The Uniform Domain Name Dispute Resolution Policy (“UDRP”) was created by the Internet Corporation for Assigned Names and Numbers (“ICANN”) and was introduced in 1999 to create a dispute resolution system for domain name issues.

Registrants of domain names enter into contractual agreements with the issuer of the domain name (the “registrar”). Often, part of the contract stipulates that disputes will be resolved following the UDRP process.

Despite the potential benefits of having a uniform dispute resolution system for domain name issues, domestic courts are not required to adhere to decisions made under UDRP; this has been acknowledged by many Circuit Courts across the United States. Because the UDRP does not take trademark law of the country where the dispute is based into account, decisions made by the UDRP can end up being contradictory to domestic law and domestic courts do not need to adhere to its rulings.

Unfortunately for those that have fallen victim to domain theft, the UDRP is not an appropriate avenue for recourse. Similar to the Anticybersquatting Consumer Protection Act  (“ACPA”) the UDRP is designed to address trademark issues, not theft. The UDRP specifically governs disputes between a registrant and a third party over the registration of a domain name. The elements to be met in proving a case under the UDRP are incredibly similar to what is found within the ACPA, including:

1. The trademark holder must demonstrate that the domain name is “identical or confusingly similar to” the mark
2. The registrant has no rights associated with the domain name, and
3. That the domain name is being used in bad faith.

However, should you incorrectly lose your domain name under the UDRP, the ACPA provides for secondary recourse. Congress has given registrants an affirmative cause of action allowing them to recover domain names that were lost in UDRP proceedings. Under the ACPA, a registrant whose domain name was “suspended, disabled or transferred” can sue for a declaration that their actions were not in violation of the ACPA and request an injunction returning the domain name to them.

This speaks to the fact that Circuit Courts have held that they do not need to pay deference to UDRP decisions, let alone view them as binding.

For more information regarding domain name theft, what you can do if you have been a victim of it, and what the UDRP can do for you in regards to cybersquatting claims, contact Revision Legal’s Internet attorneys, specializing in Cybersquatting or general Internet matters, through the form on this page or call 855-473-8474.

How UDRP Proceedings Work

UDRP proceedings are administered by ICANN-approved dispute resolution providers, primarily the World Intellectual Property Organization (WIPO) and the National Arbitration Forum (NAF). Proceedings are conducted almost entirely in writing—no live hearings, no depositions, no discovery—and are decided by a panel of one or three panelists. The entire process from filing to decision typically takes 45 to 60 days and costs between $1,500 and $4,000 in filing fees, depending on the number of domains and the number of panelists requested.

The UDRP’s three-element test requires the complainant to prove all three of the following by a preponderance of the evidence: (1) the domain name is identical or confusingly similar to a trademark in which the complainant has rights; (2) the registrant has no rights or legitimate interests in the domain name; and (3) the domain name was registered and is being used in bad faith. All three elements must be established for the complaint to succeed.

Why UDRP Fails in Domain Theft Cases

Domain theft—also called domain hijacking—is a fundamentally different problem from cybersquatting. In a cybersquatting case, the registrant is a third party who registered the domain in bad faith. In a domain theft case, you are the rightful registrant, but someone has stolen your domain from you—typically through credential theft, registrar account compromise, or social engineering attacks targeting registrar support staff. The wrongdoer may not even be registered as the domain’s owner; they may simply have transferred it using stolen credentials.

The UDRP is not designed for this scenario. It addresses disputes between a trademark holder and a registrant—not disputes arising from unauthorized transfers within a registrant’s account. If your domain was stolen, the current registrant may claim they “purchased” it or acquired it through a chain of transfers, making the UDRP’s bad-faith analysis complicated. Moreover, UDRP panels have no power to award damages, conduct investigations, or order registrars to reverse unauthorized transfers.

Alternative Remedies for Domain Theft

For true domain theft, more effective remedies exist outside the UDRP:

• Registrar complaint — Most ICANN-accredited registrars have fraud and dispute processes. Filing a detailed fraud complaint, accompanied by documentation of your original registration and proof of unauthorized transfer, is often the fastest path to recovery if acted upon quickly.
• ICANN complaint — If the registrar fails to act, ICANN’s Contractual Compliance department can be contacted for registrar violations of the Registrar Accreditation Agreement.
• Federal court litigation — Courts have jurisdiction to order the return of stolen domains under theories of conversion, computer fraud (the Computer Fraud and Abuse Act, 18 U.S.C. § 1030), and state law claims. Courts can issue temporary restraining orders to lock domain registration records while litigation proceeds.
• Law enforcement referral — Domain theft frequently involves identity theft and computer fraud, both federal crimes. Reporting to the FBI’s Internet Crime Complaint Center (IC3) can trigger investigations that registrars are more likely to cooperate with.

Preventing Domain Theft

Prevention is far less costly than recovery. Domain owners should enable registrar lock (also called domain lock or transfer lock) on all valuable domains, use two-factor authentication on registrar accounts, keep WHOIS contact information current (especially the email address used for transfer authorization), and consider a registrar that offers enhanced security options such as registry locks requiring voice verification before any transfer.

If you have been the victim of domain theft, or if you believe a third party has registered a domain name incorporating your trademark in bad faith, contact the internet attorneys at Revision Legal at 855-473-8474 or complete the contact form on this page. Time is critical in domain recovery—the sooner you act, the greater your chances of success.

UDRP vs. ACPA: Choosing the Right Forum

For trademark owners facing a genuine cybersquatting situation—where a third party has registered a domain name identical or confusingly similar to your mark with bad faith intent to profit—the choice between UDRP and ACPA litigation involves trade-offs. The UDRP is faster and cheaper, but its remedies are limited to transfer or cancellation; it cannot award damages, attorney fees, or punitive relief. ACPA litigation in federal court is slower and more expensive, but it can yield up to $100,000 in statutory damages per domain name, attorney fees in exceptional cases, and court orders enforceable against the registrar with contempt sanctions for non-compliance.

A cybersquatter who has registered multiple domains incorporating your marks—and is using them to extract ransom payments—may warrant the more powerful remedy of ACPA federal litigation rather than UDRP. Conversely, a single domain held by an overseas registrant with no U.S. presence is often best addressed through UDRP, where jurisdiction is not an obstacle. Contact Revision Legal at 855-473-8474 to evaluate which forum best fits your situation.