The quintessence of typosquatting is syntactical variation: adding, omitting, replacing, substituting, and transposing words and letters. Recent examples include <citizens1loans> (numeral for word), <shiippco.com> (double vowels), <airfrances.com> (pluralizing/possessive), and (reversing letters), and <amazøn.com> (look carefully at the letter following “z”). Since these minor variations are mostly indefensible, respondents rarely respond to complaints, although as I will explain in a moment there can also be innocent and good faith syntactical variations which are not typosquatting. It follows that if there are defenses, respondents should prudently respond and explain their choices because default generally favors complainants. It is not out of the realm of possibility, for example, that singularizing or pluralizing dictionary words or common phrases creates names that could be used by others with distinctive noninfringing associations.</amazøn.com>

With some shading of one purpose merging into the other, typosquatting runs the gamut from malicious to mischievous. The Panel in Amazon Technologies, Inc. v. Carolina Rodrigues / Fundacion Comercio Electronico, FA1811001819070 (Forum December 27, 2018) describes typosquatting as “a practice whereby a domain name registrant deliberately introduces typographical errors or misspellings into a trademark and then uses the resulting string in a domain name hoping that internet users will either: 1) inadvertently type the malformed string when searching for products or services related to the domain name’s target trademark; and/or 2) in viewing the domain name will confuse the domain name with its target trademark” (emphasis added).

The Amazon Panel could also have said it is not just “internet users” who are deceived, since typosquatting domain names are also used to conceal abusive conduct through emails, for a malicious or criminal purpose. In one respect typosquatting is more devious than plain vanilla cybersquatting (which openly mimics marks) because registrants are using variations to deceive those who accept their authenticity; although to the alerted, these kinds of variations also raise suspicion of actual knowledge of the targeted mark. When respondents default the inference of actual knowledge is heightened to a finding of abusive registration, regardless whether the domain name is passively held or resolves to an active website.

Spoofing and phishing typographic registrations are illustrated in Shipco Transport Inc. v. WhoIsGuard, Inc. / Joel Kelvin, D2018-2374 (WIPO December 13, 2018) (<shiippco.com> (double “i”) and Robert Half International Inc. v. Dean Sapp, FA1811001816127 (Forum December 20, 2018) (<roberthaflegal.com> (omit “t”).

In Shipco, the Complainant “provided unchallenged evidence” the domain name was created to be deceptive with criminal intent. Crafted to spoof. It involved intercepting

an exchange of email correspondence between a member of the Complainant’s group of companies, Shipco Transport Vietnam Limited, and one of its customers in São Paulo, Brazil. The third party then, using the above email addresses, sent emails to the customer, impersonating Shipco Transport Vietnam Limited and managed to divert payment to the third party’s bank account.

In Robert Half it was phishing rather than spoofing:

Complainant alleges Respondent attempts to impersonate Complainant as part of an email phishing scheme, presumably for commercial gain” and “provide[d] a copy of the phishing email that was sent out by Respondent. The Panel finds this is evidence that Respondent registered and uses the disputed domain name in bad faith.

The ploy is simple. Respondents rely on email recipients’ inattention to the typo mistakes in the domain name addresses and respond as though the imposters were the mark owners. A variant of the typographic change, in the malicious bucket, is illustrated in Teleflex Incorporated v. Carolina Rodrigues / Fundacion Comercio Electronico, FA1811001818748 (Forum December 28, 2018) (<teleflexbenefit.com>. The challenged domain name incorporates Complainant’s mark but instead of the typographic change being in the mark it appears in the domain name. Complainant’s official domain name in <teleflexbenefits.com>. Although the domain name resolves to a website (rather than passively held) it can as easily be used as an email to deceive employees to disclose private information.

In two recent other cases, registrants introduced an unexpected variation to the typosquatting pallet, combining letters on the left and right hand sides of the Qwerty keyboard, A Medium Corporation v. Marat Mukhamet, D2018-1860 (WIPO October 8, 2018) (<mediurn.com> and Merial v. VisaPrint Technologies c/o Vistaprint North American Services Corp., D2018-2157 (WIPO November 11, 2018) (<rnerial.com>). Respondents combined “r” and “n” to create the impression of the final “m” in the first and the initial “m” in the second.

In Merial, the Panel held

Although it would be “most improbable that anyone would type ‘r’ followed by ‘n’ when intending to type ‘m’, given the positions of these letters on a keyboard” nevertheless “a URL or Internet domain name containing the disputed domain name ‘rnerial.com’ would be easily confused for the letters <merial.com>.”

The more usual typographic variation, though, and the majority of typosquatting disputes involve doubling or omitting letters and transposing vowels and consonants. If we were to ask for what purpose the variations are registered, we would have to say they are exploitative in intent. Even if not malicious or passively held they are injurious for simply having the potential of deception.

The majority of those I’m calling mischievous (this is also true of plain vanilla cybersquatters) are doing nothing but occupying locations in cyberspace (literally, squatters). Even if not overtly exploitative they are nevertheless intentionally infringing third party rights. In the Amazon case, “Respondent uses the at-issue domain name to address a website displaying competing click-through links.” That factor alone is sufficient for forfeiture. (The Panel noted that Complainant did not specifically argue typosquatting. Respondent swapped the “o” in AMAZON for the Unicharacter “ø”).

But the consensus is clear that typosquatting as the primary factor is sufficient where respondents passively hold domain names, unless proved otherwise. In Solar Turbines Incorporated v. Records Docs, FA1811001815222 (Forum December 7, 2018) (, omitting an “r” of Solar) the Panel held that “[a]ctual knowledge by a respondent of a complainant’s mark is evidence of bad faith per Policy ¶ 4(a)(iii).” Inference of actual knowledge (as I noted above) is drawn from the factual circumstances which includes the strength of the mark and the likelihood of confusion. Here, the Panel continued:

[T]he close and obvious misspelling of Complainant’s SOLAR TURBINES mark in the <solaturbines.com> domain name as well as Complainant’s long-term prior use of the mark shows that Respondent had actual knowledge of Complainant’s rights in the mark.

Other factors contributing to or supporting inferences of bad faith include multiple, adjudicated infringements. In <citizens1loans.com> Complainant alleged that respondent “has been involved in at least eighty-six (86) prior UDRP cases which have resulted in the transfer of domain names to named complainants.”

Citizens Financial Group, Inc. v. ZHICHAO YANG

, FA181100 1817275 (Forum January 1, 2019) (<citizens1loans.com>).

While adding, omitting, transposing, and substituting letters and words are the obvious examples of bad faith, a variant less obvious is replacing one dictionary word for another. In TD Ameritrade IP Company, Inc. v. Domain Admin / Whois Privacy Corp., FA181000 1814302 (Forum November 28, 2018) the difference is between “advisor” (as in ADVISOR CLIENT} and “adviser” (as in <adviser client.com>). Depending on the facts and explanations for close proximity of meaning, it could be argued that “adviser client” (registered in 2004 and renewed in 2018) is no less distinctive than ADVISOR CLIENT and could have been lawfully registered and used.

However, Respondent did not appear. This triggers the inference of abusive registration. Although in this case, the Panel did not rely simply on the difference between an “e” and an “o” but invoked bad faith use (the content factor) for the final nail:

Respondent’s bad faith is further indicated by its use of the domain to link to third-party, competing websites in an attempt to gain commercially by creating a likelihood of confusion with Complainant’s marks as to the source, sponsorship, affiliation, or endorsement of Respondent’s website.

Nevertheless, this case and its outcome highlights the penalty of default and raises the intriguing possibility that there could have been an explanation that would have rebutted the claim of abusive registration. (A similar possibility for an explanation of good faith arose in the forfeiture of <imi.com>, an award which is presently being challenged in federal court under the Anticybersquatting Consumer Protection Act).

Not all typographic mistakes that rights holders claim as abusive registrations are what they believe them to be. Some domain name holders specialize in misspelling dictionary words. Two examples are <natiional.com>, Vanguard Trademark Holdings USA LLC v. Administrator, Domain / Vertical Axis, Inc., FA110400 1383694 (Forum May 31, 2011) and <cedit.com> (intended misspelling of “credit”,

Florim Ceramiche S.p.A. v. Domain Hostmaster, Customer ID: 24391572426632, Whois Privacy Services Pty LTD / Domain Administrato, Vertical Axis Inc.,

D2015-2085 (WIPO February 11, 2016).

In Vanguard Trademark Holdings, Complainant alleges that <natiional.com> is cybersquatting NATIONAL CAR RENTAL. The Panel disagreed: “[A] respondent is free to register a domain name consisting of misspelling of common terms where there is little or no other evidence of the elements of ‘bad faith.’” The Panel held:

The word “national” is common and generic, and therefore, Complainant does not have an exclusive monopoly on the term on the Internet. It, therefore, has no exclusive right to a misspelling, “natiional.”

In Florim Ceramiche, the Panel held that

The Respondent indeed appears to have registered hundreds of generic dictionary term domain names and numerous domain names incorporating typographical variations of English dictionary words. To substantiate its claim, the Respondent has listed in its Response 20 domain names incorporating the term “credit” and 10 domain names incorporating typographical variations of dictionary words.

In all cybersquatting disputes, the appearance of bad faith must be tested against facts that establish the actuality of abusive registration. If there is no persuasive targeting of complainant’s mark the claim must fail. Credibility is more obviously a factor for respondent; it must explain its choice. In Florim Ceramiche, for example, Respondent showed that it held numerous misspellings in its portfolio; in Medium, Respondent failed to explain its misspelling. As a general rule, the stronger the mark the likelier the domain name is intentionally targeting it even if knowledge of the mark is denied. As marks descend the classification scale, the likelier the registration is lawful, with this proviso that even with weak marks it cannot be ruled out that allegations of typosquatting come with a strong tailwind of plausibility and are likely to favor complainant. This is because seemingly miss-typed words suggest actual knowledge of the mark and unless persuasively rebutted the domain names will be canceled or transferred to the complainant. As with cybersquatting, where there is no persuasive use for the domain name that would not be infringing then the ineluctable conclusion is the registrant’s purpose is to deceive.