WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Meta Platforms, Inc. v. Seslhen Popa

Case No. D2021-4159

1. The Parties

The Complainant is Meta Platforms, Inc., United States of America (“United States”), represented by Tucker Ellis, LLP, United States.

The Respondent is Seslhen Popa, Philippines.

2. The Domain Name and Registrar

The disputed domain name <securitymail-facebook.com> (“the Domain Name”) is registered with GoDaddy.com, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on December 10, 2021. On December 13, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On December 14, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name, which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on December 15, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on December 20, 2021.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on December 21, 2021. In accordance with the Rules, paragraph 5, the due date for Response was January 10, 2022.

The Respondent sent an informal email communication on December 29, 2021. The Center sent a “possible settlement” email to the Parties the same day, but the Complainant did not request to have the proceeding suspended for settlement discussions.

The Respondent did not file any other response to the Amended Complaint, and on January 13, 2022, the Center informed the Parties of the commencement of the Panel Appointment Process.

The Center appointed Warwick Smith as the sole panelist in this matter on January 24, 2022. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant operates the Facebook social networking website and mobile application. According to the amended Complaint, Facebook now has more than one billion daily active accounts, and over two billion monthly active users around the world. And according to the information company Alexa, the Complainant’s website at “www.facebook.com” is the seventh most visited website in the world. The Complainant says that approximately 85 per cent of daily active Facebook users are outside the United States and Canada

Facebook’s networking services are also available on mobile phones, via the Facebook App. In recent years, the Complainant claims that App has become one of the top Apps in the market.

The Complainant’s products include a number of security features, and it owns the domain name <facebook‑security.com> which redirects to a page on the Complainant’s principal website at “www.facebook.com”, where advice is provided to Internet users on such matters as how to protect their information both on and off the Facebook social media platform. In addition, the Complainant owns the domain name <facebookmail.com>, which it uses to send email notifications to Facebook users.

The Complainant also owns and operates numerous other domain names consisting of the expression “facebook” and a variety of generic and country code top- level domain extensions (for example, <facebook.org> and <facebook.net>).

The Complainant has owned and used the FACEBOOK mark for over seventeen years, and the mark has since been extensively and continuously used in the United States and around the world. The FACEBOOK mark is currently ranked fifteenth in Interbrand’s current “Best Global Brands” report.

The Complainant holds numerous registrations for the FACEBOOK mark, in the United States and in many other jurisdictions. It is not necessary for the purposes of this decision to refer to more than two of those registrations, being registration No. 3,122,052 in the United States (registered on July 25, 2006 in international classes 35 and 38), and registration number 6832931 in the Philippines (where the Respondent appears to reside) – registered on April 14, 2012, 2008 in international class 35.

The Domain Name was registered on December 13, 2020. It has since resolved to a parking page containing sponsored pay-per-click (“PPC”) links. When the Panel visited the website at the Domain Name on February 1, 2022, the website was still “parked free, courtesy of [the Registrar]”. There were a number of sponsored links, grouped under a variety of headings, including “Email Security”, “Xdr Cybersecurity”, Mcafee Antivirus Home”, and “Compare Password Managers”.

In the Respondent’s informal communication to the Center on December 29, 2021, the Respondent stated that the Domain Name was registered for personal use only.

5. Parties’ Contentions

A. Complainant

The Domain Name is confusingly similar to the FACEBOOK mark, in which the Complainant has rights. The Domain Name incorporates the FACEBOOK mark in full, with the only additions being the terms “security” and “mail”, together with a hyphen and the generic Top-Level Domain (“gTLD”) “.com” suffix. None of those additional terms removes the confusion likely to arise from the incorporation of the FACEBOOK mark in the Domain Name.

The Respondent has no rights or legitimate interests in respect of the Domain Name. The Complainant has not authorized or licensed the Respondent to use its FACEBOOK mark, and the Respondent has no legal relationship with the Complainant that would entitle the Respondent to use the mark. There is nothing in the WhoIs data, on the website the Domain Name resolves to, or elsewhere, to suggest that the Respondent might be commonly known by the Domain Name. The Domain Name has not been used in connection with any bona fide offering of goods or services.

The Respondent has no rights or legitimate interests in respect of the Domain Name by virtue of any legitimate noncommercial or fair use of the Domain Name. A respondent’s use of a disputed domain name in connection with a parked webpage displaying PPC links, where the disputed domain name consists of the complainant’s well-known mark with an additional term, cannot constitute fair use, as it carries a risk of implied affiliation and effectively impersonates or suggests sponsorship or endorsement by the complainant.

The Respondent has been using the Domain Name to host a commercial parking page featuring sponsored PPC links to third party websites, and it is well established by previous UDRP panels that use of a domain name that is confusingly similar to a complainant’s mark for that purpose constitutes bad faith under the Policy1 . A respondent cannot disclaim responsibility for content on the website to which a disputed domain name resolves, and neither the fact that the sponsored links may have been generated by a third party (including the registrar), nor the fact that the respondent itself might not have directly profited, would prevent a finding of bad faith.2

More generally, it is settled that the registration of a confusingly similar domain name that is obviously connected with a particular trademark owner by someone with no connection with that trademark owner, suggests bad faith 3 . That is the position in this case, where the Respondent has no connection with the Complainant, and the Domain Name is obviously connected to the Complainant and the well-publicized services and mobile application it offers under the FACEBOOK mark. The use of the additional terms “security” and “mail” in the Domain Name is also suggestive of bad faith on the Respondent’s part, having regard to the Complainant’s ownership and use of the domain names <facebook-security.com> and <facebookmail.com>, both of which are confusingly similar to the Domain Name.

While the Domain Name presently resolves to a parking page, it could in future be pointed to a webpage with content similar to that contained on the Complainants webpages at the domain names

<facebook-security.com> and <facebookmail.com>, thus presenting a potential security threat to the Complainant’s users.

The website at which the Domain Name resolves to, is already on a blacklist, for prior use in relation to spam, malware, or other bad conduct. That is a circumstance which also supports a finding of bad faith registration and use.

There is no conceivable use of the Domain Name by the Respondent that could be legitimate, and in those circumstances the Respondent’s failure to make any active use of the Domain Name is sufficient on its own to constitute bad faith registration and use under the Policy.

B. Respondent

While the Respondent did not file any formal Response, the following explanation for the registration of the Domain Name was offered by the Respondent in the email sent to the Center on December 29, 2021:

“Just read all your emails because this is not an active email address. I did not renew this domain and also I just created this for personal use only, because my social media are always prone to hack every time I use Yahoo or Gmail. I am now contacting GoDaddy Support to delete this domain since I cannot delete myself and need to contact them first.

Thank you for your consideration and understanding. I don’t mean any harm. Just tried GoDaddy service for the first time.

Thanks”

6. Discussion and Findings

Under paragraph 4(a) of the Policy, a complainant is required to establish each of the following –

(i) the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights;

(ii) the respondent has no rights or legitimate interests in respect of the domain name; and

iii) the domain name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

The Complainant is the registered proprietor of the FACEBOOK mark, in numerous jurisdictions. Those registrations sufficiently establish that it has rights in the mark for the purposes of paragraph 4(a)(i) of the Policy.

On the issue of identity or confusing similarity, the “.com” suffix is not taken into account in the comparison required by paragraph 4(a)(i) of the Policy.4 The only issue to be decided under paragraph 4(a)(i) is whether the “securitymail-facebook” part of the Domain Name is confusingly similar to the Complainant’s FACEBOOK mark.

The FACEBOOK mark is incorporated in full within the Domain Name, with only the addition of dictionary words and a hyphen. Such cases are referred to as follows in WIPO Overview 3.0:5

“Where the relevant trade mark is recognizable within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) would not prevent a finding of confusing similarity under the first element. The nature of such additional term(s) may however bear on assessment of the second and third elements.”

In this case, the FACEBOOK mark is clearly recognizable within the Domain Name, and the added words “security” and “mail” do not prevent a finding of confusing similarity. See section 1.8 of the WIPO Overview 3.0. Similarly, the use of a hyphen in the Domain Name does nothing to remove the confusing similarity arising from the use of the FACEBOOK mark (the presence or absence of punctuation marks such as hyphens cannot on their own avoid a finding of confusing similarity: Facebook Inc. v Ramunas Jonikas, WIPO Case No. D2018-1045).

For the foregoing reasons, the Complainant has proved its case under paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

Paragraph 4(c) of the Policy set out a number of circumstances which, without limitation, may be effective for a respondent to demonstrate that it has rights to, or legitimate interests in, a domain name for the purposes of paragraph 4(a)(ii) of the Policy. The circumstances are –;

(i) before any notice to [the respondent] of the dispute, use by [the respondent] of, or demonstrable preparations to use, the disputed domain name or a name corresponding to the disputed domain name in connection with a bona fide offering of goods or services; or

(ii) where [the respondent] (as an individual business or other organization) [has] been commonly known by the disputed domain name, even if [the respondent has] acquired no trademark or service mark rights; or

(iii) where [the respondent is] making a legitimate noncommercial or fair use of the disputed domain name, without intent for commercial gain to misleadingly direct consumers or to tarnish the trade mark or service mark at issue.

WIPO Overview 3.0 states the following on the burden of proof under paragraph 4(a)(ii) of the Policy:6

“While the overall burden of proof in UDRP proceedings is on the Complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the often impossible task of “proving a negative”, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name. If the respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element.”

In this case, there is nothing to suggest that the Respondent (or any entity associated with the Respondent) has been commonly known by the Domain Name, and the Complainant has not licensed or authorized the Respondent to use its FACEBOOK mark, whether in a domain name or otherwise. There appear to be no possible rights or legitimate interests in the Domain Name under paragraph 4(c)(ii) of the Policy.

The Respondent has not suggested that the Domain Name is or was intended to be used in connection with any bona fide offering of goods or services within the meaning of paragraph 4(c)(i) of the Policy, and there is no evidence that it has been used for that purpose. Nor is there any evidence to support a right or legitimate interests under the legitimate noncommercial or fair use provisions of paragraph 4(c)(iii) of the Policy.

The sponsored links on the website at the Domain Name, show that the website has not been put to a noncommercial use, and the deliberate, unauthorized use of a trade mark owner’s mark in a disputed domain name for commercial gain7 could not, at least in normal circumstances, amount to a fair, or legitimate, use of the Domain Name.

For those reasons the Panel is satisfied that the Complainant has made out a prima facie case under paragraph 4(a)(ii) of the Policy, sufficient to move to the Respondent the onus of showing that the Respondent has some right or legitimate interests in respect of the Domain Name.

The explanation for his choice and use of the Domain Name given by the Respondent in his December 29, 2021, email to the Center, fails to discharge that onus. Even if the Respondent were having difficulties with hacking as claimed (and there is no sufficient proof of that), there would have been nothing fair, or legitimate, in the Respondent using the Complainant’s famous mark in a domain name, without the Complainant’s consent, in circumstances where such registration and use would inevitably mislead Internet users into believing that the Domain Name was owned by or associated with the Complainant.

No other claim to a right or legitimate interest in the Domain Name having been put forward, the Complainant has made out its case under paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

Under paragraph 4(b) of the Policy, the following circumstances, without limitation, are deemed (if found by the Panel to be present) to be evidence of the registration and use of a domain name in bad faith;

(i) circumstances indicating that the holder has registered or has acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trade mark or service mark or to a competitor of that complainant, for valuable consideration in excess of the holder’s documented out-of-pocket costs directly related to the domain name; or,

(ii) the holder has registered the domain name in order to prevent the owner of the trade mark or service mark from reflecting the mark in a corresponding domain name, provided that the holder has engaged in a pattern of such conduct; or,

(iii) the holder has registered the domain name primarily for the purpose of disrupting the business of a competitor; or,

(iv) by using the domain name, the holder has intentionally attempted to attract, for commercial gain, Internet users to the holder’s website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation or endorsement of the holder’s website or location or of a product or service on the holder’s website or location.

The Complainant has also proved this element of the Amended Complaint.

The Panel accepts the Complainant’s submission that it is difficult to conceive of any legitimate basis for someone to register and use a domain name incorporating the FACEBOOK mark, which is famous around the world, without the Complainant’s license or authority. The mark is clearly recognizable within the Domain Name, and anyone seeing the Domain Name would immediately assume that it was owned by or connected with the Complainant, and that any website at the Domain Name would also be owned by or connected in some way with the Complainant.

The Panel rejects the explanation put forward by the Respondent in the email of December 29, 2021. That email made little sense, at least without further explanation and supporting evidence, neither of which was provided. The only evidence available is the evidence of how the Domain Name has in fact been used, and there is nothing in that use to support the Respondent’s contention that the Domain Name was registered to somehow address a hacking problem with the Respondent’s social media accounts.

The Panel is satisfied that the circumstances fall squarely within paragraph 4(b)(iv) of the Policy. By using the Domain Name, the Respondent has intentionally attempted to attract, for commercial gain, Internet users to the Respondent’s website at the Domain Name, by creating a likelihood of confusion with the Complainant’s FACEBOOK mark, as to the source, sponsorship, affiliation, or endorsement of the website the Domain Name.

That finding is sufficient to dispose of the case in the Complainant’s favor, and there will be an order for transfer accordingly.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name, <securitymail-facebook.com>, be transferred to the Complainant.

Warwick Smith
Sole Panelist
Date: February 2, 2022


1 Facebook, Inc. v Online Admin, DotBadger Domains, WIPO Case No. D2021-1210, and Facebook, Inc. v Yumei Luo, WIPO Case No. D2020-2306.

2 Facebook, Inc v Haythem Chihi, WIPO Case No. D2021-1930.

3 Motorola Solutions, Inc v Harsh Patel, technotek, WIPO Case No. D2020-0997 (where a “[…] disputed domain name is so obviously connected with the Complainant that its very selection by the Respondent, which has no connection with the Complainant, suggests the disputed domain name was acquired with a deliberate intent to create an impression of an association with the Complainant.”).

4 The WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”) notes at section 1.11 that the gTLD is a standard registration requirement, and as such is disregarded when applying the confusing similarity test under paragraph 4 (a)(i) of the Policy.

5 WIPO Overview 3.0, section 1.8.

6 WIPO Overview 3.0, at section 2.1.

7 In this case, the commercial gain might have been derived by the Registrar, but that does not affect the analysis under paragraph 4(c)(iii). The use of the Domain Name has not been noncommercial, and it does not matter that the Respondent might not have profited personally from the sponsored links (Facebook Inc. v. Haythem Chihi, supra).