<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1218475606;
mso-list-type:hybrid;
mso-list-template-ids:150641126 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>FWIW, while I’ve actually never before heard the phrase “combosquatting,” WIPO’s newest “Overview” of the UDRP (updated earlier this year) makes clear that such domain names fall within the UDRP’s “confusingly similar” test. The Overview says: “While each case is judged on its own merits, in cases where a domain name incorporates the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in the domain name, the domain name will normally be considered confusingly similar to that mark for purposes of UDRP standing.” That is, inclusion of another word in a domain name that contains a trademark normally means that the domain name is confusingly similar to the trademark (and, therefore, satisfies the first of the UDRP’s three tests).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>This has been going on for so long that I would not have thought it was getting worse, but I look forward to reading the study.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0 style='border-collapse:collapse;border:none'><tr><td width=185 valign=top style='width:139.1pt;border:none;border-top:solid #B95725 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal style='margin-top:12.0pt'><b><span style='font-size:14.0pt'>Douglas M. Isenberg<o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:11.0pt;color:#7F7F7F'>Attorney at Law</span><span style='font-size:11.0pt'><o:p></o:p></span></p></td><td width=234 valign=top style='width:175.5pt;border:none;border-top:solid #B95725 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal align=center style='margin-top:16.0pt;text-align:center'><span style='font-size:11.0pt'><a href="https://giga.law/"><span style='color:windowtext;text-decoration:none'><img border=0 width=200 height=29 style='width:2.0833in;height:.302in' id="Picture_x0020_1" src="cid:image001.png@01D35EF5.6A22CB60"></span></a></span><span style='font-size:11.0pt'><o:p></o:p></span></p></td></tr><tr><td width=185 valign=top style='width:139.1pt;border:none;border-bottom:solid #B95725 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal><span style='font-size:11.0pt;color:#B95725'>Phone:</span><span style='font-size:11.0pt'> <span style='color:#7F7F7F'>1-404-348-0368</span><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#B95725'>Email:</span><span style='font-size:11.0pt'> </span><span style='font-size:11.0pt'><a href="mailto:Doug@Giga.Law"><span style='color:#7F7F7F'>Doug@Giga.Law</span></a></span><span style='font-size:11.0pt'><o:p></o:p></span></p></td><td width=234 valign=top style='width:175.5pt;border:none;border-bottom:solid #B95725 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-size:11.0pt;color:#B95725'>Website<b>:</b> </span><span style='font-size:11.0pt'><a href="https://giga.law/"><span style='color:#7F7F7F'>Giga.Law</span></a></span><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p></td></tr></table><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt'>From:</span></b><span style='font-size:11.0pt'> gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] <b>On Behalf Of </b>icannlists<br><b>Sent:</b> Thursday, November 16, 2017 10:29 AM<br><b>To:</b> gnso-rpm-wg@icann.org<br><b>Subject:</b> [gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><a href="http://www.worldtrademarkreview.com/Blog/detail.aspx?g=cf4bc6c3-272f-4ccd-8555-59c97b932598">http://www.worldtrademarkreview.com/Blog/detail.aspx?g=cf4bc6c3-272f-4ccd-8555-59c97b932598</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>A few quotes from the article for those with less time:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:black;background:white'>“Combosquatting is a type of domain name squatting in which website addresses confusingly similar to well-known brands are deliberately registered, often with a view to committing fraudulent activity. Specifically, it involves the registration of a popular trademark combined with another phrase – for example, ‘brand-shop.com’.”</span><span style='font-size:11.0pt'><o:p></o:p></span></li><li class=MsoListParagraph style='color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:black;background:white'>“Among the striking findings is that there were over 2.7 million combosquatting domains targeting the 268 most popular US trademarks – a prevalence over 100 times greater than typosquatting domains.” </span><span style='font-size:11.0pt'><o:p></o:p></span></li><li class=MsoListParagraph style='color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:black;background:white'>“The problem seems to be getting worse with the number of queries to these domains growing year-on-year, also in contrast with typosquatting sites.”</span><span style='font-size:11.0pt'><o:p></o:p></span></li><li class=MsoListParagraph style='color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:black;background:white'>“This potential to more effectively dupe consumers has serious consequences for both internet users and brand owners. To date, combosquatting domains have been used for phishing, spamming, hacking, and affiliate abuse.”</span><span style='font-size:11.0pt'><o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Here is a link to the Full Study: <a href="http://iisp.gatech.edu/sites/default/files/images/hiding_in_plain_sight-_a_longitudinal_study_of_combosquatting_abuse.pdf">http://iisp.gatech.edu/sites/default/files/images/hiding_in_plain_sight-_a_longitudinal_study_of_combosquatting_abuse.pdf</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'>Here is the Conclusion Section (I’ve taken the liberty of highlighting a few phrases): <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>“In this paper, we study a type of domain squatting termed “combosquatting,” which has yet to be extensively studied by the security community. <span style='background:yellow;mso-highlight:yellow'>By registering domains that include popular trademarks (e.g., paypal-members[.]com), attackers are able to capitalize on a trademark’s recognition to perform social engineering, phishing, affiliate abuse, trademark abuse, and even targeted attacks.</span> We performed the first large-scale, empirical study of combosquatting using 468 billion DNS records from both active and passive DNS datasets, which were collected over an almost six year time period. Lexical analysis of combosquatting domains revealed that, while there is an almost infinite pool of potential combosquatting domains, most instances add only a single token to the original combosquatted domain. Furthermore, the chosen tokens were often specifically targeted to a particular business category. These results can help brands limit the potential search space for combosquatting domains. Additionally, our results show that most combosquatting domains were not remediated for extended periods of times—up to 1,000 days in many cases. Furthermore, many instances of combosquatting abuse were seen active significantly before they were discovered by public blacklists or malware feeds. Consequently, our findings suggests that <span style='background:yellow;mso-highlight:yellow'>current protections do not do a good job at addressing the threat of combosquatting</span>. This is particularly concerning because our results also show that combosquatting is becoming more prevalent year over year. Lastly, we found numerous instances of combosquatting abuse in the real world by crawling 1.3 million combosquatting domains and manually analyzing the results. Based on our findings we discuss the role of different parties in the domain name ecosystem and how each party can help tackle the overall combosquatting problem. <span style='background:yellow;mso-highlight:yellow'>Ultimately, our results suggest that combosquatting is a real and growing threat, and the security community needs to develop better protections to defend against it.”</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m asking <span style='background:fuchsia;mso-highlight:fuchsia'>Staff</span> to enter this study into the record of this WG <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Actual, growing problem identified and verified by external research: Let’s get down to business solving it by enhancing the RPMs to address it in order to protect end users of the Internet. I don’t think we need to wait for the rest of the studies to come back to get underway. It is laid out pretty plainly in the Georgia Tech Study.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Best,<o:p></o:p></p><p class=MsoNormal>Paul<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray'><o:p> </o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray'><hr size=2 width="100%" align=center></span></div><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray'>The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. <o:p></o:p></span></p></div></body></html>