Got Your Domain Sniped? Complaining To The Registrar Can Go A Long Way!

Domain Sniping Cat

Earlier this week, I ran into an extremely annoying and even potentially dangerous situation involving my domain name, thomasgr.im. Here’s an account of how I lost it, what I did as a response and the outcome of it all with some free advice on how to maximise your chances of getting a domain back.

1. The Story
2. How To Write A Formal DRP Complaint

How I Lost My Primary Domain

TL;DR: Inactive autorenewal & some bad luck.

Basically, my manual renewal order wasn’t executed properly because of an error from my bank, I was out skiing at the time so I didn’t find out before it was too late, and when I finally got back to business I found the domain parked, its WHOIS changed and my associated custom email addresses unreachable. Now for most TLDs, this shouldn’t happen —even if you don’t have activated autorenewal which is dumb in itself— because there is what’s called a grace period. Basically, during about 5 days after it expired, you can still renew your domain at a premium before it goes back to public domain. Alas for me, my custom domain is in .im, the country code for the Isle of Man, a TLD that doesn’t have a redemption period; don’t renew it, you lose it for good.

This was very bad, because not only were my Web properties hosted at thomasgr.im down, the guy could now impersonate me through my email addresses, reset passwords to them from most of my accounts on websites such as Facebook/Reddit/Twitter/Google, etc. And of course they could receive any email sent to these adresses and reply to them impersonating me.

My first action was therefore to change every single one of my accounts’ email address on social networks and the like, hoping the other guys hadn’t yet checked the new, promising domains their robots had just sniped for them and hadn’t done the exact same thing before me. That would had been disastrous, yet fortunately it didn’t happen.

How I Got It Back

Looking frantically for actions I could take to recover my domain while limiting the costs, I stumbled upon the registrar’s Dispute Resolution Procedure. This is a process you can follow to claim ownership of a domain that is not yours (anymore) on the basis that you claim (and hopefully can show) you have rights to it. Exactly what I needed!

The procedure is free to apply for (although if a party wants to appeal of the decision, it costs them 500€ to do so). The only issue is that it takes time: 15 days waiting for the other party to respond to your complaint, then the registrar makes its decision clear and may do nothing, force the domain to be released or even transfer it back to its rightful owner if they want to.

Anyway, here is an excerpt of the formal complaint I emailed to the .IM registrar, edited a bit for privacy reasons. You are most invited to use it as a source of inspiration for your complaint, just be aware that this follows the guidelines for .IM domains so you might want to check the DRP guidelines for your domain’s own TLD before copy/pasting this text.

Hello,

My name is Thomas GRIM; I am a French student currently living in █████. I am writing to you today as per your Dispute Resolution Procedure (IM DRP), regarding the ownership of a domain name which used to be mine: ThomasGR.IM.

This domain, which is linked to me in a very specific way (domain hack on my full name), had never been registered until January 1st, 2010. On that specific day, I registered it personally and I have renewed it each and every year since, through 2010 to 2013, using the services of the French company Gandi. I have been considering this domain as the only “guaranteed fixed point” I would have on the Internet as a person, which is why I have used it quite extensively, to host my website, résumé, weblogs, portfolio, documents, etc. as well as my own email addresses (█████@thomasgr.im, █████@thomasgr.im). I have been using those email addresses on a daily basis since the domain creation, receiving hundreds of emails from all sorts of people and robots over time, and specifying them as contact points on all sorts of documents including schools, banks, insurances, governmental institutions and other service providers.

 

Following a technical issue between my registrar Gandi, their payment processor and my bank, this year’s renewal order was not executed properly, leading to the domain being released for a short period of time. I was away at the moment, and alas for me someone else grabbed the domain before I could buy it back. As a result, according to the WHOIS record, the domain is now owned by the following entity :

███████ LTD,
███████████████,
███████████████,
█████, █████
United Kingdom

 

I am writing to you because it is my conviction that this registration was abusive. For a variety of reasons including the fact that the domain name is meaningless in all languages should you not be called “Thomas GRIM”, I can only imagine that this registration was executed so as to extort money from me, and/or to impersonate me through my email addresses towards friends and family, and/or to attempt to make Web services reset my passwords to these email addresses. Here are a few points made from your IM DRP document, which are to me a case against the current owner of ThomasGR.IM. It might be that there are other points to be made from your IM DRP document; as I am but a student, I don’t necessarily know which ones might or might not be applicable.

3.A.i Circumstances indicating that the Respondent has registered or otherwise acquired the Domain Name primarily:

“a. for the purposes of selling, renting or otherwise transferring the Domain Name to the Complainant or to a competitor of the Complainant, for valuable consideration in excess of the Respondent’s documented out-of-pocket costs directly associated with acquiring or using the Domain Name”

This is clearly the case: as you can see on the following screenshots taken today, the domain has been parked) and is for sale at Sedo’s for a price of 400GBP (481EUR).

“b. as a blocking registration against a name or mark in which the Complainant has Rights;”

This is clearly the case: I am de facto blocked from continuing to use my email addresses and host my web properties at this URL. A look at the archive.org record, the Google index or my Google Analytics account (I can provide you with a screenshot if need be) makes it clear that I was indeed operating this Web property up until its expiration date.

“3.A.ii. Circumstances indicating that the Respondent is using the Domain Name in a way which has confused people or businesses into believing that the Domain Name is registered to, operated or authorised by, or otherwise connected with the Complainant;”

This is also the case: I have sent and received hundreds of emails since 2010 using addresses hosted at thomasgr.im, most notably █████@thomasgr.im and █████@thomasgr.im. If need be, I can provide you with listings of emails sent from and received at the █████@ and █████@ addresses since 2010 that have not been deleted for a reason or another. As a result:

  • most if not all of my contacts of the past 3 years would naturally believe they would be communicating with me should they send emails to these addresses. As a matter of fact, I know that some of my friends have sent me emails since the change in ownership which they were surprised to find unanswered. One can only imagine how easy it would and will be for the new owner to simply reply to such emails while impersonating me… I shall inquire amongst my contacts and provide evidence of such conversations should it prove to be happening;
  • continuing on the previous line of thoughts, it is also incredibly easy for the new owner to impersonate me by asking popular websites and webservices to automatically send/reset my password by sending “me” an email at those addresses. This can prove to be very dangerous to me and my friends should one or more accounts of mine be hacked as a result of this.

“3.A.iii The Complainant can demonstrate that the Respondent is engaged in a pattern of registrations where the Respondent is the registrant of domain names (under .im or otherwise) which correspond to known names or trade marks in which the Respondent has no apparent rights, and the Domain Name is part of that pattern;”

This might very well be the case. Indeed, while I certainly cannot prove it at this time, the Respondent has had at least one account on sedo.com since 2006, and while I cannot view his/her previous transactions, it might very well be a list of similar cases of registering a just-expired domain on a TLD that does not have a grace period then selling it back to its original owner at a premium. If you have ways of acquiring such information, or if you know of procedures I could follow to acquire such information, kindly help me on this regard.

Several websites list a Mr ██████████ (+44.7█████████) as the person in charge or acting on behalf of ██████████. The same websites name this person as the owner of dozens of domains, several of which are currently listed for sale on domain trading platforms like Sedo at a high premium. There might therefore be a pattern here as well.

 

I humbly ask you to review this complaint, hoping that you will conclude that the latter registration was abusive, that I am in my right and that this domain shall be transferred back to me. Please do keep in mind that I am at a quite high risk of identity impersonation as long as I don’t own the email addresses (i.e. the domain name) in question. You are most invited to contact me directly for any further information you would need regarding this case, either by email, by phone or at the following postal address:

Mr Thomas GRIM,
███████████████,
███████████████,
█████ █████
FRANCE

 

Being the Complainant in this case, I will humbly submit to the exclusive jurisdiction of the Isle of Man courts with respect to any legal proceedings seeking to reverse the effect of a decision requiring the suspension, cancellation, transfer or other amendment to a Domain Name registration, and I agree that any such legal proceedings will be governed by Manx law.

No legal proceedings have been commenced or terminated in connection with the Domain Name which is the subject of the complaint.

I agree that my claims and remedies concerning the registration of the Domain Name, the dispute, or the dispute’s resolution shall be solely against the Respondent and that neither you nor your directors, officers, employees or servants nor any Designated Official shall be liable for anything done or omitted in connection with any proceedings under the Dispute Resolution Service.

The information contained in this complaint is to the best of my knowledge true and complete, this complaint is not being presented in bad faith, and the matters stated in this complaint comply with the Procedure and applicable law.

I agree if the Designated Official orders a transfer of the Domain Name(s) to be bound by your Terms and Conditions for the Registration of Domain Names, and in particular the provisions relating to your processing of personal data.

 

Faithfully,
Thomas GRIM – ██████████@gmail.com – +336████████

The registrar accused reception of this email less than half an hour after my sending it to them. That done, I was fairly sure I would have to wait for 15 days for the current owner to respond (or not), then the real dispute resolution would begin as we would battle over “my” domain. Well, you know what? Next morning, the domain had been released and I was able to buy it back on Gandi, at its usual renewal price =) Minutes later I had updated the domain’s DNS records to remove the parking stuff and point it back to my host; in less than 3 hours due to the TTL, everything was back to normal!

I don’t know whether the other guys got frightened upon receiving the formal complaint from the .IM admins through their own registrar and relinquished the domain, or their registrar directly took it back from them because they had had similar complaints about those guys, or their registrar found my case strong enough not to be bothered further… either way, as you can imagine, I don’t really care as long as I got my domain back!

How To Structure Your Formal Complaint To Maximise Your Chances Of Getting Your Property Back

Obviously what follows is but my experience of writing a formal complaint. I’m no lawyer and I most probably got lucky with how this story unfolded. Nonetheless, if you find yourself in a similar situation, including the following elements in your email might help!

One-sentence Presentation Of Who You Are
Name, occupation, current location. No need for fancy stuff here, the guys at the registrar probably have much better things to do than read your resume. Nonetheless, in spite of all the hurry you are in, it is important not to forget such a simple thing as presenting yourself to the person you are writing to.
Some Context Around The Domain In Question
Here you can explain in about a paragraph what makes the domain special to you and how you have been using it up until you lost it to the other party.
What Happened For You To Lose It To The Other Party
Describe precisely how the domain’s ownership got relinquished and how someone grabbed it before you got it back. If you can demonstrate the domain was sniped through some dedicated tools like robots or a third-party company specializing in that sort of thing, it might help your case as those are generally considered bad, unethical practices by registrars.
The Bulk Of Your Case For The Ownership Of The Domain

This is the core of your complaint: the list of arguments and details you think make it clear that the domain’s ownership should be yours instead of the other party’s. I think the most sensible thing to do is probably to quote the rules themselves, each time showing evidence that there has been some abuse from the other side.

In my case, I used the fact that the other guy parked it immediately at a high premium, in what looked pretty much like blackmail (I would have had to pay 481€ to get it back, whereas it usually costs less than 20€ per year). I also mentioned other circumstencial evidence throughout my complaint, such as the fact that the domain doesn’t mean anything to anyone other than “Thomas GRIM”, that nobody had ever registered it before I did in 2010, that the guy had been speculating on domain names for years on Sedo, so on so forth.

Thanking The Guys For Having Read Your Complaint So Far
Again, it is easy to forget basic things like that when you are under some sort of pressure. Nonetheless, I find it most important.
The Necessary Legal Stuff —Don’t Forget These Lines Or It Will Void Your Complaint!
Whatever the TLD you are complaining about, its registrar most probably has a bunch of legalese it wants you to include in your complaint, so as to ensure you won’t sue them and will abide by their decisions. Just copy/paste their stuff in here if you don’t find their clauses abusive (that would take the biscuit!).

Beware that if you do not include these terms in your mail, the complaint is considered void by the recipient and they will ask you to correct it, which has the unfortunate effect of wasting your time as well as theirs.

Well, that’s about it! If you have found yourself in such a situation, I’d love to read about how you managed it and what happened next =)

Leave a Reply