# CDRP funny business



## rlm__ (Jan 12, 2021)

Every once in a while, I'll read up on CDRP decisions. Check out this one:

https://www.cira.ca/sites/default/files/cdrp/report/dressbarn.ca__0.PDF

Supposed facts listed by the arbitrator/service provider in the beginning of the decision are:

3.  The Domain Name at issue is dressbarn.ca (the “Domain Name”).
4.  The Registrar of the Domain Name is Go Daddy Domains Canada, Inc.
5.  The Domain Name was created on August 26, 2005. 
6.  The registration of the Domain Name lapsed on August 26, 2013.
7.  The Registrant registered the Domain Name on or after August 26, 2013.

This says that the domain lapsed, supposedly meaning that it expired on Aug 26, 2013, and was re-registered by the registrant on or after that same date.

However, whois says that domain was registered on 2005-08-26, 8 years prior, and to the day - which matches the date the complainant said they originally registered it.

My records don't show the domain ever being picked up in TBR from 2006 onward, however, my records don't go back that far in 2005.  I also don't have a complete listing of all expiring domains from that time-frame, just the domains that were re-registered.

So, what is quite curious is, how the hell does this scenario happen where a domain is claimed to have expired and been re-registered, but then magically has a current registration date pre-dating the supposed expiry & re-registration dates??

I can only see a few explanations:

1. The domain expired, but rather than letting the domain go to TBR, the registrar kept it for themselves.

2. The domain expired, but the registrar sold/pushed/transferred the domain to the new registrant rather than letting the domain go to TBR.

3. The domain expiry facts presented in the case are fabricated and the complainant _never_ owned the domain to begin with, explaining why the registration date never changed.

4. The facts presented in the case were accurate, but when transferring the domain to the complainant, CIRA strangely felt the need to backdate the domain to the original registration date, even though there would be no real need to do so.

I would hope it wouldn't be #1 or #2, because that would show impropriety at the Registrar level. I would hope it wouldn't be #3 because then someone was outright lying and an arbitrator couldn't be bothered to verify basic facts and simply accepted what the complainant said.  I would hope it wouldn't be #4 because CIRA arbitrarily changing a registration date for a registrant would seem to also be an impropriety.

Unfortunately the registrant didn't file a response - otherwise there might have been some additional explanation there...

Anyone else have a different theory?  Anyone seen this kinda thing happen before?  Anyone want to guess as to which theory is correct?


----------



## DomainRecap (Jan 12, 2021)

None of that makes any sense at all, especially as Archive.org has no record of the domain being used prior to 2012, and the registrant is a US resident (whose address is for a Raymour & Flanigan Furniture store). I wonder if the complainant actually provided any verified proof of Ascena registering and owning the domain in 2005, as well as operating a business presence on it since 2005., or the panelist just "took their word for it". 

So either Dress Barn Online is playing with the registration facts (as they bought the rights off a 3rd party) or GoDaddy kept the domain and set it up as a shell registrant in the US. 

Then again, Mr Supriyo Malaker has quite a UDRP/CDRP history and it's very possible he is just a shell identity for a GoDaddy .CA warehousing system... like if a registrar was to use old European ladies (with Canadian citizenship) to pose as "business owners" for CDRP complaints.


----------



## Esdiel (Jan 12, 2021)

rlm said:
			
		

> 1. The domain expired, but rather than letting the domain go to TBR, the registrar kept it for themselves.
> 
> 2. The domain expired, but the registrar sold/pushed/transferred the domain to the new registrant rather than letting the domain go to TBR.




It doesn't quite solve the mystery, but I've had something like the above happen to me in March 2020. The domain was in its expiry period when it was transferred to (what appears to be) an employee/administrator of the registrar. 


More specifically: 

1. I let an LLL fall into expired status, but still had plenty of time to renew/redeem so I didn't think much of it. I had acquired the domain the year before via TBR.

2. The day the domain fell into redemption period I got an email from CIRA congratulating me for redeeming my domain... even though I didn't redeem it myself. [edit/correction: the domain was actually redeemed on the very last day of the redemption period, just before it was supposed to go to TBR]

3. I then got an email saying the domain was transferred, and another email informing me the contact info had been updated. 

4. The email regarding the contact info update didn't show a name for the registrant (it was just blank), but the admin contact showing was that of an employee at the registrar. I can only assume it was the employee who took it, and they renewed the domain for 5 years in advance.

-----

I almost forgot about this incident until reading your post. And now that I looked into it even further, I notice that the day I won the domain (via TBR in 2019), I got the usual email from CIRA confirming my contact info had accurately been updated... HOWEVER, I also see I got a second email just after informing me that the admin contact had been updated to include the name of the employee in question.

Not sure if any of this helpful but I'm still confused about this one. I'm "guessing" this scenario was only possible because the employee somehow ended up as the admin contact for my domain, and "maybe" I'm partly to blame for not noticing, but I never put that person's info in there as the admin contact. And the fact this person renewed the domain for 5 years in advance leads me to believe this was all quite deliberate and not just some sort of glitch or mistake.


----------



## rlm__ (Jan 12, 2021)

Esdiel said:
			
		

> It doesn't quite solve the mystery, but I've had something like the above happen to me in March 2020. The domain was in its expiry period when it was transferred to (what appears to be) an employee/administrator of the registrar.



Yikes.  I'd think you got scammed by your registrar.  Do you want to identify the registrar or is it pretty obvious to everyone who this probably was?

If I were you I would've definitely been on the phone with CIRA as soon as that happened asking for an explanation and filing a complaint.  CDRP is for complaints against another registrant.  Since this would've been a complaint about a registrar, I'd have gone directly to CIRA and raised hell.   Not because you even cared about the domain, but because of the principle of it all.  I'm pretty sure CIRA doesn't allow hijacking a client's domain under any circumstances, otherwise they'd all be auctioning off expired domains before they hit TBR.

If you want some answers, I have a contact at CIRA.


----------



## domains (Jan 12, 2021)

I agree that is poor practice, even if you were about to drop the domain.  It's a slippery slope.


----------



## rlm__ (Jan 12, 2021)

DomainRecap said:
			
		

> ike if a registrar was to use old European ladies (with Canadian citizenship) to pose as "business owners" for CDRP complaints.



LOL. Probably the same registrar as in [notify]Esdiel[/notify]'s story.


----------



## Esdiel (Jan 12, 2021)

rlm said:
			
		

> Yikes.  I'd think you got scammed by your registrar.  Do you want to identify the registrar or is it pretty obvious to everyone who this probably was?



I think so too. They either thought I wouldn't notice or my account got hacked (which seems less likely). 

It might be somewhat obvious but probably not your first guess. I don't mind identifying them privately but rather not put them on blast publicly in case it wasn't their fault somehow. I've never had any problems with them besides this incident and still use them today. 



			
				rlm said:
			
		

> I'd have gone directly to CIRA and raised hell. Not because you even cared about the domain, but because of the principle of it all.



This is how I'm starting to feel now that I've looked into it some more. I was first confused by the emails so I left them in my inbox to come back to later, and then forgot about it. It obviously never lit a fire under my ass but someone essentially stole this domain from me considering I still had 30 days left to redeem it. It's not like they knew whether I intended on keeping it or not.



			
				rlm said:
			
		

> If you want some answers, I have a contact at CIRA.



Thanks. I will be in touch.


----------



## Esdiel (Jan 13, 2021)

Esdiel said:
			
		

> ... someone essentially stole this domain from me considering I still had 30 days left to redeem it. It's not like they knew whether I intended on keeping it or not.



*CORRECTION:*

I did make one mistake on the facts, although it's somewhat trivial to the main issue. 

The domain was actually redeemed and transferred on the very last day it was possible. Therefore, I probably only had a few hours left to redeem it, and not 30 days. 

It still doesn't change the fact the domain was taken/transferred just hours before it was supposed to be lined up for TBR, but it makes me a little less concerned about it all... even if something fishy still took place.


----------



## DomainRecap (Jan 13, 2021)

So you were yet another victim of...


----------



## DomainTrader (Jan 17, 2021)

DomainRecap said:
			
		

> So you were yet another victim of...




LOL


----------

