WIPO Arbitration and Mediation Center



The SANS Institute v. WhoisGuard

Case No. D2007-0426


1. The Parties

The Complainant is The SANS Institute, Bethesda, Maryland, United States of America, represented by Charles D. Hamby, United States of America.

The Respondent is WhoisGuard, Wenchester, California, United States of America.


2. The Domain Name and Registrar

The disputed domain name <sans-security.org> is registered with eNom.


3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on March 19, 2007. On March 21, 2007, the Center transmitted by email to eNom a request for registrar verification in connection with the domain name at issue. On March 21, 2007, eNom transmitted by email to the Center its verification response confirming that the Respondent is listed as the registrant and providing the contact details. The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2(a) and 4(a), the Center formally notified Respondent of the Complaint, and the proceedings commenced on April 3, 2007. In accordance with the Rules, paragraph 5(a), the due date for Response was April 23, 2007. Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on April 30, 2007.

The Center appointed Sandra J. Franklin as the sole panelist in this matter on May 14, 2007. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.


4. Factual Background

Complainant is in the computer security business. Complainant owns the registered trademark SANS and has commercial use dating back to 1998. Complainant’s primary website is at “www.sans.org”.


5. Parties’ Contentions

A. Complainant makes the following assertions:

(1) Respondent’s <sans-security.org> domain name is confusingly similar to Complainant’s SANS mark.

(2) Respondent does not have any rights or legitimate interests in the <sans-security.org> domain name.

(3) Respondent registered and used the <sans-security.org> domain name in bad faith.

B. Respondent did not reply to the Complainant’s contentions.


6. Discussion and Findings

Paragraph 15(a) of the Rules instructs this Panel to “decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable”.

In view of Respondent’s failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant’s undisputed representations pursuant to paragraphs 5(e), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations and inferences set forth in the Complaint as true unless the evidence is clearly contradictory. See Vertical Solutions Mgmt., Inc. v. webnet-marketing, inc., FA 95095 (Nat. Arb. Forum July 31, 2000) (holding that the respondent’s failure to respond allows all reasonable inferences of fact in the allegations of the complaint to be deemed true); see also Talk City, Inc. v. Michael Robertson, WIPO Case No. D2000-0009 (“In the absence of a response, it is appropriate to accept as true all allegations of the Complaint.”)

Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:

(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and

(2) Respondent has no rights or legitimate interests in respect of the domain name; and

(3) the domain name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

Complainant has established rights in the SANS mark through registration with the USPTO. The Panel finds that the requirement of establishing rights in a mark pursuant to Policy Paragraph 4(a)(i) has been satisfied. See Vivendi Universal Games v. XBNetVentures Inc., FA 198803 (Nat. Arb. Forum Nov. 11, 2003) (“Complainant’s federal trademark registrations establish Complainant’s rights in the BLIZZARD mark.”); see also Janus International Holding Co. v. Scott Rademacher, WIPO Case No. D2002-0201 (“Panel decisions have held that registration of a mark is prima facie evidence of validity, which creates a rebuttable presumption that the mark is inherently distinctive.”).

Respondent’s <sans-security.org> domain name is confusingly similar to Complainant’s SANS mark. The disputed domain name includes Complainant’s mark in its entirety with the addition of the term “security”. The term “security” is descriptive of Complainant’s business. The Panel finds that the disputed domain name is not distinct and is confusingly similar to Complainant’s mark pursuant to Policy Paragraph 4(a)(i). See Oki Data Americas, Inc. v. ASD, Inc., WIPO Case No. D2001-0903 (“[T]he fact that a domain name wholly incorporates a Complainant’s registered mark is sufficient to establish identity [sic] or confusing similarity for purposes of the Policy despite the addition of other words to such marks.”); see also Brambles Indus. Ltd. v. Geelong Car Co. Pty. Ltd., trading as Geelong City Motors, WIPO Case No. D2000-1153 (finding that the domain name <bramblesequipment.com> is confusingly similar because the combination of the two words “brambles” and “equipment” in the domain name implies that there is an association with the complainant’s business).

The Panel finds that Policy Paragraph 4(a)(i) has been satisfied.

B. Rights or Legitimate Interests

Complainant alleges that Respondent lacks rights or legitimate interests in the <sans-security.org> domain name. Complainant’s allegation establishes a prima facie case, shifting the burden to Respondent to prove that it does have rights or legitimate interests in the disputed domain names pursuant to Policy Paragraph 4(a)(ii). Respondent has not submitted a Response in this proceeding, thus depriving the Panel of evidence or arguments in support of Respondent’s position. The Panel interprets Respondent’s failure to respond as evidence that Respondent does not have rights or legitimate interests in the disputed domain names. See G.D. Searle v. Martin Mktg., FA 118277 (Nat. Arb. Forum Oct. 1, 2002) (“Because Complainant’s Submission constitutes a prima facie case under the Policy, the burden effectively shifts to Respondent. Respondent’s failure to respond means that Respondent has not presented any circumstances that would promote its rights or legitimate interests in the subject domain name under Policy Paragraph 4(a)(ii).”); see also Bank of Am. Corp. v. McCall, FA 135012 (Nat. Arb. Forum December 31, 2002) (“Respondent’s failure to respond not only results in its failure to meet its burden, but also will be viewed as evidence itself that Respondent lacks rights and legitimate interests in the disputed domain name.”)

Respondent used the <sans-security.org> domain name to launch a worm which, upon inspection, contained crude statements directed toward individuals associated with Complainant, along with the statement “I really don’t have anything against you, just piss off alright?” This could cause harm to Internet users, and could not even be called a bona fide criticism. The Panel finds that this does not constitute legitimate noncommercial or fair use as contemplated by Policy Paragraph 4(c)(iii). Even if Respondent did have a legitimate criticism, he would not be entitled to highjack Complainant’s trademark. See Triodos Bank NV v. Ashley Dobbs, WIPO Case No. D2002-0776, where the Panel found that, though Respondent may have a genuine grievance, he is not entitled to represent that he is the Complainant.

Further, there is no evidence to suggest that Respondent is commonly known by the <sans-security.org> domain name. Respondent offered no proof and no evidence into the record suggesting that Respondent is known by the disputed domain name or that Respondent acquired rights to or interests in the disputed domain name. The Panel finds that Respondent has failed to establish rights or legitimate interests in the disputed domain name pursuant to Policy Paragraph 4(c)(ii). See Compagnie de Saint Gobain v. Com-Union Corp., WIPO Case No. D2000-0020 (finding no rights or legitimate interest where the respondent was not commonly known by the mark and never applied for a license or permission from the complainant to use the trademarked name).

The Panel finds that Policy Paragraph 4(a)(ii) has been satisfied.

C. Registered and Used in Bad Faith

Respondent’s <sans-security.org> domain name is confusingly similar to Complainant’s SANS mark, and individuals seeking Complainant’s goods or services on the web may be misdirected to Respondent’s website, disrupting Complainant’s business. The Panel finds that such use is evidence of bad faith registration and use. See EthnicGrocer.com, Inc. v. Unlimited Latin Flavors, Inc., FA 94385 (Nat. Arb. Forum July 7, 2000) finding that the minor degree of variation from Complainant’s marks suggests that Respondent registered the names primarily for the purpose of disrupting Complainant’s business.

Respondent clearly intends to cause harm to Complainant’s business and customers by launching a worm through the disputed domain name, further evidence of bad faith. See Triodos Bank NV v. Ashley Dobbs, WIPO Case No. D2002-0776, which states: “In short, what the Respondent has done is to select for the Domain Name a name which is not its own, which it knew at the time of registration to be the name and trademark of the Complainant and which it proposed at the time of registration to use in a campaign against the Complainant to cause the Complainant disruption and damage. The Domain Name would be particularly useful for that purpose because it would catch by surprise visitors intending to reach the Complainant’s website”. This case also shows intentional misappropriation of a trademark and is a clear demonstration of bad faith.

The Panel finds that Policy Paragraph 4(a)(iii) has been satisfied.


7. Decision

For all the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the domain name <sans-security.org> be transferred to the Complainant.

Sandra J. Franklin
Sole Panelist

Dated: May 19, 2007