It is an interesting proposition that certain conduct unrebutted be regarded as a per se violation of the UDRP; the very fact of the respondent having committed a certain act—hijacking a domain name is one, or threatening to point a domain name to adult content is another candidate (Gryphon Internet, LLC v. thank you corp. / Jon Shakur, FA 1405610 (NAF Oct. 11, 2011), or even identity theft—should be enough to fulfill the requirements of the Policy.
In John Dilks v. Privacy Administrator / Anonymize, Inc., FA1506001623023 (Forum July 10, 2015) (<eht.com>) the Panel expressed this very thought:
Frankly, this Panel has never seen this set of facts before. Respondent’s hijacking of a domain name in this manner should constitute per se bad faith registration and use of the domain name, even if the nameservers remain the same. The Panel cannot conceive how such actions would ever constitute anything but bad faith. Domain name owners should be vigilant to avoid such hijackings in the future.
In one sense, a per se violation rubs against the grain because it is also gospel that “[t]he essence of the complaint is an allegation of bad faith, bad faith targeted at complainant.” For this, “[k]nowledge is important since without knowledge . . . it will be difficult to show that a respondent has the necessary intent for bad faith.” Aubert International SAS and Aubert France SA v. Tucows.com Co., D2008-1986 (WIPO March 17, 2009).
Support for a per se finding rests the irrelevancy of having to prove knowledge when dealing with thefts and threats; this is so for a simple reason: it makes no difference whether respondent has any knowledge of the domain name it steals or threatens. The wrinkle of course, which is illustrated in Dilks, is that the thief is no longer in the picture (or, it may not be) and someone else is the current registrant. The Panel deals with this problem also:
The Respondent cannot have legitimate interests in a domain name acquired by theft, nor can the Respondent claim that its use of the domain name to continue to resolve to the Complainant's website operates to confer any sort of right or interest to the Respondent. . . . [I]t is manifestly clear in the manner that the domain name has been registered and used that it has been done so in bad faith, for the purpose of delaying notice of the theft of the domain name in the hope of fobbing off a valuable three-letter name to a naive purchaser at some future time.
But, even if there had been a “fobbing off” to a “naive purchaser” that purchaser (even if it had paid valuable consideration) would have no better right to the domain name than the thief. We have to reach back into the database for cases, but they can be found in a slightly different context where, for example, a not-so “naive purchaser” was the high bidder in an auction for a domain name identical to a registered mark.
Although not a highjacking (more of a theft variant) in HSBC Finance Corporation v. Clear Blue Sky Inc. and Domain Manager, D2007-0062 (WIPO June 4, 2007) the predecessor holder had been using <creditkeeper.com> (a well-known trademark in the finance industry) in bad faith although there was no bad faith in registering it; the successor-Respondent (a purchaser but not naive) continued the same use. Neither the fact that Respondent’s predecessor registered the domain name in good faith, nor that Respondent paid $48,000 for the domain name was proof of any right or legitimate interest; nor do these facts shield respondents from having to defend against the ultimate question of conjunctive bad faith.
In those cases in which complainant loses to a thief we find that complainant is unable to prove any trademark right. Although clearly victimized, there is no remedy under UDRP; or for that matter under the ACPA. An example of irremediable loss is Lawrence Gurreri v. To Thai Ninh, FA100600 1328554 (Nat. Arb. Forum July 12, 2010). In these situation the victim’s remedy must be found in the jurisdiction in which the thief can be called to account.
For certain indefensible conduct, certainly in the areas I mentioned, there is good reason on a satisfactory narrative and proof to find bad faith without demanding every “i” dotted and “t” crossed, which is as close to making theft (and other comparable conduct) per se violations of the UDRP.