Proofpoint: Facebook, stop taking our domains away!

ZDNet's Catalin Cimpanu provides an overview of how internet security company Proofpoint is suing Facebook, looking to stop Facebook from using UDRP (Uniform Domain-Name Dispute-Resolution) requests to wrest away certain Proofpoint-owned domain names being used for phishing-related security testing. Context and background suggest that Facebook is doing this because they are not happy that the domain names in question purport to contain or sort of look like Facebook domains and trademarks.

I'm torn on this one, I really am. On the one hand, a company should have the ability to prevent misuse of their domain names and trademarks, and I think that should extend to cover "lookalike" or "cousin" domains potentially being used by other parties. There needs to be a way for Facebook to go after people doing bad things while pretending to be Facebook.

On the other hand, to me this sounds like Facebook getting mad about what the good guys do -- using domains like these for tracking bad guys or protecting their own (or customers') systems and networks. Spamtrap domains are perhaps similar. Typo variations of ISP domains are commonly used as spamtraps -- they catch spam and identify questionable actors -- senders with poor list hygiene, and those acting with nefarious intent, sending malware or phishing messages. I myself own a number of spamtrap domains like this, and I know lots of other people, groups and companies that do the same. The emails these domains capture are valuable to the good guys. I can't think of any other examples where a trademark or brand owner has hassled somebody who owns a typo, lookalike or cousin domain related to that brand. 

What's a bit different here is that Proofpoint is using these domains as sender domains or destination domains (think "click domains") for fake phishing emails, testing users to help with phishing awareness. That muddies the water a bit as they're originating traffic with those domain names, as opposed to just passively accepting traffic to those domains.

Should this even be in court? If Proofpoint wins, it perhaps undermines a company's ability to go after bad guys registering lookalike domains trying to rip off a brand. If Facebook wins, it perhaps undermines security researchers' ability to (safely and harmlessly) emulate what criminal gangs are already doing, except instead of harm they're using it for desirable end user education. Neither possibility seems like a desirable outcome.

(H/T: Slashdot)



  1. Hmmmm... I'd be curious to know how many domains we are talking about... Facebook should help 'fight the good fight' and allow proofpoint to keep at least a handfull of look-alike domains to help catch adversaries/bad actors. We should all be in this together.

    -Amanda DeLuke


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.