad faith. Singapore Airlines Ltd. v. European Travel Network, D2000-0641 (WIPO Aug. 29, 2000) (where selection of disputed domain name is so obviously connected to complainant’s well-known trademark, use by someone with no connection with complainant suggests opportunistic bad faith), Google LLC v. Noboru Maruyama / Personal, FA 2001001879162 (Forum Mar. 3, 2020) (“the registration and use of domain name that is confusingly similar to a trademark with which the respondent has no connection has frequently been held to be evidence of bad faith.”).
Finally, it is evident that Respondent had actual knowledge of Complainant and its mark when it registered the Domain Name in October 2020. Respondent does not dispute this, and the nature of its use of the Domain Name proves its prior knowledge. There is no question that it knew of Complainant and its rights in the HOME DEPOT mark when it registered the Domain Name. Registering a confusingly similar domain name with actual knowledge of a complainant’s rights in its mark is evidence of bad faith registration and use under Policy ¶ 4(a)(iii). Univision Comm'cns Inc. v. Norte, FA 1000079 (Forum Aug. 16, 2007) (rejecting the respondent's contention that it did not register the disputed domain name in bad faith since the panel found that the respondent had knowledge of the complainant's rights in the UNIVISION mark when registering the disputed domain name).
For the reasons set forth above, the Panel finds that Respondent registered and is using the Domain Name in bad faith within the meaning of Policy ¶ 4(a)(iii).
Complainant having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <homedepotcustomercenter.com> domain name be TRANSFERRED from Respondent to Complainant.
Charles A. Kuechenmeister, Panelist Chair
Sandra J. Franklin, Panelist
Martin Schwimmer, Panelist
Dated: May 25, 2022
[i] The recipient appears to have been employed by one of Complainant’s customers, which was also a customer of Respondent.
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page